Solved

Removing olmasco.o trojan

Posted on 2011-09-22
6
8,469 Views
Last Modified: 2013-11-22
On one of my customer's machine's ESET Smart Security Suite reported an in-memory infection of olmasco.o that it could not clean. I ran the ESET SysRescue disk, and it identified an infection in the boot sector of the drive, but could not clean it. I then booted UBCB4WIN and ran the MBRFix tool to write a new MBR. A re-scan with ESET SysRescue showed that the boot sector is no longer infected, and scans are coming up clean

Here's my question: am I "done" with this infection? Or is there more work to do?  If there is more work to be done, where do I go for assistance as this is the primary machine in a doctor's office and he can't be without it for days on end.

The system is Win XP Pro, ESET Smart Security Suite 5.0.93.0, Malwarebytes Pro 1.52

Mahalo for your assistance,

Harry Z.
0
Comment
Question by:harry_z
6 Comments
 
LVL 10

Accepted Solution

by:
c_a_n_o_n earned 100 total points
ID: 36584886
It looks like you did everything you need to do to correct your situation and effeciently too.  

ESET - NOD32 -v.6540 (20110909) protects against Win32/Olmasco.O
http://go.eset.com/us/threat-center/threatsense-updates2/page/8

While Malwarebytes is a great product and always better to have two scanners than one, I don't see any reference to Olmasco.O.  

I would bet that Win32/Olmasco.O may be a unique name used by NOD32, other AVs may offer different names, hence the reason so little detail on this on any of the AV sites.
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 25 total points
ID: 36585609
0
 

Author Comment

by:harry_z
ID: 36588778
Aloha c_a_n_o_n, thank you for your comments.

Aloha SSharma, why do you recommend running the TDSSKiller?  As I understand this type of malware (which admittedly is not overly well), once you replace the infected MBR, anything else left behind is "dead" (i.e. nothing points to it so it can't hurt you). Or am I mistaken?

Mahalo to both of you for your replies!

Harry Z.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 36588835
I was only recommending since some infections like rootkits are not easily detectable by most of the tools.TLD infection is one of them, which comes packed with other malwares and viruses.

Just to be on safer side. If you are not getting any kind of re-directs from browsers I think you are good to go. But it wouldn't hurt to run another scanner.
0
 

Expert Comment

by:Nginfo
ID: 37447331
Hi,

FixTDSS.exe worked for me!!

Thank you for your help

Sebastien C.
0
 

Expert Comment

by:karpaty-oak
ID: 37780655
Hi,

FixTDSS.exe did  not anything at  the my computer. Boot sector remained infected.
I  downloaded mbrfix fom http://www.sysint.no/, created NOD sysrescue CD, booted from CD, then used command mbrfix /drive 0 fixmbr. NOD sysrescue did not clean olmasco.o/X from boot sector 0 alone.

K.O.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now