The latest trend in virii is the use of MBR rootkits to settle themselves in the unused (hidden) sectors of your harddrive, safe from any formatting or reinstallation of Windows. They cannot be removed by an antivirus as the rootkit directly interacts with the kernel upon boot, long before any antivirus system drivers are being loaded. The rootkit does not patch actual files or drivers, but rather does this dynamically upon booting Windows. A complete format of your system would not get rid of the MBR as it is hosted in the first sectors of your hard drive and therefore survive a format of a single partition.
More information can be found here: http://www2.gmer.net/mbr/.
There's but one way to get truly rid of the thing, and that's by firing up a raw disk editor and clear out its sectors: restore the MBR to a previous one, and clean up certain sectors in the system.
While this is usually not an easy task, there's a much quicker way to simply prevent it from loading with your OS by restoring the MBR with a clean copy. This way, the malicious code still exist in other sectors, but they are no longer called through the MBR. For this to work, you need a restore disk or original installation disk of your Windows (either XP, Vista or 7). A disk for 7 can be used for Vista as well, but not for XP.
fixmbr fixboot
bootrec /FixMbr bootrec /FixBoot
« ‹ | December 2024 | › » | ||||
Sun | Mon | Tue | Wed | Thu | Fri | Sat |
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |