What to do if malicious code has been found in an MBR file

Issue:

Malicious code has been found in MBR file (Master Boot Record), how to proceed for further investigation.

Resolution:

Collect the MBR log from the infected machine for further investigation whether it is valid infection or false positive from F-Secure product.

Log Collection Instructions:

  1. Install Sector Inspector "secinspect.msi" on the infected machine and note the installation directory. Download link: https://www.microsoft.com/en-us/download/details.aspx?id=19470
  2. Locate installation directory C:\Program Files\Windows Resource Kits\Tools or C:\Program Files (x86)\Windows Resource Kits\Tools
  3. Execute "secinspect.exe" using cmd with the following argument. secinspect.exe > <log name>MBR.log
  4. Collect "<log name>MBR.log" that was generated
  5. Once the log has been collected, you can uninstall the tool using the same installer file "secinspect.msi" and choose uninstall option
Once "<log name>MBR.log" was collected, please submit through the Submit a Sample service portal (https://www.f-secure.com/en/web/labs_global/submit-a-sample) for further investigation. Select I want to give more details about this sample and to be notified of the analysis results. Malware team will investigate the log and give remediation instructions for further clean up.

 

Article no: 000006535

Pricing & Product Info

For product info and pricing please go to the F-Secure product page

Version history
Revision #:
1 of 1
Last update:
‎24-10-2019 06:14 PM
Updated by: