Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 8711
  • Last Modified:

Removing olmasco.o trojan

On one of my customer's machine's ESET Smart Security Suite reported an in-memory infection of olmasco.o that it could not clean. I ran the ESET SysRescue disk, and it identified an infection in the boot sector of the drive, but could not clean it. I then booted UBCB4WIN and ran the MBRFix tool to write a new MBR. A re-scan with ESET SysRescue showed that the boot sector is no longer infected, and scans are coming up clean

Here's my question: am I "done" with this infection? Or is there more work to do?  If there is more work to be done, where do I go for assistance as this is the primary machine in a doctor's office and he can't be without it for days on end.

The system is Win XP Pro, ESET Smart Security Suite 5.0.93.0, Malwarebytes Pro 1.52

Mahalo for your assistance,

Harry Z.
0
harry_z
Asked:
harry_z
2 Solutions
 
c_a_n_o_nCommented:
It looks like you did everything you need to do to correct your situation and effeciently too.  

ESET - NOD32 -v.6540 (20110909) protects against Win32/Olmasco.O
http://go.eset.com/us/threat-center/threatsense-updates2/page/8

While Malwarebytes is a great product and always better to have two scanners than one, I don't see any reference to Olmasco.O.  

I would bet that Win32/Olmasco.O may be a unique name used by NOD32, other AVs may offer different names, hence the reason so little detail on this on any of the AV sites.
0
 
Sudeep SharmaTechnical DesignerCommented:
0
 
harry_zAuthor Commented:
Aloha c_a_n_o_n, thank you for your comments.

Aloha SSharma, why do you recommend running the TDSSKiller?  As I understand this type of malware (which admittedly is not overly well), once you replace the infected MBR, anything else left behind is "dead" (i.e. nothing points to it so it can't hurt you). Or am I mistaken?

Mahalo to both of you for your replies!

Harry Z.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Sudeep SharmaTechnical DesignerCommented:
I was only recommending since some infections like rootkits are not easily detectable by most of the tools.TLD infection is one of them, which comes packed with other malwares and viruses.

Just to be on safer side. If you are not getting any kind of re-directs from browsers I think you are good to go. But it wouldn't hurt to run another scanner.
0
 
NginfoCommented:
Hi,

FixTDSS.exe worked for me!!

Thank you for your help

Sebastien C.
0
 
karpaty-oakCommented:
Hi,

FixTDSS.exe did  not anything at  the my computer. Boot sector remained infected.
I  downloaded mbrfix fom http://www.sysint.no/, created NOD sysrescue CD, booted from CD, then used command mbrfix /drive 0 fixmbr. NOD sysrescue did not clean olmasco.o/X from boot sector 0 alone.

K.O.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now