Getting Rid of MBR Rootkit’s (bootkit)

Yo everyone, for the past 2 months I’ve been seeing a major increase in MBR (sector 0) rootkits a.k.a bootkits.  While these may sound scary (something on sector zero of your hard drive….oh no’s) they’re really pretty easy to get rid of.

Method 1 – Boot your computer from a Dr. Web Live CD and scan C: (or all your partitions).  The instant the scanner starts it will find the MBR Rootkit.  Choose yes to write a new signature.  That effectively destroys the MBR Rootkit.

Method 2 (Windows XP) – Boot your computer from the windows xp and choose to enter the recovery console.  Once you’re inside the recovery console issue the following command and press enter

FIXMBR

…then Reboot.

Method 2 (Windows 7 or Vista) – Boot your computer from the Windows 7 or Vista disc.  Choose to repair your computer.  Choose the Command Prompt option (near the bottom).  Enter the following command and press enter

Bootrec /FIXMBR

…then Reboot.

At this point your MBR rootkit should be toast.

Reboot your computer and run a scan with an updated Malwarebytes and whatever antivirus (I suggest Kaspersky Internet Security) quarantine and then remove whatever they find.

Lastly, here are 2 good articles from Microsoft concerning the recovery console and bootrec

http://support.microsoft.com/kb/927392 – Windows 7 and Vista Bootrec.exe Documentation

http://support.microsoft.com/kb/314058 – Windows XP Recover Console Documentation

, ,