Comments on: Removing Popureb Doesn’t Require a Windows Reinstall

By: Tammi Wuerz

Tammi Wuerz — Wed, 18 Apr 2012 21:59:08 +0000

Hi your website is outstanding, wish I found it sooner it really really helped me out a lot. Good Job!!!

By: Chris Bolton

Chris Bolton — Wed, 13 Jul 2011 20:01:47 +0000

Hi Marco,

Thanks for this explanation; I understand the concept even though I couldn’t actually do that coding. Regarding the attack vector, it appears to have infected a laptop belonging to my 84 year old mother, who doesn’t tend to use dodgy websites. I guess it can infect any unprotected site. It was on a rolling reboot; I ran fixmbr and reinstalled XP based on where the problem appeared to be and only found out about popureb afterwards – just got to reinstall SP3 and 97 updates now…

Chris

By: Popureb.E trojan removal tool released for public | Virus prevention and removal security tools

Mon, 11 Jul 2011 20:39:59 +0000

[...] procedure and saved somewhere on the hard disk. You can read more on details about this trojan here, an article written by the malware researcher Marco Giuliani.The Popureb.E trojan removal tool is [...]

By: First Test Post! - A Different Way

First Test Post! - A Different Way — Mon, 11 Jul 2011 01:24:18 +0000

[...] researchers with Webroot and CA agreed with Thakur that Popureb could be removed without reinstalling [...]

By: Free Anti-Popureb Tool Released « Webroot Threat Blog

Free Anti-Popureb Tool Released « Webroot Threat Blog — Fri, 08 Jul 2011 23:02:17 +0000

[...] week, threat researcher and malware reverse-engineer Marco Giuliani wrote up a fairly technical description of a bootkit — a rootkit that infects the master boot record of the hard drive, making it very difficult [...]

By: Beverly Murch

Beverly Murch — Thu, 07 Jul 2011 21:17:37 +0000

I have your thing making my life miserable – what can I do?

By: Marco Giuliani

Marco Giuliani — Wed, 06 Jul 2011 23:03:33 +0000

Hi Kevin,

I deeply apologize for my late reply to your comment. In this specific case GMER won’t be of any help, at least its MBR rootkit detector. This because the trojan is not hiding at all its code on the MBR, so it doesn’t act as a rootkit and Gmer’s MBR rootkit detector won’t detect anything wrong in the system.

Systems are being infected by usual well known vectors, that means crack/warez websites, exploited websites containing malicious code, p2p.

Hope that helps.

Regards,
Marco

By: Virus Popureb: non è necessario reinstallare Windows

Virus Popureb: non è necessario reinstallare Windows — Sat, 02 Jul 2011 14:39:05 +0000

[...] via [...]

By: Kevin Smith

Kevin Smith — Fri, 01 Jul 2011 13:13:08 +0000

While this is an especially nasty–and sophisticated–bugger we’re all concerned about, it definitely appears to have some different ways to detect and pry it loose.

One tool in particular that appears to be able to ferret it out is GMER, http://www.gmer.net/, a general purpose rootkit detection tool and their MBR rootkit detector.

One thing I’m not seeing anyone discuss is how computers are being infected with this code. It’s definitely happening, yet there’s really been very little mention of what the main attack vectors are.

By: Microsoft Now Says OS Reinstall Unnecessary for ‘ Popereb’ Trojan – JailBake

Fri, 01 Jul 2011 02:38:51 +0000

[...] like it has bugs and sometimes it hangs the system during the reboot stage,” he wrote in a blog posting.Giuliani and his team at Webroot are currently finishing up on a tool to safely remove the Trojan [...]