Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Unable to remove Mebroot.BZ trojan

  • Please log in to reply
1 reply to this topic

#1 dmr316


  • Members
  • 1 posts
  • Local time:07:30 PM

Posted 31 October 2009 - 07:57 AM


I'm hoping someone will be able to help me with removing this nasty piece of malware that could be the cause of my PC randomly giving me blue screen of death messages which say "bad_pool_caller".

My NOD32 v4 just gave me a warning saying that a threat was found in the object "MBR sector of the 1. physical disk" which was "Win32/Mebroot.BZ" trojan. Unfortunately it wasn't able to remove the infection.

I've already got Malwarebytes Anti-Malware installed, so I updated it and ran a full scan. It couldn't detect any malicious items to remove.

I then googled "how to repair" the MBR, so I used the recovery console to fix the mbr and although Windows said it was successful, when I checked it with gmer's MBR rootkit detector, it said there was still "malicious code" in one sector and a "PE file" found in another sector.

I leave my poorly PC in this forum's capable hands. Thanks in advance for any help.

Edit - I'm running Windows XP SP3.

Edited by dmr316, 31 October 2009 - 07:58 AM.

BC AdBot (Login to Remove)


#2 Budapest


    Bleepin' Cynic

  • Moderator
  • 23,579 posts
  • Gender:Male
  • Local time:05:30 AM

Posted 04 November 2009 - 07:00 PM

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users