How to Remove The MEMZ Trojan

Introduction

Did your PC get infected by the MEMZ Trojan and now you're stuck with an overwritten MBR, a broken bootloader, or a system that refuses to start? This guide will show you how to repair the MBR and remove MEMZ without antivirus tools or external help.

If you prefer watching instead of reading, here's the full video guide: Watch the video on YouTube

Step 1 - Prepare for the flash drive

To fix MEMZ's MBR destruction, you must boot into a safe offline environment, since the trojan overwrites the MBR during its final payload.

What You Need

• A clean computer
• A USB flash drive
• A Windows ISO (from trusted sources)
• Rufus, Ventoy, or any bootable USB creator

Steps

1. Create a Windows installation USB (see the Bootable USB blog post for help).
2. Insert the USB into the infected computer.
3. Enter the Boot Menu (F2, F8, F11, F12, Esc depending on brand).
4. Boot from the USB.
5. Click Next, then Repair your computer.

Step 2 - Run Startup Repair

Inside the Windows Recovery Environment:

Troubleshoot → Advanced Options → Startup Repair

If Startup Repair works, Windows may boot normally afterward. If not, continue to Step 3.

Step 3 - Fix the MBR and Boot Sector

If Startup Repair didn't fix the bootloader:

1. Boot from the USB again
2. Click Next → Repair your computer
3. Open Troubleshoot → Advanced Options → Command Prompt

Run these commands:

bootrec /fixmbr
bootrec /fixboot
bootrec /rebuildbcd

If all three succeed, restart your PC. If you see Access Denied, continue to Step 4.

Step 4 - If the MBR fix failed

This section handles the “hard cases” where MEMZ caused deeper damage.

1 — Check that Partitions Still Exist

diskpart
list vol

Check if:

1. Your Windows partition is still NTFS
2. Its size matches your real drive

If partitions are intact → proceed. If they look wrong, missing, or RAW, skip to Step 4.4.

2 — Try Rebuilding BCD Without bootrec

bcdboot C:\Windows /f ALL

If this boots Windows → fixed! Otherwise, continue.

3 — Recreate the MBR Manually (Legacy BIOS Only)

diskpart
list disk
select disk 0
list partition
select partition X   :: your system reserved partition (100 500 MB)
active
exit

Then:

bootsect /nt60 sys /mbr

Reboot. If Windows boots → fixed. If not, proceed.

4 — Use TestDisk to Recover the Partition Table

Download TestDisk on a clean PC: https://www.cgsecurity.org/Download_and_donate.php/testdisk-7.2-WIP.win.zip

Place TestDisk on a separate USB and run it from Windows Recovery.

Navigation path:

TestDisk → No Log → Select Disk → EFI GPT → Analyze → Quick Search → Write

• Select the partition containing your Windows files
• Choose Write to restore the correct table
• Press Y to confirm

If this restores the table, reboot. Otherwise go to Final Stage.

Final Stage — When Nothing Works

MEMZ may completely destroy your bootloader beyond repair.

You must reinstall Windows if:

• Partitions are missing
• Disk shows as RAW
• BCD cannot be rebuilt
• MBR and EFI both fail
• TestDisk cannot rebuild the boot sector

What to do:

• Recover your files (TestDisk, Linux Live USB, Windows PE)
• Back up everything
• Reinstall Windows

Conclusion

And that's it! You have fully removed the MEMZ Trojan and restored the MBR. Since MEMZ specifically corrupts the Master Boot Record, repairing the bootloader is essential to fully recover the computer.

To prevent future infections:

• Delete suspicious .exe files immediately
• Never run unknown programs
• Use a stronger antivirus
• Keep real-time protection enabled
• Always use a virtual machine for malware testing
• Follow safe browsing habits & avoid unknown downloads

Thanks for reading! If you want more malware removal guides and educational malware tests, check out my YouTube channel!

GitHub @ArsenTech  ·  YouTube @ArsenTech  ·  Patreon ArsenTech  ·  ArsenTech's Website