Posted on 06/27/2011 10:21:23 PM PDT by Gomez
Microsoft is telling Windows users that they'll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine's boot sector.
A new variant of a Trojan Microsoft calls "Popureb" digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration, Chun Feng, an engineer with the Microsoft Malware Protection Center (MMPC), said last week on the group's blog.
"If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state," said Feng.
A recovery disc returns Windows to its factory settings.
(Excerpt) Read more at computerworld.com ...
ping
Get a Mac and never look back!
Go Linux and never look back for free!
I may have had this. A google search on popureb shows an MS site which says it “displays advertisments”. That was my problem, plus of course I couldn’t get rid of it. After various consultations, I installed Norton Antivirus from a purchased CDROM, which seemed to get rid of it. I’ve been running for some time now without being bothered. The Norton software impressed me as some serious s**t. It didn’t just do a sweep, but asked if you still had a problem and escalated. It even had explicitly designated anti-Rootkit software, which I invoked. Well, who knows, but as I say, it certainly seems to have worked.
From the comments.. You do not need to reformat.
This article needs to be corrected. The source does NOT say you have to reinstall Windows. Here is how to recover from it. This will not force you to reinstall Windows.
“If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state (as sometimes restoring a system may not restore the MBR). To fix the MBR, we advise that you use the System Recovery Console, which supports a command called “fixmbr”.”
Since about 2005, Norton has gone from a must have program to probably the most common virus on computers today, IMHO. It constantly surprises people how much of their awesome multicore computer was occupied just to make Norton happy. I get done uninstalling it (in some cases an hour long process), and they’re frankly shocked at how fast their computer operates now.
Avira is one of my favorite replacements, as it’s very light weight and is frequently updated, though the propensity to put up pop ups of it’s own once per day is also pretty annoying... Buy it, of course, and those popups go away.
Another reasonably lightweight and quickly updated anti-virus program is Microsoft Security Essentials, which I really think is a must have for small businesses. Up to ten stations can be installed (assuming they’re all properly licensed Windows machines) and it’s pretty transparent to the average user. Both pieces of software are free, and both prevent this rootkit infection.
>At the time, Microsoft’s advice was similar to what Feng is now offering for Popureb.
“If customers cannot confirm removal of the Alureon rootkit using their chosen anti-virus/anti-malware software, the most secure recommendation is for the owner of the system to back up important files and completely restore the system from a cleanly formatted disk,” said Mike Reavey, director of the Microsoft Security Response Center (MSRC), in February 2010.<
*
pFFFT. I solved the Alureon rootkit without re-booting. What do I know. I consulted for Kaspersky and an Avast “Evangelist”. Relying on your anti-virus software alone and Malwarebytes isn’t enough.
I actually witnessed a rootkit take down the Pro version of Malwarebytes. Now that’s scary.
I found this for free and downloaded it, but it was ineffective against whatever horrible infection I had. To install Norton, I had to uninstall PCcillin(?) but I managed to do it, somewhat to my surprise. I don't think realtime hogs are due to (legitimate) security software, but due to whatever they have failed to detect and supress or remove. Your mileage may vary.
Yeah I was thinking how many virus programs were written just to exploit Norton itself. Its also a terrible resource hog.
Unrelated to your post - Mac’s are mostly used by liberals who feel good about overpriced crap. I do mean crap. The only reason you don’t hear more about Mac virus infections is a lack of user volume. Write a virus for a few or the many? These days mac’s are just pc’s with mac os and frankly its not that impressive. Suse (or insert any you wish) linux is better and as pointed out free and there are much fewer virus problems than even mac has.
I have had very good luck with Webroot for several years now. I have the Spy Sweeper with AV, as well as WindowWasher which I run at the end of the day. Do you have an opinion on Webroot?
I can have a computer 10X better than a Mac for $300. The same Mac would cost me $3,000 and I'd be stuck with crap-Mac products "cloud" nonsense.
"cloud" you mean networking? But wait, you get to keep all my data in your freaking "cloud".... why dont I just use and f*ing homenetork with free permissions?
"cloud" and Mac in general are for dolts and their money quickly departed.
So if this rootkit infection hides from your security programs, how do you know if you are infected?
I use several programs with heuristic scanning that is supposed to prevent any changes and my scans always come up clean.
MBR and Recovery do not require reinstallation. Typical overhyped nonsense.
“..and I’d be stuck with crap-Mac products “cloud” nonsense.” You are correct but be warned MS wants the PC to go “cloud” too.
I like the ads better than the mags but I’d rather have a new CDW catalog anyday.
Simply use FREE Kapsersky TDS
http://support.kaspersky.com/viruses/solutions?qid=208280684
Step one: stop the virus using rkil. its FREE
http://www.bleepingcomputer.com/download/anti-virus/rkill
You can rename name to other than rkill in case the virus looks for rkill and does not allow its being run. Save it as suzie for example
Step two:The run Kasperksy Root Kill Remover
Step three: Then run MalwareBytes - Costs money but works 100%.
Don't ever pay the scammers for the "Cure", they will take your money and Credit Card data.
No need to ever reinstall your OS.
Maybe you need to do the steps in Safe Mode (f-8) as PC boots , but not always.
They have some decent ads but then you wind up asking yourself “why is a reputable firm advertising in this bloody rag?” So, you wind up double checking the CDW catalog or NewEgg anyway...
It is a handy tool for salesmen to keep up with relevent conversation with clients, but who buys from those guys. The only time I look at them is in the “private study” while I take care of business. I read the ads and that’s if I finished the model railroad magazine, CDW mailer, and Frye Electronics ads already.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.