The leading antivirus vendors will normally state if they are able to detect Sinowal/Mebroot variations. This is easy to find out -- use a search engine to search on "Sinowal detection," for example, and add the company name you're interested in. For instance, here is a Mebroot security response from Symantec Corp.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The problem, however, is that the malware writers will keep on modifying their code to avoid detection. And they will use the very same AV software to test whether their latest tweaked malware remains unrecognized. Unfortunately, it takes time, and new infected machines before any new AV signatures can be released.
To help protect the master boot record, apply write protection, which can still be found in some BIOSes, preventing modification of the MBR. If the operating system needs reinstalling or modification, this setting will have to be temporarily disabled.
If the machine is infected, the best solution is to back up data on the hard drives, and then reinstall and patch the operating system after a low-level format (or better still a new hard disk). The main reason for the reset is that attackers normally infect computers with a selection of malware, some of which will not be detected or removed by antivirus packages. Also, consider using virtual machines or clean disk images to simplify this process, especially if this is not the first time you have been infected.
Historically the solution to repair a damaged Master Boot Record was to recreate it using the fdisk /mbr or fixmbr command, though modern Windows operating systems no longer support this command. However, I have heard good reports of people using the MBRfix utility.
If credit cards or password-protected sites have been used whilst the machine was infected, make sure to immediately change any site passwords and inform banks so that new cards may can be issued.
Related Q&A from Richard Brain
Managing vulnerabilities involves a wide array of security testing, including both dynamic and static source code analysis. Learn how the two differ,...continue reading
Which browsers are secure enough for enterprise use, and which should be avoided at all costs? In this expert response, Richard Brain examines the ...continue reading
Google cloud applications aren't necessarily known for their security. In this expert response, learn what to watch out for when considering using ...continue reading