Archive for June, 2011

Got the ‘Popureb’ rootkit/bootkit? Time to find your Windows recovery disc!

Monday, June 27th, 2011

Rootkit malware dig themselves deeply into an operating system, so deeply in fact that removing them can be a major pain in the rear. If you have a system infected with the Trojan:Win32/Popureb.E then Microsoft is now recommending that users find their Windows recovery disc and use than to fix the MBR (Master Boot Record):

If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state (as sometimes restoring a system may not restore the MBR). To fix the MBR, we advise that you use the System Recovery Console, which supports a command called "fixmbr".

Rootkits/bootkits are a major pain in the rear to remove, and because they burrow themselves so deeply into the OS, and also create such a massive security vulnerability, the best thing to do might be to either recover the system from a clean backup or wipe the system and reinstall.

It's the only way to be sure that the malware is all gone.

Here are instructions on how to fix the MBR for XP, Vista and 7.