Solved

Removing MBR Virus

Posted on 2010-09-18
12
5,817 Views
Last Modified: 2013-11-22
Windows XP Home SP3

Computer is not booting just blinks. I tested the drive passed. I plugged it in to scan externally with Eset v4. Finds a virus on the mbr. I however can not delete it. I read about fixmbr but I can't get into the recovery console. What can I do? Please help. Owner can not reinstall, he can not lose his apps.

Here is the info from Eset: MBR sector of the 4. physical disk - Win32/Olmarik.ADA trojan - action selection postponed until scan completion
0
Comment
Question by:DotFoil
  • 4
  • 2
  • 2
  • +3
12 Comments
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33709503
pull the drive and fix it from another machine, do a backup while it's hooked up.
0
 
LVL 6

Expert Comment

by:dreamcomputer2000
ID: 33709525
Have you tried booting to an XP disk to access recovery console? Or is your issue the administrator password?
0
 

Author Comment

by:DotFoil
ID: 33709585
Harel66:I plugged it in to scan externally with Eset v4.

dreamcomputer2000: I read that the fixmbr only deletes certain blocks and this would not fix it
0
 
LVL 6

Expert Comment

by:dreamcomputer2000
ID: 33709614
You could try the Avira Boot Sector Repair tool. It runs in DOS, need to download and burn a CD then boot to it.
  http://www.free-av.com/en/products/9/avira_boot_sector_repair_tool.html
0
 
LVL 22

Accepted Solution

by:
optoma earned 500 total points
ID: 33709765
Do a backup first.
Then boot to xp cd and enter recovery console to run Fixmbr.

Since its not booting at the moment, it may never boot again unless formatted
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33709870
Backup, then delete the virus from mgr
Than boot to xp cd go to the repair recovery console and do fixmbr as others suggested. Main thing is get a backup
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 91

Expert Comment

by:nobus
ID: 33710478
0
 
LVL 3

Expert Comment

by:Johndo58
ID: 33711942
Hi odd this I have just removed this from my own laptop which I use to repair customers PCs, it was a real pig to get rid of but I managed to do it thus.

Win32/Olmarik is a trojan virus which downloads and installs malware or spyware onto compromised PCs. Usually, the virus displays fake advertisements and security alerts that advertise a rogue anti-spyware application called AntivirusPro 2009.

However, in some cases, AntivirusPro 2009 can be downloaded and installed without users consent. Rogue programs then can cause even more damage to the system.  

Please follow the removal instructions below to detect and remove Win32/Olmarik.

1/ Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro2009

2/ Unregister DLLs:
UACsnbfuyfvmevqlyg.dll UACdfqsytqwwyfllri.dll

3/ Delete files:
AntivirusPro2009.lnk Uninstall.lnk Uninstall.exe

4/ Delete directories:
%Programs%\AntivirusPro2009
%ProgramFiles%\AntivirusPro2009

Or run Malware Bytes this usually sorts it out, do not forget to update the definitions before you run it though.  I then ran through the registry to remove any remnants.

0
 

Author Comment

by:DotFoil
ID: 33718225
Computer does not boot so I can not do registry edits

Avira did not find anything, so that bootdisc did not work.

I can not run Recovery Console since XP is not found when I boot the XP Home Disc
0
 
LVL 3

Expert Comment

by:Johndo58
ID: 33720076
I reckon HDD in another PC, back up user data and blat
0
 

Author Comment

by:DotFoil
ID: 33720263
asked a tech in the shop: he told me to use a vista disc, cmd, bootreq /fixmbr


GENIUS IT WORKED
0
 

Author Closing Comment

by:DotFoil
ID: 33721513
Closest to answer
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now