Microsoft: Don’t Re-install Windows for ‘Popureb’ Trojan

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Just a few days after Microsoft announced that a complete re-install of Windows was necessary after discovering that a new Trojan hijacks the infected computer’s boot sector, the company has updated its statements and is advising users of an alternative solution rather than doing a re-install to fix the problem.

This Trojan, called “Popureb”, digs deeply into the system’s boot sector. The Trojan would only be accessed before the computer’s BIOS begins the start-up process. This would cause the OS and security software to not detect the malware.

Microsoft had stated that the only way to get rid of the Trojan was to return Windows to its out of the box configuration. According to Microsoft’s Malware Protection Center, “If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state.” For those that are not familiar with the recovery disk, it allows a user to return Windows to its factory settings.

Microsoft is now advising users who are infected to use the Bootrec.exe tool located in the Windows Recovery Environment to repair their system. A detailed explanation on how to use the tool can be found here. Microsoft is now recommending this method rather than doing a complete wipe.

However, the guys over at Webroot (threat research analysts) are advising that due to the nature of the malware, doing a repair or complete re-install of the system does not guarantee the removal of the Trojan. “What is really a nightmare is that the Trojan looks like it has bugs and sometimes it hangs the system during the reboot stage.”

Webroot is working on a took to safely remove the Trojan and will release it as soon as they are done testing it.