Rootkit Contamination Reparable With Windows Reinstall: Microsoft

One fresh rootkit attacking Windows computers is presently circulating online that to eliminate requires fixing MBR (master boot record), says Microsoft. EWeek.com reported this on June 28, 2011.

Importantly, rootkits are what cyber-attackers install for concealing subsequent malware like Trojans that steal banking passwords. Also, these malicious programs aren't anything new to Windows OS.

Remarking about the latest rootkit, Chun Feng Engineer at MMPC (Microsoft malware Protection Center) stated that a Trojan named 'Popureb' poisoned the MBR of the computer's hard drive so greatly that it could only be eliminated via running Windows Recovery Console for writing sectors afresh. EWeek.com published this.

Lately, authors of Popureb made the malware up-to-date using driver component, which ensures that the Trojan isn't modified with any external means, says Feng. Evidently, the component executes itself by using device driver's DriverStartIO routine. Feng adds that the driver element employs an unusual method for safeguarding data.

Furthermore, Feng observes that malicious software such as Popureb rewrites the MBR of hard drive. Notably, MRB is the foremost sector (sector 0) that stacks code for bootstrapping Windows OS following the PC's 'Basic Input Output System' (BIOS) performing its start-up examinations. As rootkits conceal themselves on MBR, they manage to remain out of sight to both security software as well as operating system. ComputerWorld.com reported this on June 27, 2011.

States Feng, Popureb spots write operations that target Master Boot Record, where the operations cleanse the MBR as well as other disk areas having an exploit, followed with changing the write act to a read act.

And while it'll seem that the operation turns out successful, in reality the disk doesn't get any fresh data written on it, meaning that the cleansing procedure fails.

Feng gave web-links to directions for fixing MBR on Windows 7, Vista and XP.

Remark specialists that though Microsoft does not specify it explicitly, applying a fix for MBR prior to utilizing a retrieval disc, will cleanse contaminated computers off both loaded software and data related to it. Thereafter, users require taking forensics experts' help for retrieving anything, something which suggests that vital data's back up should be maintained regularly.

Related article: Rootkits Can Be Detected And Eradicated

» SPAMfighter News - 7/7/2011