Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Master Boot Record Infected with Malicious Virus - Windows XP Home Edition


  • Please log in to reply
4 replies to this topic

#1 YanAndrew

YanAndrew

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kuala Lumpur, Malaysia
  • Local time:01:33 AM

Posted 27 March 2016 - 08:32 PM

Morning Guys,

 

I have an old fully functioning notebook which is currently running the Windows XP Home Edition (2002). The notebook is still in working condition and I've recently decided to upgrade its RAM and OS.

However, a few days ago it was infected with a malicious virus which I'm certain is NOT in the OS but in the Master Boot Record. Reasons for deciding so include:

 

1. I've ran everything under the sun and there's no detection;

2. Internet connection is on in the system tray, but I'm barred from accessing any sites regardless of which browser I use (only page it allows is the microsoft page - the start up page on IE8);

3. I've uninstall some programmes (Firefox and Avast), but they are still present in the laptop;

4. My address bar in windows explorer is hidden even after I've put a tick to show it;

5. Every time immediately after I clicked on Shut down, my USB antivirus Real Time Protection notification bubble appears.

 

I am no expert when it comes to removing viruses, but I've been online searching for possible ways to remove this horror as I would like to upgrade my laptop to a newer OS. Even my USB is infected - the virus completely wiped out its content and planted itself in an invisible System Volume Information folder, which also denies access to anyone or anything that tries to remove it.

 

I really need some advice / help on getting rid of this. Obviously, I cannot download any software or use the USB ports. The only alternative is the CD-ROM, which I hope is a safe avenue and I've been using it to load all the malware antivirus and rootkit destroyers (from another computer) that I can find online to CDs. I've also ran a couple of rescue cd / discs, but they did not detect anything (which leads me to arrive at the infection is in the MBR).

 

Any guidance / advice would be greatly appreciated.

 

Thank you,
YanAndrew


Edited by Orange Blossom, 27 March 2016 - 10:03 PM.
Moved from XP to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:33 PM

Posted 28 March 2016 - 05:53 AM

Since you are planning to upgrade to Windows 7......that would eliminate any malware on the hdd during formatting and installing 7.

If you suspect flash drives or other external drives are infected, be sure none are connected to the computer.

 

Another choice is using a Linux distro such as Ubuntu which is free.

If you want to explore using a Linux distro.....view topics in BC's Linux Forum or start your own there.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 YanAndrew

YanAndrew
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kuala Lumpur, Malaysia
  • Local time:01:33 AM

Posted 02 April 2016 - 08:29 AM

Hello Buddy215,

 

Thanks for the tip.

 

However, is it not true that a clean installation will not remove what's stored in the MBR, only the partition that the OS is installed to?

 

The thing is I believe the rootkit is in the MBR.

 

What about this function known as "fixmbr"? Will it remove the rootkit?



#4 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:33 PM

Posted 02 April 2016 - 08:43 AM

Windows will overwrite the boot sector whenever you install it, upgrade it to a new version. Same goes for Linux distros.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 YanAndrew

YanAndrew
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kuala Lumpur, Malaysia
  • Local time:01:33 AM

Posted 02 April 2016 - 09:00 AM

Thank you Buddy215.

 

I'll do the clean installation right away.

 

 

Regards,
Andrew






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users