Repairing Infected Master Boot Records (MBR)

Infections in the Master Boot Record (MBR) can be a tricky business. Occasionally, the user may need to perform additional steps to completely remove the infection.
If available, the description of the threat may provide specific instructions for repairing an infected MBR. If a description for the threat is not available, this page provides more general advise for MBR repair.

Automatic Disinfection

In some cases, F-Secure's security products can disinfect the MBR without further action from the user.


If a suspicious hidden file is detected and the F-Secure security product does not immediately remove the file, there are several actions you can perform by manually selecting one of the displayed options:

  • If you don't want to do anything about the hidden item, select None as the action
  • If you don't want to be notified about the file in the future, select Exclude as the action
  • If you are sure the item is not part of a normal program, you can rename it by selecting Rename as the action. This will prevent the hidden program from starting in the future.
    NOTE: You should use the Rename action very carefully, because renaming important files may break the computer.

Contact Support

In certain cases, more complex malware (e.g., rootkits) may have sufficiently altered the MBR so that regular automatic disinfection is not possible, or not fully effective.

If you suspect this is the case, you may wish to submit a sample of the suspect MBR to our Labs for further analysis.

Submitting a sample of an infected MBR

For detailed instructions on how to obtain a sample of the suspect MBR for submission, please see the following Support KB Article: How to collect an MBR rootkit sample

Additional Options

Windows includes tools to replace an infected MBR with a copy of the original, clean MBR. To do so:

  1. Boot into the Recovery Console 
    • On Windows XP, run: fixmbr
    • On Windows 7, run: bootrec
    NOTE: For further information on use of the fixmbr command, please refer to the relevant Microsoft documentation.