When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft clarifies itself on removal of Win32/Popureb.E

News Reporter Neowin · · Hot! with 26 comments

Microsoft clarified the advice it gave regarding a new rootkit that buries itself in a hard drive's boot sector. Microsoft originally said that the only way to remove the rootkit was to use a recovery disc. The Microsoft Malware Protection Center (MMPC) highlighted the Trojan, dubbed Popureb. According to Network World, this meant restoring Windows to factory settings. That recommendation was similar to what Microsoft gave a year ago, when another rootkit buried itself in the Master Boot Record (MBR). On Wednesday, MMPC engineer Chun Feng clarified Microsoft's advice. "If your system is infected with Trojan:Win32/Popureb.E, we advise fixing the MBR using the Windows Recovery Console to return the MBR to a clean state," Feng wrote on a blog. Feng provided links to instructions on how to use the Recovery Console.

Rootkits like Popureb are hard to detect and delete because it overwrites the hard drive's MBR. MBR rootkit malware is among the most advanced of all threats. "Reinstalling is definitely overkill for this malware problem," said Vikram Thakur, principal security response manager with Symantec. "It can be resolved simply by fixing the MBR via an external disk." Symantec offers users a tool to help fix the MBR. Named "Norton Bootable Discovery Tool," the free download creates a boot disc for starting up the PC without accessing the hard drive. The tool downloads malware signatures and cleans the MBR.

Joe Stewart, director of malware research at Dell SecureWorks, says different. "Once you're infected, the best advice is to reinstall Windows and start over," said Stewart. "MBR rootkits download any number of other malware. How much of that are you going to catch? This puts the user in a tough position."

"Microsoft recommends that customers whose systems are infected with Trojan:Win32/Popureb.E, contact Microsoft PCSafety, who can help them identify and remove malware from their systems," said Jerry Bryant, general manager of Microsoft's Trustworthy Computing group. The number for the PCSafety line in the United States is 866-727-2338.

Report a problem with article
Next Article

Rumor: Microsoft phasing out Windows Phone MVP program?

Previous Article

Google makes available new Gmail look, calendar coming soon

Join the conversation!

Login or Sign Up to read and post a comment.

26 Comments - Add comment