Solved

Removing olmasco.o trojan

Posted on 2011-09-22
6
8,511 Views
Last Modified: 2013-11-22
On one of my customer's machine's ESET Smart Security Suite reported an in-memory infection of olmasco.o that it could not clean. I ran the ESET SysRescue disk, and it identified an infection in the boot sector of the drive, but could not clean it. I then booted UBCB4WIN and ran the MBRFix tool to write a new MBR. A re-scan with ESET SysRescue showed that the boot sector is no longer infected, and scans are coming up clean

Here's my question: am I "done" with this infection? Or is there more work to do?  If there is more work to be done, where do I go for assistance as this is the primary machine in a doctor's office and he can't be without it for days on end.

The system is Win XP Pro, ESET Smart Security Suite 5.0.93.0, Malwarebytes Pro 1.52

Mahalo for your assistance,

Harry Z.
0
Comment
Question by:harry_z
6 Comments
 
LVL 10

Accepted Solution

by:
c_a_n_o_n earned 100 total points
ID: 36584886
It looks like you did everything you need to do to correct your situation and effeciently too.  

ESET - NOD32 -v.6540 (20110909) protects against Win32/Olmasco.O
http://go.eset.com/us/threat-center/threatsense-updates2/page/8

While Malwarebytes is a great product and always better to have two scanners than one, I don't see any reference to Olmasco.O.  

I would bet that Win32/Olmasco.O may be a unique name used by NOD32, other AVs may offer different names, hence the reason so little detail on this on any of the AV sites.
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 25 total points
ID: 36585609
0
 

Author Comment

by:harry_z
ID: 36588778
Aloha c_a_n_o_n, thank you for your comments.

Aloha SSharma, why do you recommend running the TDSSKiller?  As I understand this type of malware (which admittedly is not overly well), once you replace the infected MBR, anything else left behind is "dead" (i.e. nothing points to it so it can't hurt you). Or am I mistaken?

Mahalo to both of you for your replies!

Harry Z.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 36588835
I was only recommending since some infections like rootkits are not easily detectable by most of the tools.TLD infection is one of them, which comes packed with other malwares and viruses.

Just to be on safer side. If you are not getting any kind of re-directs from browsers I think you are good to go. But it wouldn't hurt to run another scanner.
0
 

Expert Comment

by:Nginfo
ID: 37447331
Hi,

FixTDSS.exe worked for me!!

Thank you for your help

Sebastien C.
0
 

Expert Comment

by:karpaty-oak
ID: 37780655
Hi,

FixTDSS.exe did  not anything at  the my computer. Boot sector remained infected.
I  downloaded mbrfix fom http://www.sysint.no/, created NOD sysrescue CD, booted from CD, then used command mbrfix /drive 0 fixmbr. NOD sysrescue did not clean olmasco.o/X from boot sector 0 alone.

K.O.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Virus .zepto files 10 73
Upgrade Symantec EndPoint Protection 14 13 116
Is this virus ? 6 36
Does every computer hit with Ransomware use a different key to unencrypt? 10 57
These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now