Enjoy Trojan:Win32/Popureb.E

[Deleted member 178]

You said that using a backup software dont worth the investment? read it :

"The bootkit malware Trojan:Win32/Popureb.E has made some changes in its code compared to previous samples (specifically, Trojan:Win32/Popureb.B), and now it introduces a driver component to prevent the malicious MBR and other malicious data stored as disk sectors from being changed. The driver component protects the data in an unusual way – by hooking the DriverStartIo routine in a hard disk port driver (for example, atapi.sys). The following steps describe the trick..."

http://blogs.technet.com/b/mmpc/archive/2011/06/22/don-t-write-it-read-it-instead.aspx

Changed your mind? ^^

 

[Jack]

Several well-known tech sites,stated that the removal of Trojan:Win32/Popureb.E requires complete reinstallation of Windows (and formatting the infected hard drive), however there are simpler and more effective ways to remove this infection.

How to remove Trojan:Win32/Popureb.E ;

1. Fix the Master boot record (MBR)
   • In Windows XP, boot to Recovery Console and run command named fixmbr
   • In Windows Vista, boot to Repair your computer options, click Command Prompt and run command named fixmbr
   • In Windows 7, boot to Repair your computer options from the installation DVD, click Command Prompt and run command named fixmbr
2. After using the fixmbr command, reboot your computer and start it from a bootable repair CD, such as Microsoft Safety Scanner or Kaspersky Rescue Disk.
   Follow instructions to perform a full scan.

The article was written on 22 Jun 2011 at 8:46 AM , so by now all the major vendors have analyzed and updated their database so this Trojan:Win32/Popureb.E should be well detected.
Like always prevention is always better than removal so a well build security config will manage to stop this threat and the ones that will follow.

You said that using a backup software dont worth the investment?

Their are a few good free backup software, like Paragon and Windows 7 Backup so if a user doesn't have the money to buy fancy third-party utilities like Acronis True Image and Macrium Reflect , the free ones are very good also.

 

[Deleted member 178]

i meant buying a EHDD too ^^

 

[jamescv7]

That's really nasty. good there is a solution for fixing MBR.

 

[win7holic]

Microsoft clarifies itself on removal of Win32/Popureb.E

Microsoft clarified the advice it gave regarding a new rootkit that buries itself in a hard drive's boot sector. Microsoft originally said that the only way to remove the rootkit was to use a recovery disc. The Microsoft Malware Protection Center (MMPC) highlighted the Trojan, dubbed Popureb. According to Network World, this meant restoring Windows to factory settings. That recommendation was similar to what Microsoft gave a year ago, when another rootkit buried itself in the Master Boot Record (MBR). On Wednesday, MMPC engineer Chun Feng clarified Microsoft's advice. "If your system is infected with Trojan:Win32/Popureb.E, we advise fixing the MBR using the Windows Recovery Console to return the MBR to a clean state," Feng wrote on a blog. Feng provided links to instructions on how to use the Recovery Console.

Read more