Per Microsoft Protection Center's report, a variant of Backdoor.Phanta (a.k.a Trojan:Win32/Popureb.E(MS), Backdoor.Win32.Phanta.ar (Kaspersky), Suspicious.Emit (Symantec)) will inject some malicious codes to MBR(Master Boot Record) and protect it from being modified. At worst case, you must recover Windows to last clean state, or even have to format hard disk.

    This virus may perform a number of actions on a victim computer, such as:

  • contact remote host and report status to the author
  • report stolen data from victim machine to the attacker
  • receive configuration/data from the attacker
  • download/execute new version or additional malicious files.
  • do some action commands received from the attacker
    AegisLab has released several Phanta virus signatures to protect our customers from being infected. Moreover, please avoid downloading and opening files from untrusted sources like FTP and web sites,even social network sites.
 
By AegisLab