Microsoft clarifies MBR rootkit removal advice.
Microsoft June 29 clarified the advice it gave users whose Windows PCs are infected with a new, sophisticated rootkit that buries itself on the hard drive’s boot sector.
Several security researchers agreed with Microsoft’s revisions, but a botnet expert doubted the advice guaranteed a clean PC. The week of June 20, the Microsoft Malware Protection Center (MMPC) highlighted a new Trojan, dubbed “Popureb,” and said the only way to eradicate the malware was to use a recovery disc. Because a recovery disc returns Windows to its factory settings, Microsoft was telling users they needed to reinstall Windows to completely clean an infected PC. An MMPC engineer clarified Microsoft’s advice June 29: “If your system is infected with Trojan:Win32/Popureb.E, we advise fixing the MBR using the Windows Recovery Console to return the MBR to a clean state,” he wrote. Once the MBR has been scrubbed, users can run antivirus software to scan the PC for additional malware for removal. However, the director of malware research at Dell SecureWorks, a wellknown botnet expert disagreed. He said reinstalling Windows was the only way to insure that MBR rootkits and the additional malware they install are completely removed.
Source: http://www.computerworld.com/s/article/9218062/Microsoft_clarifies_MBR_rootkit_r emoval_advice?taxonomyId=17&pageNumber=1