Software giant Microsoft has found a rootkit which is so nasty you will have to re-install your operating system to get rid of it.
The Trojan “Popureb” digs so deeply into the system that not even the finest Volish spinners can dig it out. The only way to deal with it is to return Windows to its out-of-the-box configuration,
Writing in the Microsoft Malware Protection Center bog, Chun Feng said that if your system does get infected with Trojan:Win32/Popureb.E, it advises you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state.
Apparently Popureb overwrites the hard drive’s master boot record (MBR), the first sector where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks. It is invisible to both the operating system and any security software.
According to Feng, Popureb detects write operations aimed at the master boot record and then MBR and swaps a write operation with a read operation.
It will mean that the operation will seem to work but the new data is not actually written to the disk. In other words, the cleaning process will have failed.
Vole has added a check for the Aluereon rootkit to all security updates so that when the malware is detected, the updates are not installed.