Get our nProtect MBR Guard for free.

1. How's your HDD?

Recently, various variants of boot sector failure(MBR : Master boot record) cases are being reported.
To protect from MBR, we designed and distributes "MBR protection program" including "Prevent Real-time HDD destroying" function.

nProtect MBR Guard v3.0.1.4 (Supports Hangul Windows XP, Windows Vista, Windows 7/ added service mode and functions)
http://avs.nprotect.net/FreeAV/NPMBRGuardSetup.exe
http://www.nprotect.com/v7/down/sub.html? mode=vaccine_view&subpage=4&no=308&page=&field=&field_value=

*MD5 : fde66c9a0d147ebca057da005e384a8c
*Supporting OS : Windows XP/Vista/7 (32/64bit)

* Writing a reply of error while using nProtect MBR Guard v2.0.1.4 is the fastest way to solve the problem.

* Our COMPLIMENTARY "nProtect MBR Guard" can protect most of MS Windows MBR sector including Windows XP, Windows Vista, Windows 7 and so on.

2. Main functions

This malicious file with the destruction capabilities, which is tampering into MBR area function, can cause unable to boot.
Following figure describes the order of infection.



First of all, web hard site is tampered by attacker, then spreading malicious file after being injected malicious code. PCs infected after downloading this malicious file will be becoming zombie PC. These tampered PC can download DDoS related malicious file, containing capability of destroy HDD, and can work on certain condition.

* MBR : Master boot record

A master boot record (MBR) is a type of boot sector popularized by the IBM Personal Computer. It consists of a sequence of 512 bytes located at the first sector of a data storage device such as a hard disk. MBRs are usually placed on storage devices intended for use with IBM PC-compatible systems.

If the values are overwritten as "0" such as this figure below right, normal booting won't be performed.


                  [Normal MBR Sector]                                                   [Destroyed MBR Sector]
 

[Video for MBR destroying test on HDD]

This video is for the test on "sample.exe" for destroying HDD.

1. Upon infected, it will work in background task.
2. After about 2 minutes, MBR sector of HDD will be destroyed and Windows screen can be changed BSOD (Blue Screen of Death).
3. After BSOD, normal booting can be impossible.
4. Restoring HDD with damaged MBR may be difficult, however, reinstalling OS can use possible.

The main function of INCA Internet's "nProtect MBR Guard" is protecting from illegal tampering MBR sector of HDD and it adopted Command-Filter Driver technique to restrict "Overwrite" in that sector with fully understanding of API's in Windows.
These are minimum factors for securing integrity and protecting system. MBR sector must be protected for using computer safely.

"nProtect MBR Guard" will remain driver Layer and protect from all malicious commands. Unlike MBR, general disks such as (C:\, D:\) are mounted and can be protected with File System Filter modules.
That's the reason why "nProtect MBR Guard" adopted "Disk Filter" which is filtering Disk.sys Driver on MBR sector and understood Disk I/O flow.

3. How to use

You can download "nProtect MBR Guard" through following link.

- http://www.nprotect.com/
- http://avs.nprotect.net/FreeAV/NPMBRGuardSetup.exe



Right clicking tray icon will show following menu.

[MBR 보호][MBR Protection] is set by default and will protect from malicious access.
[자동시작][Auto Start] function is also set by default and will run on booting automatically.
When [MBR 보호][MBR Protection] is activated, our "nProtect MBR Guard" will protect all of attempts accessing MBR sector.

 [Video for MBR Guard's block test]

This video shows how "nProtect MBR Guard" can protect from accessing MBR sector.

1. Activates MBR Guard with selecting [MBR 보호][MBR Protection] on tray icon.

2. Runs same malicious file executed above video.

3. BSOD is supposed to be shown after 2 minutes, however, MBR Guard will protect from BSOD and create popup window for notice.