Microsoft: Rootkit infection requires Windows reinstall
Microsoft announced today that a new root-kit causes so much havoc by bury’s itself deep into the computer’s boot sector, that infected users will be forced to perform a re-install of the operating system to fix the problem.
This Trojan, called “Popureb”, digs deeply into the system’s boot sector. The only way to get rid of it is to return Windows to its out of the box configuration. According to Microsoft’s Malware Protection Center, “If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state.” For those that are not familiar with the recovery disk, it allows a user to return Windows to its factory settings.
Popureb overwrites the hard drive’s master boot record (MBR). Since the Trojan hides on the MBR, the rootkit is pretty much invisible to both the operating system and any security software. The Trojan detects write operations aimed at the master boot record, and switches any write operation to a read operation. New data is never written to the disk.
Further reading: Microsoft, Security, Windows
If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state (as sometimes restoring a system may not restore the MBR). To fix the MBR, we advise that you use the System Recovery Console, which supports a command called "fixmbr".
To find out how to use your system’s recovery options, refer to the following articles:
- For Windows XP: Installing and using the Recovery Console in Windows XP
- For Windows Vista: System Recovery Options in Windows Vista
- For Windows 7: System Recovery Options in Windows 7