Jump to content
Posted 24 February 2010 - 01:03 PM
Posted 24 February 2010 - 01:38 PM
I just spent 10 hours cleaning a system of Mebroot. The fix was actually not that bad in retrospect.
Use MBR.EXE from gmer.net to monitor your infection and cleaning. It is the only tool that can detect the infection plus the location of the actual virus executable code on the end of your hard disk sectors. The main goal is to eliminate it from your MBR.
I had to do a fresh boot (from power off) into a Windows XP CD for Recovery Console and then issue FIXMBR. The trick is to issue MAP to learn the name of your HD and then issue “FIXMBR \Device0\Harddisk0\” or whatever is appropriate. It should ask you Y/N to replace the MBR.
Then issue FIXBOOT.
I had a scare where it said Invalid Partition Table and would not boot like I lost my C drive. I knew the data was still there so I remained calm and did a FIXBOOT in Recovery Console and that fixed things.
Now the system seems OK where before it was thrashing the disk and copying furiously into HelpAssist profile.
Hope this helps someone.
0 members, 0 guests, 0 anonymous users