Removing MBR Virus

Windows XP Home SP3

Computer is not booting just blinks. I tested the drive passed. I plugged it in to scan externally with Eset v4. Finds a virus on the mbr. I however can not delete it. I read about fixmbr but I can't get into the recovery console. What can I do? Please help. Owner can not reinstall, he can not lose his apps.

Here is the info from Eset: MBR sector of the 4. physical disk - Win32/Olmarik.ADA trojan - action selection postponed until scan completion
DotFoilAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
optomaConnect With a Mentor Commented:
Do a backup first.
Then boot to xp cd and enter recovery console to run Fixmbr.

Since its not booting at the moment, it may never boot again unless formatted
0
 
R. Andrew KoffronCommented:
pull the drive and fix it from another machine, do a backup while it's hooked up.
0
 
dreamcomputer2000Commented:
Have you tried booting to an XP disk to access recovery console? Or is your issue the administrator password?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
DotFoilAuthor Commented:
Harel66:I plugged it in to scan externally with Eset v4.

dreamcomputer2000: I read that the fixmbr only deletes certain blocks and this would not fix it
0
 
dreamcomputer2000Commented:
You could try the Avira Boot Sector Repair tool. It runs in DOS, need to download and burn a CD then boot to it.
  http://www.free-av.com/en/products/9/avira_boot_sector_repair_tool.html
0
 
R. Andrew KoffronCommented:
Backup, then delete the virus from mgr
Than boot to xp cd go to the repair recovery console and do fixmbr as others suggested. Main thing is get a backup
0
 
Johndo58Commented:
Hi odd this I have just removed this from my own laptop which I use to repair customers PCs, it was a real pig to get rid of but I managed to do it thus.

Win32/Olmarik is a trojan virus which downloads and installs malware or spyware onto compromised PCs. Usually, the virus displays fake advertisements and security alerts that advertise a rogue anti-spyware application called AntivirusPro 2009.

However, in some cases, AntivirusPro 2009 can be downloaded and installed without users consent. Rogue programs then can cause even more damage to the system.  

Please follow the removal instructions below to detect and remove Win32/Olmarik.

1/ Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro2009

2/ Unregister DLLs:
UACsnbfuyfvmevqlyg.dll UACdfqsytqwwyfllri.dll

3/ Delete files:
AntivirusPro2009.lnk Uninstall.lnk Uninstall.exe

4/ Delete directories:
%Programs%\AntivirusPro2009
%ProgramFiles%\AntivirusPro2009

Or run Malware Bytes this usually sorts it out, do not forget to update the definitions before you run it though.  I then ran through the registry to remove any remnants.

0
 
DotFoilAuthor Commented:
Computer does not boot so I can not do registry edits

Avira did not find anything, so that bootdisc did not work.

I can not run Recovery Console since XP is not found when I boot the XP Home Disc
0
 
Johndo58Commented:
I reckon HDD in another PC, back up user data and blat
0
 
DotFoilAuthor Commented:
asked a tech in the shop: he told me to use a vista disc, cmd, bootreq /fixmbr


GENIUS IT WORKED
0
 
DotFoilAuthor Commented:
Closest to answer
0
All Courses

From novice to tech pro — start learning today.