Posted by: Ken Harthun
Anti-malware, Anti-virus, Malware, Rootkit, Security, Trojan, Virus
Assuming you or your client is not already infected with Mebroot, there’s another tool you can use to easily recover in the event of an infection: MBRtool 2.3 from DIY DataRecovery.
MRBTool is a freeware DOS program designed to backup, restore, and manipulate your hard disk MBR. The latest version includes a boot disk builder that will allow you to create a diskette or bootable CD/DVD, making it ideal for recovering from a Mebroot infection. If you are sure the target machine is clean, or you have a clean image that you can restore, you simply use MBRTool to make a backup of the valid MBR. In the event of infection, use the boot disk to start the machine and restore the valid MBR. Bye, Bye, Mebroot!
Going beyond simple recovery, you could use MBRTool to make a copy of and examine an infected MBR to compare its code against known Mebroot variants. But, be careful: you don’t want that infected MBR to get away from you.