Fandom

Malware Wiki

MBR Infected Shell

1,319pages on
this wiki
Add New Page
Comments8 Share


MBR Infected Shell is a trojan on Microsoft Windows that when run, overwrites the user's master boot record.

This virus was only available when the Fosshub server was infected on August 2, 2016, in which Classic Shell and Audacity were also affected and hacked, and all downloads of them were replaced with this virus. When the virus was originally discovered, websites like VirusTotal wouldn't detect it being a virus, so users would suspect it's not a trojan or virus. The only thing different is that the publisher is unknown thus causing a User Account Control message when executed before being run.

PayloadEdit

When loaded, a window will open, but then it closes quickly. Nothing else noticeable happens until the user reboots the computer, in which the master boot record is overwrriten. It may either show a single spade on the bottom left of the screen or the text:

AS YOU REBOOT, YOU FIND THAT SOMETHING HAS OVERWRITTEN YOUR MBR!
IT IS A SAD THING YOUR ADVENTURES HAVE ENDED HERE!

DIRECT ALL HATE TO PEGGLECREW (@CULTOFRAZER ON TWITTER)                                    

GREETZ:
ECLIPSO, BUBSV, CONFLICT, WIZARDS OF THE COAST, JEWINVADER
LAGFISH, ROLAND, JOSH BURRESS, JACOB GRUENTZEL, AF, TERIDAX
JOHN CENA, ETHAN RALPH, VINCE (RIP)

It also attempts to prevent it from being uninstalled, as it will cause the computer to crash if it tries to be uninstalled. The best way to fix this is to run a startup repair or fixmbr on a Windows setup disk.

Media Edit

ReferencesEdit

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.