Updated Dr.Web scanner finds and cures VBR-bootkits

July 7, 2011

Doctor Web has informs users that the GUI-based scanner and the self-defence module have been updated in single-user and server Dr.Web products of the 6.0 series for Windows. Improvements include the capability to detect and cure VBR-bootkits.

The updated scanner detects and neutralizes bootkits modifying the Volume Boot Record (VBR) whose code is invoked after the MBR code. Doctor Web's June virus activity report indicated active spreading of malicious programs that modify boot records including the first known VBR-bootkit, Trojan.Mayachok.2.

In addition, routines for curing active infections have been upgraded and new methods for neutralization of malicious objects that managed to find a way into the system have been introduced.

Known scanner issues including a possible crash at startup and while conducting an express scan have been resolved.

The update also fixes an issue when operation of the self-protection module on high-performance server hardware was unstable.

The update will be automatically downloaded by the anti-viruses but applying the update will require a system reboot.