Microsoft clarifies MBR rootkit removal advice
"When you fix the MBR, you pretty much expose the threat itself to other applications, including antivirus applications," said Thakur. "They can then pick up on the threat, and delete it."
But an internationally-known botnet expert disagreed.
Joe Stewart, director of malware research at Dell SecureWorks, said that reinstalling Windows was the only way to insure that MBR rootkits and the additional malware they install are completely removed.
"Once you're infected, the best advice is to [reinstall] Windows and start over," said Stewart. "[MBR rootkits] download any number of other malware. How much of that are you going to catch? This puts the user in a tough position."
Marco Giuliani, the Webroot threat research analyst who published his own analysis of Popureb, cautioned that users may end up having to reinstall Windows after all.
"What is really a nightmare is that [Popureb] looks like it has bugs and sometimes it hangs the system during the reboot stage," Giuliani wrote on the Webroot blog. "This could become a problem that would require you to perform a full system reinstall."
In a follow-up statement today, Microsoft seemed to acknowledge that users could encounter problems with the MMPC advice, and may need to restore their PC from a recent backup.
"Microsoft recommends that customers whose systems are infected with Trojan:Win32/Popureb.E, contact Microsoft PCSafety, who can help them identify and remove malware from their systems," said Jerry Bryant, general manager of with Microsoft's Trustworthy Computing group, in an e-mailed statement. "While using the recovery console to address Master Boot Record (MBR) issues is not designed to affect personal files, we continue to recommend customers practice reasonable back-up processes."
PCSafety is a toll-free telephone support line that Microsoft operates for customers with malware-infection problems. The number in the U.S. is: 866-727-2338.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- Workload Change: The 70 Percent of Your Business DevOps Forgot Adding WLA early in the development process ensures that the benefits of DevOps accrue for all applications, including your batch services. This paper...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- QA Automation: Reducing Test Execution While Improving Coverage A leading capital investment firm in the US was in need of a comprehensive, cost effective and flexible solution to reduce their existing...
- Turning Insight Into Action: Social Media Intelligence The amount of data produced on social media is staggering - and so is the potential business value for enterprises that know what...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Protecting Critical SaaS Data Before It's Too Late In this webinar, you'll hear how to avoid SaaS data loss through best practices from a panel of experts. All Operating Systems White Papers | Webcasts