I have now several times reformatted my hard drive and reinstalled Windows XP without getting rid of "Rootkit.MBR.Whistler(Boot image)". What to do?
Hi,
Welcome! I moved your post to the Protection board.
not sure how to remove it, didn't find instructions at F-Secure page.
One thing you can try is the rescue CD it boots a Linux image and will scan the drive and might be able to remove.
Second option would be to install a Linux and rewrite MBR. Linux has better tools for that.
My personal experience.
Hi berjan,Please refer the KB article below to disinfect MBR in Win XP:http://support.microsoft.com/kb/314058 (under the fixmbr section)http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/bootcons_fixmbr.mspxThanks.Best Regards,Jayson
Hi berjan,
Just to add an additional information from our Security Lab.http://www.f-secure.com/v-descs/rootkit_w32_whistler_a.shtmlThanks.Best Regards,Jayson
Comments
Hi,
Welcome! I moved your post to the Protection board.
Hi,
not sure how to remove it, didn't find instructions at F-Secure page.
One thing you can try is the rescue CD it boots a Linux image and will scan the drive and might be able to remove.
Second option would be to install a Linux and rewrite MBR. Linux has better tools for that.
My personal experience.
Hi berjan,
Please refer the KB article below to disinfect MBR in Win XP:
http://support.microsoft.com/kb/314058 (under the fixmbr section)
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/bootcons_fixmbr.mspx
Thanks.
Best Regards,
Jayson
Hi berjan,
Just to add an additional information from our Security Lab.
http://www.f-secure.com/v-descs/rootkit_w32_whistler_a.shtml
Thanks.
Best Regards,
Jayson