?
Solved

Removing olmasco.o trojan

Posted on 2011-09-22
6
Medium Priority
?
8,629 Views
Last Modified: 2013-11-22
On one of my customer's machine's ESET Smart Security Suite reported an in-memory infection of olmasco.o that it could not clean. I ran the ESET SysRescue disk, and it identified an infection in the boot sector of the drive, but could not clean it. I then booted UBCB4WIN and ran the MBRFix tool to write a new MBR. A re-scan with ESET SysRescue showed that the boot sector is no longer infected, and scans are coming up clean

Here's my question: am I "done" with this infection? Or is there more work to do?  If there is more work to be done, where do I go for assistance as this is the primary machine in a doctor's office and he can't be without it for days on end.

The system is Win XP Pro, ESET Smart Security Suite 5.0.93.0, Malwarebytes Pro 1.52

Mahalo for your assistance,

Harry Z.
0
Comment
Question by:harry_z
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Accepted Solution

by:
c_a_n_o_n earned 400 total points
ID: 36584886
It looks like you did everything you need to do to correct your situation and effeciently too.  

ESET - NOD32 -v.6540 (20110909) protects against Win32/Olmasco.O
http://go.eset.com/us/threat-center/threatsense-updates2/page/8

While Malwarebytes is a great product and always better to have two scanners than one, I don't see any reference to Olmasco.O.  

I would bet that Win32/Olmasco.O may be a unique name used by NOD32, other AVs may offer different names, hence the reason so little detail on this on any of the AV sites.
0
 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 100 total points
ID: 36585609
0
 

Author Comment

by:harry_z
ID: 36588778
Aloha c_a_n_o_n, thank you for your comments.

Aloha SSharma, why do you recommend running the TDSSKiller?  As I understand this type of malware (which admittedly is not overly well), once you replace the infected MBR, anything else left behind is "dead" (i.e. nothing points to it so it can't hurt you). Or am I mistaken?

Mahalo to both of you for your replies!

Harry Z.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 36588835
I was only recommending since some infections like rootkits are not easily detectable by most of the tools.TLD infection is one of them, which comes packed with other malwares and viruses.

Just to be on safer side. If you are not getting any kind of re-directs from browsers I think you are good to go. But it wouldn't hurt to run another scanner.
0
 

Expert Comment

by:Nginfo
ID: 37447331
Hi,

FixTDSS.exe worked for me!!

Thank you for your help

Sebastien C.
0
 

Expert Comment

by:karpaty-oak
ID: 37780655
Hi,

FixTDSS.exe did  not anything at  the my computer. Boot sector remained infected.
I  downloaded mbrfix fom http://www.sysint.no/, created NOD sysrescue CD, booted from CD, then used command mbrfix /drive 0 fixmbr. NOD sysrescue did not clean olmasco.o/X from boot sector 0 alone.

K.O.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question