The new MBR rootkit can be very hard to detect and removal is a manual process. MBR removal instructions are below:
1. Locate you windows xp or vista bootable operating system cd/dvd.
2. Boot your to the CD/DVD
3. Choose to load the recovery console (for xp) or the repair tools for vista.
4. In the recovery console type fixmbr
5. The fixmbr command will write a new boot sector and erase the rootkit.
6. Reboot your PC and download and install the latest version of MalwareBytes Anti-Malware.
{ 3 comments… read them below or add one }
I have done all the required procedure to remove BOO/Sinowal.a.
The procedures .
> logged using the installation disk.
> in the recovery console I entered to the adminstration
> then I just typed fixmbr
> it showed that it has changed the mbr.
but still the problem persists. Everything else in my system is working o.k .
I have tried to remove this one with Combofix, System cleaner and also Malware Bytes registered version.
In other words: their proposed “solution” does not work, and they don’t care.
Good to know what NOT to do.
after completing this process, boot into safe mode with command prompt
then in command prompt type “control”
when control panel opens
at the top select computer
go to your program files
and run malware bytes
this should find and delete all the malware files still left on the system
then reboot and see how much of a computer you have left