• Download the utility [You must be registered and logged in to see this link.]. Extract files from the archive using an archiver (for example, WinZip).
  
• Run the file antiboot.exe.
  
• The file antiboot.exe started on an infected PC will display the following messages:
  
  
  
• Press y when prompted to cure the system.
  
  
  The utility will perform disinfection and prompt for a reboot:
  
  
  

Press y and then Enter to reboot.


Due to specific nature of this malicious program, its removal is carried out at the moment the PC is being booted.
You can refuse to reboot. Then the malicious program will remain active until you switch off or reboot the PC by means of the operating system (Start > Shut down > Restart). The PC will be disinfected after a reboot.


When started on a NOT infected PC, the utility displays a message No infected disks found.



Optional command line parameters of the utility antiboot.exe:

-l <file_name>, where file_name is the utility log file name.

The utility generates boot sector dumps (MBR) of the disks infected with the malicious program.

Dump file names are .origmbrXX and .curedmbrXX.

The files *. origmbrXX contain original MBR copies (before disinfection).

The files *.curedmbrXX contain cured MBR copies.

The XX number depends on the hard disk drive location on PCI bus.

–p - use it to create MBR dump files on all hard disk drives.