Symptoms of a MBR virus (Details inside) ?

Networking/Security Forums -> Viruses // Worms

Author: lallous PostPosted: Wed Mar 17, 2010 8:19 pm    Post subject: Symptoms of a MBR virus (Details inside) ?
Hello everyone,

I've been fighting one of the toughest viruses for the past 2 days.
Here are a couple of notes so far:

I have Nod32 installed with the latest definition and Comodo firewall

1)When the system boots, Comodo's process is killed. Nod32 is kept alive and I am able to scan my system but nothing is detected.
2)Hijack this and malwarebytes automatically crash with no warning
3)Tasklist and taskkill command return an rpc error when I try to execute them.
4)I am sure the virus hit both the explorer and svchost files so I tried killing all processes including svchost. I ended up with like 7 processes running in the task manager. svchost processes automatically restart which I think is normal because it is a core process for windows.
5)I tried renaming the svchost file in system32 and it didn't appear again but still what I stated in steps 2 and 3 persisted.
6)I tried killing explorer.exe and still had the same result.
7)I am assuming this is a mbr virus. Can someone kindly recommend the best ways to fix such a problem. Should I run a repair on windows and rewrite a new mbr?

Edit: I forgot to mention that safe mode results in a BSOD and reboot.

Your help is more than appreciated.

Author: lallous PostPosted: Thu Mar 18, 2010 10:25 pm    Post subject:
Finally managed to solve it.
I found a couple of tools on some forum. I can share if it is not considered as spam.

Author: RoboGeekLocation: LeRoy, IL PostPosted: Thu Mar 18, 2010 11:42 pm    Post subject:
go ahead and share

Author: krishriaz PostPosted: Fri Aug 20, 2010 7:29 am    Post subject:
Hey lallous, waiting for your reply and share with us how you managed MBR virus with different tools? Thanks in advance.

Networking/Security Forums -> Viruses // Worms

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group