DotFoil
asked on
Removing MBR Virus
Windows XP Home SP3
Computer is not booting just blinks. I tested the drive passed. I plugged it in to scan externally with Eset v4. Finds a virus on the mbr. I however can not delete it. I read about fixmbr but I can't get into the recovery console. What can I do? Please help. Owner can not reinstall, he can not lose his apps.
Here is the info from Eset: MBR sector of the 4. physical disk - Win32/Olmarik.ADA trojan - action selection postponed until scan completion
Computer is not booting just blinks. I tested the drive passed. I plugged it in to scan externally with Eset v4. Finds a virus on the mbr. I however can not delete it. I read about fixmbr but I can't get into the recovery console. What can I do? Please help. Owner can not reinstall, he can not lose his apps.
Here is the info from Eset: MBR sector of the 4. physical disk - Win32/Olmarik.ADA trojan - action selection postponed until scan completion
R. Andrew Koffron
pull the drive and fix it from another machine, do a backup while it's hooked up.
Have you tried booting to an XP disk to access recovery console? Or is your issue the administrator password?
ASKER
Harel66:I plugged it in to scan externally with Eset v4.
dreamcomputer2000: I read that the fixmbr only deletes certain blocks and this would not fix it
dreamcomputer2000: I read that the fixmbr only deletes certain blocks and this would not fix it
You could try the Avira Boot Sector Repair tool. It runs in DOS, need to download and burn a CD then boot to it.
http://www.free-av.com/en/products/9/avira_boot_sector_repair_tool.html
http://www.free-av.com/en/products/9/avira_boot_sector_repair_tool.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Backup, then delete the virus from mgr
Than boot to xp cd go to the repair recovery console and do fixmbr as others suggested. Main thing is get a backup
Than boot to xp cd go to the repair recovery console and do fixmbr as others suggested. Main thing is get a backup
Hi odd this I have just removed this from my own laptop which I use to repair customers PCs, it was a real pig to get rid of but I managed to do it thus.
Win32/Olmarik is a trojan virus which downloads and installs malware or spyware onto compromised PCs. Usually, the virus displays fake advertisements and security alerts that advertise a rogue anti-spyware application called AntivirusPro 2009.
However, in some cases, AntivirusPro 2009 can be downloaded and installed without users consent. Rogue programs then can cause even more damage to the system.
Please follow the removal instructions below to detect and remove Win32/Olmarik.
1/ Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWAR
2/ Unregister DLLs:
UACsnbfuyfvmevqlyg.dll UACdfqsytqwwyfllri.dll
3/ Delete files:
AntivirusPro2009.lnk Uninstall.lnk Uninstall.exe
4/ Delete directories:
%Programs%\AntivirusPro200
%ProgramFiles%\AntivirusPr
Or run Malware Bytes this usually sorts it out, do not forget to update the definitions before you run it though. I then ran through the registry to remove any remnants.
Win32/Olmarik is a trojan virus which downloads and installs malware or spyware onto compromised PCs. Usually, the virus displays fake advertisements and security alerts that advertise a rogue anti-spyware application called AntivirusPro 2009.
However, in some cases, AntivirusPro 2009 can be downloaded and installed without users consent. Rogue programs then can cause even more damage to the system.
Please follow the removal instructions below to detect and remove Win32/Olmarik.
1/ Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWAR
2/ Unregister DLLs:
UACsnbfuyfvmevqlyg.dll UACdfqsytqwwyfllri.dll
3/ Delete files:
AntivirusPro2009.lnk Uninstall.lnk Uninstall.exe
4/ Delete directories:
%Programs%\AntivirusPro200
%ProgramFiles%\AntivirusPr
Or run Malware Bytes this usually sorts it out, do not forget to update the definitions before you run it though. I then ran through the registry to remove any remnants.
ASKER
Computer does not boot so I can not do registry edits
Avira did not find anything, so that bootdisc did not work.
I can not run Recovery Console since XP is not found when I boot the XP Home Disc
Avira did not find anything, so that bootdisc did not work.
I can not run Recovery Console since XP is not found when I boot the XP Home Disc
I reckon HDD in another PC, back up user data and blat
ASKER
asked a tech in the shop: he told me to use a vista disc, cmd, bootreq /fixmbr
GENIUS IT WORKED
GENIUS IT WORKED
ASKER
Closest to answer