Posted 18 December 2011 - 03:32 PM
I recently ran into a computer that had System Fix malware, but that may have let in some other nasties. The machine had a new style boot sector virus that I had not run into before. MalwareBytes found nothing, and neither did VIPRE Rescue or SuperAntispyware. I ran mbr.exe from gmer.net, and got the generic error when running about an I/O error when attempting to read the boot sector. This boot sector was infected heavily, but after clearing with fixboot & fixmbr, the system was done. The partition table must have been compromised/moved by the malware.
With this new, even nastier style bootkit, is there a standard procedure for removal? I know that hindsight is 20/20, but what could have I done differently? I ended up killing all the scrambled partition table data and formatting and re-installing.