How to remove a bootkit
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.
Accept and close



Safety 101: Viruses and solutions


How to remove a bootkit

Back to "Viruses and solutions"
2013 Aug 28 ID: 2727
­A bootkit is a type of malware that infects the Master Boot Record (MBR).

This infection method allows the malicious program to be executed before the operating system boots. As soon as BIOS (Basic Input Output System) selects an appropriate boot device (it can be a hard disk or a flash drive), the bootkit that resides in the MBR starts executing its code. Once the bootkit receives the control, it usually starts preparing itself (reads and decrypts its auxiliary files in its own file system that it has created somewhere in the unallocated disk space) and returns the control to the legitimate boot loader overseeing all stages of the boot process.

The main feature of a bootkit is that it cannot be detected by standard means of an operating system because all its components reside outside of the standard file systems.
Some types of bootkits hide even the fact that the MBR has been compromised by returning the legitimate copy of the MBR when an attempt to read it has been made.
A system infected with a bootkit can be cured with the TDSSKiller utility. 

List of malicious programs


How to disinfect a compromised system


How to use the utility


Command line keys for the TDSSKiller.exe utility

Was this information helpful?
Yes No


Have you found what you were looking for?

Please let us know how we can make this website more comfortable for you

Send feedback Send feedback

Thank you!

Thank you for submitting your feedback.
We will review your feedback shortly.