Issue:
Malicious code has been found in MBR file (Master Boot Record), how to proceed for further investigation.
Resolution:
Collect the MBR log from the infected machine for further investigation whether it is valid infection or false positive from F-Secure product.
Log Collection Instructions:
- Install Sector Inspector "secinspect.msi" on the infected machine and note the installation directory. Download link: https://www.microsoft.com/en-us/download/details.aspx?id=19470
- Locate installation directory C:\Program Files\Windows Resource Kits\Tools or C:\Program Files (x86)\Windows Resource Kits\Tools
- Execute "secinspect.exe" using cmd with the following argument. secinspect.exe > <log name>MBR.log
- Collect "<log name>MBR.log" that was generated
- Once the log has been collected, you can uninstall the tool using the same installer file "secinspect.msi" and choose uninstall option
Once "<log name>MBR.log" was collected, please submit through the Submit a Sample service portal (https://www.f-secure.com/en/web/labs_global/submit-a-sample) for further investigation. Select I want to give more details about this sample and to be notified of the analysis results. Malware team will investigate the log and give remediation instructions for further clean up.
Article no: 000006535