Trojan.Fispboot

Trojan.Fispboot is a harmful computer Trojan that will infect the Master Boot Record of victim’s computer leading to malfunctioning of the whole system. The Trojan also downloads and executes additional threat on compromised computer. A backdoor created by this Trojan will allow a remote attacker to secure an unauthorized access on the PC allowing them to monitor activities and steal information.

When user initiates Trojan.Fispboot, it will infect a Master Boot Record (MBR). It will write malicious codes into targeted sectors of the infected PC and erases all present data in that part of the disk. This Trojan will also open a backdoor and contact a predefined web address for possible attack by a remote author. On the same connection, Trojan.Fispboot will download and execute additional files.

The Trojan also spoils system files and replaces them with malicious driver that will hook into Windows loader to monitor the computer for running antivirus programs. It will thwart execution if any antivirus by patching them with a harmful code. Apart from that, the Trojan also injects the same corrupt code into legitimate file explorer.exe to communicate with other sets of web address. It will fetch additional files to upgrade itself and perform the following tasks:

  • Steal sensitive information
  • Send gathered data to a remote attacker using FTP or Email transmission
  • Monitor web activities of the infected computer
  • Records security software process on the PC
  • Downloads additional configuration file

Alias: TR/Downloader.Gen, Mal/Behav-004, Mal_DLDER, Generic.dx!xvh, Rootkit.Win32.Fisp.a, Win32:Downloader-GDF

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Manual Removal of Trojan.Fispboot

1. If using Windows Me/XP, System Restore must be disabled to prevent the threat from restoring itself. [how to]
2. Database, pattern and definition files of installed antivirus programs must be updated.
3. Restart Windows in Safe Mode.
4. Run a full system scan and clean/delete all infected files.
5. Restart Windows in normal mode.

Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.

How to Protect Computer From Trojan.Fispboot

Use security programs:
- Install antivirus and always update the database to ensure that it will detect new threats and viruses.
- Use a firewall to block all unwanted incoming Internet traffic.
- Anti-malware is also advise aside from installed antivirus programs.

Communication Precautions:
- Be cautious in opening e-mail attachments. Spam messages that pretend to be from a known source may contain infected attached files.
- Never click on a suspicious link sent through instant messaging programs.

Alternative Removal Method for Trojan.Fispboot

Option 1 : Use Windows System Restore to return Windows to previous state

If Trojan.Fispboot enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Trojan.Fispboot infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.