KillMBR-FBIA Description
Type: AdwareKillMBR-FBIA is a malware infection that is included in an online malware campaign affecting South Korean banks and media firms. KillMBR-FBIA wipes out the master boot records on the hard drives of the compromised PC, overwriting the MBR with one of the strings 'PRINCPES', 'PR!NCPES' and 'HASTATI'. KillMBR-FBIA also overwrites random parts of the file system with the same strings, making several files irretrievable. So even if the MBR is retrieved, the files on disk will be affected as well. Then, the PC is urged to restart via the particular command. That activity makes the PCs to be unable to boot up because the MBR is corrupted. Before overwriting the MBR, KillMBR-FBIA strives to stop the main processes of two Korean anti-virus programs, Ahnlab and Hauri. The main goal of KillMBR-FBIA is to make the victimized computer systems unusable.
Technical Information
File System Details
| # | File Name | Detection Count |
|---|---|---|
| 1 | OthDown.exe | N/A |
| 2 | mb_join.exe | N/A |
| 3 | ApcRunCmd.exe | N/A |
| 4 | E4F66C3CD27B97649976F6F0DAAD9032.bin | N/A |
| 5 | APCRunCmd.DRP | N/A |
| 6 | pr1.tmp | N/A |
| 7 | jar_cache1221312510715123682.tmp | N/A |
Site Disclaimer
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.