Solved

Removing olmasco.o trojan

Posted on 2011-09-22
6
8,564 Views
Last Modified: 2013-11-22
On one of my customer's machine's ESET Smart Security Suite reported an in-memory infection of olmasco.o that it could not clean. I ran the ESET SysRescue disk, and it identified an infection in the boot sector of the drive, but could not clean it. I then booted UBCB4WIN and ran the MBRFix tool to write a new MBR. A re-scan with ESET SysRescue showed that the boot sector is no longer infected, and scans are coming up clean

Here's my question: am I "done" with this infection? Or is there more work to do?  If there is more work to be done, where do I go for assistance as this is the primary machine in a doctor's office and he can't be without it for days on end.

The system is Win XP Pro, ESET Smart Security Suite 5.0.93.0, Malwarebytes Pro 1.52

Mahalo for your assistance,

Harry Z.
0
Comment
Question by:harry_z
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Accepted Solution

by:
c_a_n_o_n earned 100 total points
ID: 36584886
It looks like you did everything you need to do to correct your situation and effeciently too.  

ESET - NOD32 -v.6540 (20110909) protects against Win32/Olmasco.O
http://go.eset.com/us/threat-center/threatsense-updates2/page/8

While Malwarebytes is a great product and always better to have two scanners than one, I don't see any reference to Olmasco.O.  

I would bet that Win32/Olmasco.O may be a unique name used by NOD32, other AVs may offer different names, hence the reason so little detail on this on any of the AV sites.
0
 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 25 total points
ID: 36585609
0
 

Author Comment

by:harry_z
ID: 36588778
Aloha c_a_n_o_n, thank you for your comments.

Aloha SSharma, why do you recommend running the TDSSKiller?  As I understand this type of malware (which admittedly is not overly well), once you replace the infected MBR, anything else left behind is "dead" (i.e. nothing points to it so it can't hurt you). Or am I mistaken?

Mahalo to both of you for your replies!

Harry Z.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 36588835
I was only recommending since some infections like rootkits are not easily detectable by most of the tools.TLD infection is one of them, which comes packed with other malwares and viruses.

Just to be on safer side. If you are not getting any kind of re-directs from browsers I think you are good to go. But it wouldn't hurt to run another scanner.
0
 

Expert Comment

by:Nginfo
ID: 37447331
Hi,

FixTDSS.exe worked for me!!

Thank you for your help

Sebastien C.
0
 

Expert Comment

by:karpaty-oak
ID: 37780655
Hi,

FixTDSS.exe did  not anything at  the my computer. Boot sector remained infected.
I  downloaded mbrfix fom http://www.sysint.no/, created NOD sysrescue CD, booted from CD, then used command mbrfix /drive 0 fixmbr. NOD sysrescue did not clean olmasco.o/X from boot sector 0 alone.

K.O.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Run .exe file from network share 2 81
Windows 10 4 86
How do I allow access to an FTP server? 9 43
SMTP log file for IMSVA 5 31
These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question