Microsoft has discovered a new variant on a bootkit so malicious that Microsoft’s recommended solution is to reinstall Windows.
In a recent blog post on TechNet, Chun Feng, an engineer with the Microsoft Malware Protection Center, warned that users will have to reinstall windows if they are infected with what it refers to as Popureb.E, which now inludes a driver component that triggers at boot time….
The malware is clever enough to identify the actual physical startup disk, and it infects an operation called DriverStartIO – sorry for the tech terminology.
What it does there is even more ingenious. “If it finds the write operation is trying to overwrite the MBR [Master Boot Record] or the disk sectors containing malicious code, it simply replaces the write operation with a read operation. The operation will still succeed, however, the data will never actually be written onto the disk.
In other words, antivirus software that attempts to remove the virus be overwriting the MBR will be intercepted, and the write command replaced with a read command.
But we got your back, specially if you got our “Antivirus Pro Service”. The only thing you have to do is a malware scan (our security aproach can detect the Popureb.E malware since january 2011) as we instructed you once every 30 days.
It’s not our fault that Microsoft it’s a little ……..behind……, you sould not be worried