Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Remove threats

 

 

Master Boot Record (MBR) Repair

Infections in the Master Boot Record (MBR) are a tricky business, and may sometimes require a user to take additional steps to completely remove the infection.

 If available, the Description of the relevant malware may provide removal details tailored to the suspect malware or specific infection scenario.

If specific removal instructions are not yet available, this page provides more general actions for repairing an infected MBR. Click the link to jump to the relevant instructions:

 

Automatic Disinfection

 In some cases, F-Secure's security products can disinfect the MBR without further action from the user.

Alternatives

If a suspicious hidden file is detected and FSAV does not immediately remove the file, there are several actions you can perform by manually selecting one of the displayed option:

  • If you don't want to do anything about the hidden item, select "None" as the action
  • If you don't want to be notified about the file in the future, select "Exclude" as the action
  • If you are sure the item is not part of a normal program, you can rename it by selecting "Rename" as the action. This will prevent the hidden program from starting in the future. You should use the "Rename" action very carefully, because renaming important files may break the computer.

 

Contact Support

In certain cases, more complex malware (e.g., rootkits) may have sufficiently altered the MBR so that regular automatic disinfection is not possible, or not fully effective.

If you suspect this is the case, you may wish to send a sample of the suspect MBR to our Labs for further analysis.

Submitting a sample of an infected MBR

For detailed instructions on how to obtain a sample of the suspect MBR for submission, please see the following Support KB Article:

 

Additional Options

Windows includes tools to replace an infected MBR with a copy of the original, clean MBR. To do so:

  1. Boot into the Recovery Console.
  2. Depending on the operating system in question, run the appropriate command on all infected drives:

    • On Windows XP, run: fixmbr
    • On Windows 7, run: bootrec

Note: For further information on use of the 'fixmbr' command, please refer to the relevant Microsoft documentation.

Rescue CD

Access an infected computer that no longer starts.

Get Support online

For documentation and product support, visit our Support site.