Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot.Mebroot


  • Please log in to reply
8 replies to this topic

#1 about_to_kill_my_pc

about_to_kill_my_pc

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 12 July 2009 - 01:41 PM

It seems like every time I download MSN Messenger, I get a virus. :thumbsup:

So, I ran Norton this morning and come to find out I have the Boot.Mebroot virus. I've read that it embeds deep down into your computer and records everything, then sends it to god knows where. I'm stupid when it comes to these kind of things with computers so I would really appreciate the help. I'm uninstalling MSN Messenger but I don't think that will help anything. =/

Please help and thanks if you do!

I am using windows XP. I also ran a scan just recently on my separate E: drive and turns out it's embedded in their too. :flowers: Norton found the file while searching through the E:\177938f9f0c70e536d113e65ef8e9c93\packages\muauth.cab section of the drive. I hope that helps... :trumpet:

Edited by about_to_kill_my_pc, 12 July 2009 - 02:47 PM.

Posted Image
as usual, i'm about to kill my pc...

BC AdBot (Login to Remove)

 


#2 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 12 July 2009 - 03:45 PM

On your HJT log thread Here you were given the instructionf for running the Malwarebytes program? Could you pleass FULLY UPDATE that program , then reboot the computer and run a scan in Normal mode , then post its report for checking :thumbsup:

#3 about_to_kill_my_pc

about_to_kill_my_pc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 12 July 2009 - 03:47 PM

Hello,

That was for an older problem but yes, I will do that.

If it's alright, I'll do a scan for both the C: drive and my separate E: drive as both are infected with the same virus.

Edited by about_to_kill_my_pc, 12 July 2009 - 04:00 PM.

Posted Image
as usual, i'm about to kill my pc...

#4 about_to_kill_my_pc

about_to_kill_my_pc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 12 July 2009 - 04:10 PM

This is the result for the C: Drive

Malwarebytes' Anti-Malware 1.38
Database version: 2413
Windows 5.1.2600 Service Pack 2

7/12/2009 5:09:34 PM
mbam-log-2009-07-12 (17-09-34).txt

Scan type: Quick Scan
Objects scanned: 93463
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I'm running one for the E: drive now
Posted Image
as usual, i'm about to kill my pc...

#5 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 12 July 2009 - 04:17 PM

ppsstt>>> you ought really to be running these scans OFF line (if you are running them while ON -line the computer cannot really concentrate on the scan itself ;plus of course the Malwarebytes program will need to do its reboot of the computer and run again if it finds any infectious objects) >>>> :thumbsup:

#6 about_to_kill_my_pc

about_to_kill_my_pc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 12 July 2009 - 04:31 PM

Okay, so should I re-run the scan then?
Posted Image
as usual, i'm about to kill my pc...

#7 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 12 July 2009 - 04:40 PM

My view is that, to get an accurate scan it is best to run the scans OFF line so the comp can do what it needs to do :flowers: ....


suggest rerun OFF-line but reamin in Normal Mode; :thumbsup:

#8 about_to_kill_my_pc

about_to_kill_my_pc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 12 July 2009 - 05:16 PM

Malwarebytes' Anti-Malware 1.38
Database version: 2413
Windows 5.1.2600 Service Pack 2

7/12/2009 6:12:55 PM
mbam-log-2009-07-12 (18-12-55).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 157665
Time elapsed: 35 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


This is log that I scanned for the C:, D:, and E: drive. Everything seems to be deleted now but how do I know if Boot.Mebroot is gone?
I ran Norton and it's still there.

Edited by about_to_kill_my_pc, 12 July 2009 - 05:23 PM.

Posted Image
as usual, i'm about to kill my pc...

#9 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 13 July 2009 - 01:18 PM

Would you please try an on line scan from Trend Trend on-line scan

When you run it for the first time it can take a wee while to load the definitions; DO follow the on-line prompts and, to hopefully state the obvious , run the scan while ON line but do NOT get the comp to do anything else while the scan is running

it CAN take awhile for the scan to run so let it....... :thumbsup:

lets see what IT says :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users