2

After cleaning up the majority of my malware infestation with Process Explorer and Autoruns I am relying on Avast antivirus to clean up the rest. It continues to find a rootkit described as follows:

File Name: MBR:\.\PHYSICALDRIVE0

Severity: High

Status: Threat: Rootkit: hidden boot-sector

I select delete, let it run its boot-time scan, deleting everything found there, but the same rootkit is still found upon starting windows and scanning again. Is there some magic bullet that I am missing?

UPDATE:

I have successfully removed the rootkit residing in the master boot record. It was actually as easy as booting with the Win XP CD, selecting "Repair" a windows installation, and running fixmbr.

Scans with a few antispyware suites, and a complete scan with Microsoft Security Essentials shows a clean system.

Thanks for all of your suggestions. The answer goes to xciter as I didn't realize that repairing the MBR had to be done with the Win XP cd.

For further discussion: Am I right in thinking that most (if not all) Anti-Viruses won't be able to repair a MBR? Microsoft Security Essentials detected the same rootkit that Avast did, but also could not remove it.

jlnorsworthy
  • 135

3 Answers3

2

I suggest restarting into safe mode and removing it from there. If that does not work connect the HDD to another computer. If it breaks the MBR, repair with windows cd.

xciter
  • 524
  • 2
  • 7
2

Either reinstall Windows or get another anti-virus. I would reinstall for maximum security.

Peltier
  • 6,504
1

Download and run Microsoft Security Essentials. I find this much better than Avast. It is free. Another free app I use is Malwarebytes. Good luck.

Xavierjazz
  • 8,218