We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/Dembr.A
Aliases: W32/Jokra.A (Command) Trojan.Win32.EraseMBR.b (Kaspersky) W32/KillMBR.KR (Norman) TR/KillMBR.Y.2 (Avira) Trojan.KillFiles.10563 (Dr.Web) Win32/KillDisk.NAS trojan (ESET) Trojan.MBR.Killer (Ikarus) KillMBR-FBIA (McAfee) Troj/MBRKill-A (Sophos) Trojan.Jokra (Symantec) TROJ_KILLMBR.DS (Trend Micro)
Summary
Trojan:Win32/Dembr.A is a trojan that deletes the Master Boot Record (MBR), rending your computer unusable.
This trojan contains code to ensure that it only runs after 14:00, on March 20, any given year.
Additional remediation steps for Trojan:Win32/Dembr.A
Trojan:Win32/Dembr.A may make lasting changes to your computer that will NOT be restored by detecting and removing this threat. In such cases, you will need to reinstall Windows, and restore your computer from backup.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner