loading

Warning, a new and nasty root kit going around


Be sure to make your backups, Microsoft says the only way to fix this one is a reinstall.

http://www.computerworld.com/s/article/9217953/Rootkit_infection_requires_Windows_reinstall_says_Microsoft?source=CTWNLE_nlt_pm_2011-06-27

However there is a lot of discussion and some say its fixable. Either way its another pain.

sort by: active | newest | oldest
1-10 of 19Next »
lemonie5 years ago

If you're going to use lines like "Microsoft says", you need to post a link to that.
Otherwise it sounds like one of these junk e-mails that you have to tell everyone about because (someone) says it's the worst thing ever...
Doom laden things like "only way to fix this one is a reinstall" are classic junk-mail "make sure you forward this to everyone" type-stuff.

L
Vyger (author)  lemonie5 years ago
I did
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Popureb.E
lemonie Vyger5 years ago

Microsoft is not saying "the only way to fix this one is a reinstall" on that page.

L
No, but they are is essentially saying that (well, recovery from a recovery CD with the warning that a reinstall may be necessary - long story short, you will probably need to lose your current system and reload an earlier version, whether that means from the OS discs or a recovery backup) on this page: (http://blogs.technet.com/b/mmpc/archive/2011/06/22/don-t-write-it-read-it-instead.aspx)

That's an interesting bit of technical, thanks.
Again, Microsoft is not saying "the only way to fix this one is a reinstall" on that page, but I'm left thinking that it wouldn't fix the MBR anyway, unless the boot-device was repartitioned in the process?

L
Yeah, it is a bit of hyperbole to say reinstallation is inevitable.

Fixing the mbr is indeed separate from the recovery/reinstall. It's something you do when you boot from the recovery CD - the recovery environment allows you to use fixmbr from the command line. However, I'd have to reread the article to remember if you have to fix the mbr either way, or if you only have to do that if the plain old system recovery from CD didn't work.

I've seen plenty of warnings like this over the last 15 years, including the parodies...

L
Kiteman5 years ago
What's the most common way of catching this?

Will Norton keep you safe?
"Will Norton keep you safe?"



*wipes tears from eyes* Tell another!
So... what do you recommend to avoid/prevent this trojan?
1-10 of 19Next »