Solution for Popureb rootkit infection
Posted on 28.06.2011
Bootkits are kernel-mode rootkit variants that hide in the computer's master boot record (MBR) and are notoriously difficult to spot and, sometimes, to eradicate.

Microsoft has warned last week about a new variant of the "Popureb" Trojan that manages to prevent users from deleting the malicious MBR by replacing the disk write operation with a read operation.

The user believes the operation was a success, but the malicious code is still there.

"If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state (as sometimes restoring a system may not restore the MBR)," advised Microsoft's Chun Feng. "To fix the MBR, we advise that you use the System Recovery Console, which supports a command called 'fixmbr'".






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //