Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Removing MBR Virus

Posted on 2010-09-18
12
Medium Priority
?
5,895 Views
Last Modified: 2013-11-22
Windows XP Home SP3

Computer is not booting just blinks. I tested the drive passed. I plugged it in to scan externally with Eset v4. Finds a virus on the mbr. I however can not delete it. I read about fixmbr but I can't get into the recovery console. What can I do? Please help. Owner can not reinstall, he can not lose his apps.

Here is the info from Eset: MBR sector of the 4. physical disk - Win32/Olmarik.ADA trojan - action selection postponed until scan completion
0
Comment
Question by:DotFoil
  • 4
  • 2
  • 2
  • +3
12 Comments
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33709503
pull the drive and fix it from another machine, do a backup while it's hooked up.
0
 
LVL 6

Expert Comment

by:dreamcomputer2000
ID: 33709525
Have you tried booting to an XP disk to access recovery console? Or is your issue the administrator password?
0
 

Author Comment

by:DotFoil
ID: 33709585
Harel66:I plugged it in to scan externally with Eset v4.

dreamcomputer2000: I read that the fixmbr only deletes certain blocks and this would not fix it
0
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

 
LVL 6

Expert Comment

by:dreamcomputer2000
ID: 33709614
You could try the Avira Boot Sector Repair tool. It runs in DOS, need to download and burn a CD then boot to it.
  http://www.free-av.com/en/products/9/avira_boot_sector_repair_tool.html
0
 
LVL 22

Accepted Solution

by:
optoma earned 1000 total points
ID: 33709765
Do a backup first.
Then boot to xp cd and enter recovery console to run Fixmbr.

Since its not booting at the moment, it may never boot again unless formatted
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33709870
Backup, then delete the virus from mgr
Than boot to xp cd go to the repair recovery console and do fixmbr as others suggested. Main thing is get a backup
0
 
LVL 93

Expert Comment

by:nobus
ID: 33710478
0
 
LVL 3

Expert Comment

by:Johndo58
ID: 33711942
Hi odd this I have just removed this from my own laptop which I use to repair customers PCs, it was a real pig to get rid of but I managed to do it thus.

Win32/Olmarik is a trojan virus which downloads and installs malware or spyware onto compromised PCs. Usually, the virus displays fake advertisements and security alerts that advertise a rogue anti-spyware application called AntivirusPro 2009.

However, in some cases, AntivirusPro 2009 can be downloaded and installed without users consent. Rogue programs then can cause even more damage to the system.  

Please follow the removal instructions below to detect and remove Win32/Olmarik.

1/ Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro2009

2/ Unregister DLLs:
UACsnbfuyfvmevqlyg.dll UACdfqsytqwwyfllri.dll

3/ Delete files:
AntivirusPro2009.lnk Uninstall.lnk Uninstall.exe

4/ Delete directories:
%Programs%\AntivirusPro2009
%ProgramFiles%\AntivirusPro2009

Or run Malware Bytes this usually sorts it out, do not forget to update the definitions before you run it though.  I then ran through the registry to remove any remnants.

0
 

Author Comment

by:DotFoil
ID: 33718225
Computer does not boot so I can not do registry edits

Avira did not find anything, so that bootdisc did not work.

I can not run Recovery Console since XP is not found when I boot the XP Home Disc
0
 
LVL 3

Expert Comment

by:Johndo58
ID: 33720076
I reckon HDD in another PC, back up user data and blat
0
 

Author Comment

by:DotFoil
ID: 33720263
asked a tech in the shop: he told me to use a vista disc, cmd, bootreq /fixmbr


GENIUS IT WORKED
0
 

Author Closing Comment

by:DotFoil
ID: 33721513
Closest to answer
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question