KillMBR-FBIA Description

Type: Adware

KillMBR-FBIA is a malware infection that is included in an online malware campaign affecting South Korean banks and media firms. KillMBR-FBIA wipes out the master boot records on the hard drives of the compromised PC, overwriting the MBR with one of the strings 'PRINCPES', 'PR!NCPES' and 'HASTATI'. KillMBR-FBIA also overwrites random parts of the file system with the same strings, making several files irretrievable. So even if the MBR is retrieved, the files on disk will be affected as well. Then, the PC is urged to restart via the particular command. That activity makes the PCs to be unable to boot up because the MBR is corrupted. Before overwriting the MBR, KillMBR-FBIA strives to stop the main processes of two Korean anti-virus programs, Ahnlab and Hauri. The main goal of KillMBR-FBIA is to make the victimized computer systems unusable.

Technical Information

File System Details

KillMBR-FBIA creates the following file(s):
# File Name Detection Count
1 OthDown.exe N/A
2 mb_join.exe N/A
3 ApcRunCmd.exe N/A
4 E4F66C3CD27B97649976F6F0DAAD9032.bin N/A
6 pr1.tmp N/A
7 jar_cache1221312510715123682.tmp N/A

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.