Here the suggestion is to boot to a system repair disc or the equivalent thereof via system restore and run:
bootrec.exe /fixmbr
Don
That solution is easy, but can I get rid of the pest by running System Sweeper?
Will MSE or MSRT be updated to get rid of this guy?
It's a nasty rootkitYou can try it ... I don't know if it can get rid of that Trojan.
You could also try TDSSKiller How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?
Right now there are 2 AV's (known) that will get rid of it Popureb.E
See this post, Norton and Hitman Pro 3.5.9 – build 126, say they can get rid of it
Rootkit Infection Requires Windows Reinstall, Says Microsoft
Symantec's Vikram Thakur added, existing Symantec tools will fix the problem.
"We have found that it is not necessary to re image a machine in order to repair," Thakur wrote. "Symantec detects this threat and Norton customers can use Norton Bootable Recovery Tool (NBRT) to boot up and NBRT will clean their computers. The helps fix computers infected with threats that embed themselves deeply into the computer's operating system. It helps restore the computer to normal working order."
You can download NBRT here.
I don't have it. I'm seeking knowledge to prepare myself in case I need to remove from another person's computer.
Also to know what MS's plans are regarding removal other than the draconian approach they currently recommend which is unacceptable to ask Joe EverydayUser to perform.
To boot from my System Repair Disc and run bootrec /fixboot followed by bootrec /fixmbr is not much of a challenge for us, but for John Garagemechanic that can be a little much.
I took a look at a few articles this morn and from the looks of it, someone will probably come out with a removal tool specifically for this Virus.
According to this, they're offering the tool for free.Symantec offers users a tool to help fix the MBR. Named "Norton Bootable Discovery Tool," the free download creates a boot disc for starting up the PC without accessing the hard drive. The tool downloads malware signatures and cleans the MBR.
If these 2 AV's already have the capability to remove it, then MS should follow up with a removal tool of their own (so I would think)
However, there seems to be an argument going on as to whether this will actually clean the system 100%, hence MS's position on doing a re-install.
And then you have this lovely bit of info:Joe Stewart, director of malware research at Dell SecureWorks, says different. "Once you're infected, the best advice is to reinstall Windows and start over," said Stewart. "MBR rootkits download any number of other malware. How much of that are you going to catch? This puts the user in a tough position."
Guess we'll just have to wait and see how the dice fall on this...Marco Giuliani, the Webroot threat research analyst who published his own analysis of Popureb, cautioned that users may end up having to reinstall Windows after all.
"What is really a nightmare is that [Popureb] looks like it has bugs and sometimes it hangs the system during the reboot stage," Giuliani wrote on the Webroot blog. "This could become a problem that would require you to perform a full system reinstall."
'tis true that some malware installs some of their cousins, but I see that there is much ignorance and fear running around. Being an executive does not make you competent in the area you manage. Those of you who have worked in industry will understand that statement.
Now to get rid of it:
Boot from your System Repair Disc.
Go to a command prompt.
run following two commands:
Bootrec /fixboot
Bootrec /fixmbr
Shutdown your computer.
Run System Sweeper or Safety Scanner.
Your system is clean as a whistle.
Quote