Author: lallous, Posted: Wed Mar 17, 2010 8:19 pm Post subject: Symptoms of a MBR virus (Details inside) ? ---- Hello everyone,
I've been fighting one of the toughest viruses for the past 2 days.
Here are a couple of notes so far:
I have Nod32 installed with the latest definition and Comodo firewall
1)When the system boots, Comodo's process is killed. Nod32 is kept alive and I am able to scan my system but nothing is detected.
2)Hijack this and malwarebytes automatically crash with no warning
3)Tasklist and taskkill command return an rpc error when I try to execute them.
4)I am sure the virus hit both the explorer and svchost files so I tried killing all processes including svchost. I ended up with like 7 processes running in the task manager. svchost processes automatically restart which I think is normal because it is a core process for windows.
5)I tried renaming the svchost file in system32 and it didn't appear again but still what I stated in steps 2 and 3 persisted.
6)I tried killing explorer.exe and still had the same result.
7)I am assuming this is a mbr virus. Can someone kindly recommend the best ways to fix such a problem. Should I run a repair on windows and rewrite a new mbr?
Edit: I forgot to mention that safe mode results in a BSOD and reboot.
Your help is more than appreciated.
Author: lallous, Posted: Thu Mar 18, 2010 10:25 pm Post subject: ---- Finally managed to solve it.
I found a couple of tools on some forum. I can share if it is not considered as spam.
Author: RoboGeek, Location: LeRoy, ILPosted: Thu Mar 18, 2010 11:42 pm Post subject: ---- go ahead and share
Author: krishriaz, Posted: Fri Aug 20, 2010 7:29 am Post subject: ---- Hey lallous, waiting for your reply and share with us how you managed MBR virus with different tools? Thanks in advance.