This page contains detailed analysis on Boot.Fispboot. To get rid of this Trojan, please use the removal guide below.
Boot.Fispboot is a detection used to identify Master Boot Record (MBR) that was infected with Trojan.Fispboot. Boot.Fispboot may render the compromised system unstable because of present boot problems.
Boot.Fispboot is a Trojan infected Master Boot Record starting t sector 5 onwards. This compromised area may contain encrypted payload needed for Trojan’s operation. Any data formerly written on this section is already superseded with Trojan’s harmful code.
The Trojan is capable of allowing a remote attacker to gain access on the computer. It will open a backdoor, which will serve as conveyor between the compromised system and an attacker.
Boot.Fispboot also changes a legitimate Windows driver file with a corrupt one. It then monitors strings of certain antivirus program and immediately ends the process before it can initiate the operation.
The threat also injects own code into explorer.exe to connect to a predefined web site address. After establishing a connection, the Trojan may download more files and update its configuration data.
To spread a copy of Boot.Fispboot, attackers behind this Trojan will use a video clip that is hosted on fake Chinese adult sites. To view the video, this web site will require visitors to download a player (codec) and demands to install it on the computer. Unsuspecting users may not know that they can execute a Trojan when they abide by the sites requirements.
Damage Level: Low
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Boot.Fispboot
1. If using Windows Me/XP, System Restore must be disabled to prevent the threat from restoring itself.[how to]
2. Database, pattern and definition files of installed antivirus programs must be updated.
3. Restart Windows in Safe Mode.
4. Run a full system scan and clean/delete all infected files.
5. Restart Windows in normal mode.
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.