What to do if malicious code has been found in an MBR file
Malicious code has been found in MBR file (Master Boot Record), how to proceed for further investigation.
Collect the MBR log from the infected machine for further investigation whether it is valid infection or false positive from F-Secure product.
Log Collection Instructions:
- Install Sector Inspector "secinspect.msi" on the infected machine and note the installation directory. Download link: https://www.microsoft.com/en-us/download/details.aspx?id=19470
- Locate installation directory C:\Program Files\Windows Resource Kits\Tools or C:\Program Files (x86)\Windows Resource Kits\Tools
- Execute "secinspect.exe" using cmd with the following argument. secinspect.exe > <log name>MBR.log
- Collect "<log name>MBR.log" that was generated
- Once the log has been collected, you can uninstall the tool using the same installer file "secinspect.msi" and choose uninstall option
Article no: 000006535