How to remove Master Boot Record (MBR) Ransomware

This is something new and frankly speaking I am hearing it for first time. Kaspersky is reporting that it has detected a new malware which overwrites your PC master boot record (MBR) and demands a ransom to retrieve a password and restore the original MBR so that you can have your PC back to work again.

This malware is detected as Trojan-Ransom.Win32.Seftad.a and Trojan-Ransom.Boot.Seftad.a.

This ransomware is downloaded by If Seftad.a was downloaded by and run, the victim’s PC is rebooted and the following message appears on the screen:

As you are not aware of what password is, after three retries,  The infected PC will reboot and show you the same screen.

If the victim browses the malware author’s website, he is asked to pay $100 using ‘Paysafecard’ or ‘Ukash’.

Leaving aside the technical details behind solving this,Here is what you do if you are infected by this malware.  Do not visit the website. Use the password ‘aaaaaaciip’ (without quotes) to restore the original MBR. If the password doesn’t work, you can cure your MBR with Kaspersky Rescue Disk 10.

Source and Image Credits: Securelist Blog

Recent Articles

Related Stories


  1. Sounds scary, thanks for sharing this info Avi 🙂

    Malware/spyware authors always find new ways to fool computer users.

    The users must excise caution while browsing the internet or using external storage devices like Memory cards, USB pen drives (memory sticks), CDs/DVDs etc. Just because its your friend’s USB drive or email doesnt mean its gotta be clean. Always scan the devices before opening them with windows explorer.

    This prevents malwares from auto-running (execution of malicious scripts)

    I have disabled auto-run for USB devices, CDs,DVDs. And I use a Sandboxed browser while surfing websites

  2. lolz….what a lame attempt at getting money
    but the sad part is few ppl would actually go and pay him out of sheer panic

Comments are closed.