Total Members: 14197
Posted by: Samker
« on: 29. June 2011., 08:43:54 »
Microsoft is advising users to reinstall Windows if they happen to be unfortunate enough to get hit by a particularly vicious rootkit.
The Popureb Trojan sticks its tendrils so deep into the operating system that the best option is to
Drastic measures are needed because a new version of the malware includes a driver component designed to prevent a malicious Master Boot Record and other malicious data dropped by the Trojan from being removed.
"If your system does get infected with Popureb-E Trojan, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state (as sometimes restoring a system may not restore the MBR), advises Microsoft security response staffer Chun Feng in a blog post here: http://blogs.technet.com/b/mmpc/archive/2011/06/22/don-t-write-it-read-it-instead.aspx
"To fix the MBR, we advise that you use the System Recovery Console, which supports a command called 'fixmbr'."
Microsoft doesn't say so explicitly, but applying a Master Boot Record fix before using a recovery disc is going to strip infected systems of both installed applications and associated data. In those circumstances, you'd need to use computer forensics skills to get anything back, a calamitous situation that illustrates the need to regularly back up important data.
(ElReg)