Reply to post: I've seen its like before

Windows' Nemesis: Pre-boot malware pwns payment processors

Joe User

I've seen its like before

One of my co-workers was afflicted with similar malware a few years ago. It checked the hard drive, found a few megs of unallocated space, and created a partition of an unknown type to hold the code. The malware set its partition to "bootable" and loaded before Windows. To remove it, I had to:

- Boot from a GParted Live disc

- Delete the rogue partition

- Expand the Windows partition to occupy that space (you won't pull that trick twice)

- Boot from a Windows installation disc

- Run Windows repair and fix the boot configuration

- Boot into Windows

- Run several anti-malware programs to "delouse" the PC

Never a dull moment around here....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon