Issue:
Malicious code has been found in MBR file (Master Boot Record), how to proceed for further investigation.
Resolution:
Collect the MBR log from the infected machine for further investigation whether it is valid infection or false positive from F-Secure product.
Log Collection Instructions:
- Install Sector Inspector "secinspect.msi" on the infected machine and note the installation directory. Download link: https://www.microsoft.com/en-us/download/details.aspx?id=19470
- Locate installation directory C:\Program Files\Windows Resource Kits\Tools or C:\Program Files (x86)\Windows Resource Kits\Tools
- Execute "secinspect.exe" using cmd with the following argument. secinspect.exe > <log name>MBR.log
- Collect "<log name>MBR.log" that was generated
- Once the log has been collected, you can uninstall the tool using the same installer file "secinspect.msi" and choose uninstall option
Article no: 000006535