MBR virus - rewrite MBR?

[spandexninja]

I was wondering if using this command:
bootrec /fixmbr
from a Windows 8 install disc and then doing a fresh install of Windows 8 would get rid of an MBR virus for sure. Does this command completely rewrite the MBR?

What are the chances that a computer has a virus if Avast (boot scan), Malwarebytes, and Kaspersky Rescue Disc (boot scan) don't find anything?

 

[Bubbaleone]

Since you appear to be familiar with Kaspersky's rescue disk 10, give their TDSSKiller a try; it's very effective on bootkits (MBR viruses) and may save you from having to do a fresh installation. If you decide to do a fresh installation; use the command prompt in the Windows 8 repair tools to run diskpart and wipe the disk first. Here are the commands:

diskpart
(starts the diskpart tool)

list disk
(This will give you a list of disk numbers to select from)

select disk #
(replace # with the number of your HDD/SSD)

clean
(this leaves the disk in an unallocated state and completes quickly)

This makes sure there's no possibility of being reinfected. Reboot and then run the installation.

Regarding Kaspersky Rescue Disk 10; it's extremely effective at finding and killing rootkits, boot kits, and boot sector viruses so long as it's able to make the network connection and download all the newest virus defs, and so long as you manually configure all the scan settings to maximum. If those aren't done; then Rescue Disk 10 isn't even worth booting up.


.

 

[Cstefan]

I have used TDSS and it has done the trick every time. Some of them will crash your computer as soon as you try to run it in my experience. Family bring the most interesting virii to clean.

 

[Bubbaleone]

Today's malware authors often code their apps to recognize well known virus removal tool names and then crash the computer, upon recognizing the name tdsskiller.exe (as just one example), in an attempt to prevent being detected. A simple way to circumvent this behavior by the malware is to just rename the removal tool. For example; when you click the download link then select where you want to save it, rename tdsskiller.exe to 1ztrs.exe (or whatever you like) before you click the save button. Additionally; if you have UAC enabled on your computer don't just double-click the freshly downloaded removal tool and expect it to work correctly. Always right-click the downloaded malware removal tool, select 'Properties' from the context menu, click the 'Unblock' button, then click 'OK' to close the dialog. And when you run the tool, always right-click and select 'Run as administrator' rather than just double-clicking it.


.