• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Symptoms of a MBR virus (Details inside) ?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms

View previous topic :: View next topic  
Author Message
lallous
Just Arrived
Just Arrived


Joined: 15 Nov 2004
Posts: 0


Offline

PostPosted: Wed Mar 17, 2010 8:19 pm    Post subject: Symptoms of a MBR virus (Details inside) ? Reply with quote

Hello everyone,

I've been fighting one of the toughest viruses for the past 2 days.
Here are a couple of notes so far:

I have Nod32 installed with the latest definition and Comodo firewall

1)When the system boots, Comodo's process is killed. Nod32 is kept alive and I am able to scan my system but nothing is detected.
2)Hijack this and malwarebytes automatically crash with no warning
3)Tasklist and taskkill command return an rpc error when I try to execute them.
4)I am sure the virus hit both the explorer and svchost files so I tried killing all processes including svchost. I ended up with like 7 processes running in the task manager. svchost processes automatically restart which I think is normal because it is a core process for windows.
5)I tried renaming the svchost file in system32 and it didn't appear again but still what I stated in steps 2 and 3 persisted.
6)I tried killing explorer.exe and still had the same result.
7)I am assuming this is a mbr virus. Can someone kindly recommend the best ways to fix such a problem. Should I run a repair on windows and rewrite a new mbr?

Edit: I forgot to mention that safe mode results in a BSOD and reboot.

Your help is more than appreciated.
Back to top
View user's profile Send private message Send e-mail MSN Messenger
lallous
Just Arrived
Just Arrived


Joined: 15 Nov 2004
Posts: 0


Offline

PostPosted: Thu Mar 18, 2010 10:25 pm    Post subject: Reply with quote

Finally managed to solve it.
I found a couple of tools on some forum. I can share if it is not considered as spam.
Back to top
View user's profile Send private message Send e-mail MSN Messenger
RoboGeek
SF Mod
SF Mod


Joined: 13 Jun 2003
Posts: 16777166
Location: LeRoy, IL

Offline

PostPosted: Thu Mar 18, 2010 11:42 pm    Post subject: Reply with quote

go ahead and share
Back to top
View user's profile Send private message Visit poster's website
krishriaz
Just Arrived
Just Arrived


Joined: 16 Aug 2010
Posts: 0


Offline

PostPosted: Fri Aug 20, 2010 7:29 am    Post subject: Reply with quote

Hey lallous, waiting for your reply and share with us how you managed MBR virus with different tools? Thanks in advance.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register