Community
User Guides
Support
Community
Help Forums
English Forum
General
About our Community
General Discussion
News and Feedback
Products
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Beta programs
Feature Requests
Finnish Forum (Tukifoorumi)
Tuotteet Kotiin
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Muut tietoturvatuotteet
Support Articles
Language
English
Suomi
Deutsch
Français
日本語
Svenska
Dansk
Italiano
Nederlands
Norsk
Polski
中文 (繁體)
Products & Services
F-Secure TOTAL
F-Secure SAFE / Internet Security / Anti-Virus
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Common topics
User Guides
Support
Login
|
Register
What to do if malicious code has been found in an MBR file - F-Secure Community
<main> <article class="userContent"> <h3 data-version="4" data-article="000006535">Issue:</h3> <p>Malicious code has been found in MBR file (Master Boot Record), how to proceed for further investigation.</p> <h3>Resolution:</h3> <p>Collect the MBR log from the infected machine for further investigation whether it is valid infection or false positive from F-Secure product.<br></p><p><strong>Log Collection Instructions:</strong></p> <ol><li>Install Sector Inspector "secinspect.msi" on the infected machine and note the installation directory. Download link: <a rel="nofollow" href="https://www.microsoft.com/en-us/download/details.aspx?id=19470">https://www.microsoft.com/en-us/download/details.aspx?id=19470</a></li><li>Locate installation directory C:\Program Files\Windows Resource Kits\Tools or C:\Program Files (x86)\Windows Resource Kits\Tools</li><li>Execute "secinspect.exe" using cmd with the following argument. secinspect.exe > <log name>MBR.log</li><li>Collect "<log name>MBR.log" that was generated</li><li>Once the log has been collected, you can uninstall the tool using the same installer file "secinspect.msi" and choose uninstall option</li></ol> Once "<log name>MBR.log" was collected, please submit through the Submit a Sample service portal (<a rel="nofollow" href="https://www.f-secure.com/en/web/labs_global/submit-a-sample">https://www.f-secure.com/en/web/labs_global/submit-a-sample</a>) for further investigation. Select <b>I want to give more details about this sample and to be notified of the analysis results</b>. Malware team will investigate the log and give remediation instructions for further clean up.<br><br> <p>Article no: 000006535</p> </article> </main>