Microsoft clarifies MBR rootkit removal advice
"When you fix the MBR, you pretty much expose the threat itself to other applications, including antivirus applications," said Thakur. "They can then pick up on the threat, and delete it."
But an internationally-known botnet expert disagreed.
Joe Stewart, director of malware research at Dell SecureWorks, said that reinstalling Windows was the only way to insure that MBR rootkits and the additional malware they install are completely removed.
"Once you're infected, the best advice is to [reinstall] Windows and start over," said Stewart. "[MBR rootkits] download any number of other malware. How much of that are you going to catch? This puts the user in a tough position."
Marco Giuliani, the Webroot threat research analyst who published his own analysis of Popureb, cautioned that users may end up having to reinstall Windows after all.
"What is really a nightmare is that [Popureb] looks like it has bugs and sometimes it hangs the system during the reboot stage," Giuliani wrote on the Webroot blog. "This could become a problem that would require you to perform a full system reinstall."
In a follow-up statement today, Microsoft seemed to acknowledge that users could encounter problems with the MMPC advice, and may need to restore their PC from a recent backup.
"Microsoft recommends that customers whose systems are infected with Trojan:Win32/Popureb.E, contact Microsoft PCSafety, who can help them identify and remove malware from their systems," said Jerry Bryant, general manager of with Microsoft's Trustworthy Computing group, in an e-mailed statement. "While using the recovery console to address Master Boot Record (MBR) issues is not designed to affect personal files, we continue to recommend customers practice reasonable back-up processes."
PCSafety is a toll-free telephone support line that Microsoft operates for customers with malware-infection problems. The number in the U.S. is: 866-727-2338.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- QA Automation: Reducing Test Execution While Improving Coverage A leading capital investment firm in the US was in need of a comprehensive, cost effective and flexible solution to reduce their existing...
- Tablet, Laptop, or Desktop - Form (Factor) Follows Function Desktops, laptops, Ultrabooks, tablets, convertibles, and all-in-ones; suddenly hardware decisions seem a lot more complicated. To take advantage of these benefits, the savviest...
- The IT handbook for Windows 7 and Windows 8 migrations A comprehensive guide for IT departments making the switch from legacy versions of Microsoft Windows to Windows 7 and Windows 8. To date,...
- 7 Reasons Why Windows 8 is the Future Touch, cloud, BYOD and IT consumerization dominate the mindshare of IT managers. Windows 8 enters the scene with a host of features that...
- API Management: The Key to Improving the Consumer Travel Experience Join PhoCusWright's Senior Technology Analyst, Norm Rose, as he shares his insights on how travel suppliers and intermediaries can improve industry data flow...
- Tips to Simplify Database Administration and Development Make your job easier while getting the most from the leading productivity tool for database professionals. Learn tips from Dell Software's Oracle® ACE,... All Operating Systems White Papers | Webcasts