Microsoft has warned last week about a new variant of the "Popureb" Trojan that manages to prevent users from deleting the malicious MBR by replacing the disk write operation with a read operation.
The user believes the operation was a success, but the malicious code is still there.
"If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state (as sometimes restoring a system may not restore the MBR)," advised Microsoft's Chun Feng. "To fix the MBR, we advise that you use the System Recovery Console, which supports a command called 'fixmbr'".
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.