Ransomware lands on the MBR

I would like to know too.

 

well i ran a simple overwrite but it still never removed it lol, dont know if i picked the wrong setting or summat (first time darek user)

 

Maybe someone else that uses it can tell us.

 

How about the following?:

1. Use MBRtool in the Ultimate Boot CD. I have used MBRtool when trying some versions of Linux which for security had locked the MBR. I used MBRtool and deleted the MBR so that I could install a different version of Linux. Deleting the MBR is much faster than the following options.

http://www.ultimatebootcd.com/

2. Use your hard drive manufacturer's bootable diagnostics CD and write zeros to all sectors of the hard drive. This should eliminate all malware on the hard drive. Writing zeros to all sectors of the hard drive will take from a few hours to as much as a day depending on your hard drive size.

3. Use one of the following free bootable CD's to write zeros to all sectors of the hard drive:

CopyWipe (DOS GUI):

http://www.terabyteunlimited.com/copywipe.php

Partition Wizard (Linux GUI):

http://www.partitionwizard.com/partition-wizard-bootable-cd.html

 

tried that but it did not remove this malware

 

A few questions:

1. Does SpyShelter HIPS component help in preventing this? If someone is willing to test (and provide screen-shot if possible), I'd appreciate it.

2. Assuming one is already infected, what's the easiest way for an average folk to clean up this mess?

 

SS free:

If you are infected with this sample then apparently a FIXMBR command should put things right.

 

OK thanks Franklin

 

Yesterday, I tested many zero-day MBR Ransomwares, Trojans, and root-kits against SS Free as well as against competitor product. SS system protection is very strong (30 hooks on my XP SP3 test system). It was able to block suspicious executions/actions and test system remained under full control, although few threats were still able to drop their drivers under windows and system32 folder but those payloads were not active and easy to clean via Hitman Pro and MBAM. The major thing here is I was at least able to log in in each case with SS, but competitor product failed at this step.