Skip navigation.

MBR Rootkit


Here is a copy of the MBR rootkit that has been getting press lately.

MD5: 88ffe413ce04294cc0ed8c4d163f1c31

Now Most AV detect

Almost all av products detect this now

They are detection the

They are detection the installer, that,s OK. But who detects it when it is already rooted in MBR?

As far as I know gmer latest beta detects and removes. What else? I don,t know!

kaspersky, drweb and nod32

kaspersky, drweb and nod32 detected virus.
Janet Kellman, software reviews editor

They detected the installer

They detected the installer or the rootkit in the MBR( via real time on-access scanner) after installation? And what about removal?

Kaspersky 2009 detected and remove it!!!

kaspersky 2009 is able to detect and remove an active sinowal or mbr rootkit


hey mythx

thanks for continuously posting cool stuff to OC. You are one of the more prolific contributers and it's much appreciated.


Fresh off the grill

Fresh off the grill :)

Upload file (Loader)

Sector 00

I've Norton 360 framework

I've Norton 360 framework .
it can detect it .
but, not chance to gonna fight and remove it .
If I can remove it, surely put it result .

thanks from the PE .

MBR "fixes"

Just FYI guys, I have a feeling if you install one of those boot-manager programs, it will probably overwrite whatever this virus has written to the MBR.

For instance if you install linux, it will install "GRUB" or "LILO." These programs overwrite the MBR and give you an OS menu.

Furthermore programs like Norton Ghost and Acronis TrueImage all write custom MBR's.

Finally UBCD (Ultimate Boot CD) has a program that allows you to edit your MBR.

Go into your BIOS and make it boot to a CD / floppy, it will never read the MBR.

Just a few things off the top of my head that should "fix" the MBR.

Norton blocked it.

Found a Trojan.Meboot. Someone in the Norton forums reported it couple weeks ago too.

Norton AntiVirus Gaming Edition 2009.