I´ve reformatted Windows XP without getting rid of "Rootkit.MBR.Whistler(Boot image). What to do?

berjan

I have now several times reformatted my hard drive and reinstalled Windows XP without getting rid of "Rootkit.MBR.Whistler(Boot image)".  What to do?

[Deleted User]

Hi,

 

Welcome! I moved your post to the Protection board.

2eemeli

Hi,

 

not sure how to remove it, didn't find instructions at F-Secure page.

 

One thing you can try is the rescue CD it boots a Linux image and will scan the drive and might be able to remove.

 

Second option would be to install a Linux and rewrite MBR. Linux has better tools for that.

 

My personal experience.

 

 

 

 

[Deleted User]

Hi berjan,

Please refer the KB article below to disinfect MBR in Win XP:
http://support.microsoft.com/kb/314058 (under the fixmbr section)
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/bootcons_fixmbr.mspx

Thanks.


Best Regards,
Jayson

[Deleted User]

Hi berjan,

 

Just to add an additional information from our Security Lab.
http://www.f-secure.com/v-descs/rootkit_w32_whistler_a.shtml

Thanks.


Best Regards,
Jayson