Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


MBR Rootkits

  • Please log in to reply
No replies to this topic

#1 jimmy6951


  • Members
  • 1 posts
  • Local time:04:27 PM

Posted 24 June 2011 - 11:33 PM

In my recent work on two of my friend's computers, they were BOTH infected with MBR rootkits. After running Combofix on both of them, it did remove the spawn of the rootkit, BUT, until I rebooted, expecting a clean computer, and then seeing the rootkit come back, then I realized that I hadn't actually killed the rootkit. I immediately booted back into recovery and typed a fixmbr. that's when I saw the evidence that the rootkit was still in the MBR. I got a caution that the MBR was non-standard or invalid. Once I rewrote the MBR, it killed the rootkit. I just wanted to share this, since my google's never hinted about this at all. jimmy

Edit: Moved topic from Introductions to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users