MS advises drastic measures to fight hellish Trojan
Kill it with fire!
Updated Microsoft is advising users to roll-back Windows if they happen to be unfortunate enough to get hit by a particularly vicious rootkit.
The Popureb Trojan sticks its tendrils so deep into the operating system that the best option is to
nuke from orbit return machines to their pre-infected state and change the Master Boot Record. Any files that aren't backed up will be lost in the process.
Drastic measures are needed because a new version of the malware includes a driver component designed to prevent a malicious Master Boot Record and other malicious data dropped by the Trojan from being removed.
"If your system does get infected with Popureb-E Trojan, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state (as sometimes restoring a system may not restore the MBR), advises Microsoft security response staffer Chun Feng in a blog post here.
"To fix the MBR, we advise that you use the System Recovery Console, which supports a command called 'fixmbr'."
Microsoft doesn't say so explicitly, but applying a Master Boot Record fix before using a recovery disc is going to strip infected systems of both installed applications and associated data. In those circumstances, you'd need to use computer forensics skills to get anything back, a calamitous situation that illustrates the need to regularly back up important data. ®
Microsoft has since updated its advisory to provide more detailed clean-up information. Separately Redmond has been in touch to say that, contrary to media reports of the problem, users won't need to re-install Windows.