Error while cleaning--operation unavailable

Discussion in 'ESET NOD32 Antivirus' started by dick w, Aug 13, 2009.

Thread Status:
Not open for further replies.
  1. dick w

    dick w Registered Member

    Joined:
    May 16, 2009
    Posts:
    6
    I just got a threat alert:

    Object: MBR sector of the 6. physical disk
    Threat: Win32/Mebroot.CA trojan
    Comment: Error while cleaning - operation unavailable for this object type

    Questions:
    1) How do I figure out which is the 6. physical disk?
    2) Is this a sign that there's just a remnant (I think/thought I eradicated a Mebroot back in May) since there are no other reports re. processes or other stuff related to Mebroot?
    3) What do I do to get rid of it?

    Thanks for any help!
     
  2. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
    did you try the eset mebroot remover?
     
  3. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    If you run the Microsoft command-line utility DiskPart (filename: DISKPART.EXE) on the computer and type "LIST DISK" at the DISKPART> prompt does that identify the drive in question?

    Regards,

    Aryeh Goretsky
     
  4. dick w

    dick w Registered Member

    Joined:
    May 16, 2009
    Posts:
    6
    Thanks for both of your reponses. I just got back to this problem...

    I just tried the ESET remover but it says "MBR rootkit (Win32/Mebroot) was not found on your system." Perhaps this is because it's not on the system disk but on a USB attached disk? (The diskpart tool confirms Disk 6 is that disk.)

    At any rate, I still have this big red Alert Threat Found dialog box staring me in the face and I want to fix the issue rather than supress the warning. So what next?
     
  5. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    The following should erase the contents of a USB flash RAM drive, including the master boot record and its associated partition table of data located in the first sector.
    1. Open a Command Prompt (filename: CMD.EXE) in Windows. If you are running Microsoft Windows Vista or Windows 7, you will need to open an elevated command prompt.
    2. Start DiskPart (filename: DISKPART.EXE), the command line disk partitioning tool. The DISKPART> will appear.
    3. At the DISKPART> prompt, type "LIST DISK" (without quotes) and press enter. A list of currently-mounted disk drives will be displayed. Your USB flash RAM drive will show up with a number like 1, 2, 3, 4 and so forth.
    4. At the DISKPART> prompt, type "SELECT DISK n" (without quotes), where n is the number of USB flash RAM drive and press enter. Assuming nothing has changed on the system, you would type "SELECT DISK 6"
    5. At the DISKPART> prompt, type "CLEAN" (without quotes) and press enter. This tells DiskPart to zero-out (write 0's) across the entire disk. It may take a few moments for the operation to run, depending upon the capacity and speed of your USB flash RAM drive. When finished, you will have an empty USB flash drive.
    At this point, you can type "EXIT" and press enter to quit, however, if you would like to format the disk or make it bootable (for a Windows Vista or Windows 7 installation), you can do so by following these steps:
    1. At the DISKPART> prompt, type "CREATE PARTITION PRIMARY" (without quotes) and press enter. This creates a primary disk partition utilizing all of the flash RAM drive's capacity.
    2. At the DISKPART> prompt, type "SELECT PARTITION 1" (without quotes) and press enter. This tells DiskPart you wish to perform operations on the partition (disk volume) you just created.
    3. At the DISKPART> prompt, type "ACTIVE" (without quotes) and press enter. This tells DiskPart to make the disk partition startable, e.g., allows an operating system to be booted from the partition.
    4. At the DISKPART> prompt, type either one of the following commands:
      • "FORMAT FS=FAT32 QUICK" (without quotes) and press enter to format the USB flash drive using the FAT32 file system
      • "FORMAT FS=NTFS QUICK" (without quotes) and press enter to format the USB flash drive using the NTFS file system.
      It may take a moment or two to perform a quick format.
    5. At the DISKPART> prompt, type "ASSIGN" (without quotes) and press enter. This tells DiskPart to assign the first available drive letter to the partition (disk volume) you just created on the USB flash RAM drive.
    6. At the DISKPART> prompt, type "EXIT" (without quotes) and press enter to exit the DiskPart program.
    You should have now an USB flash drive which is empty, but can be used as installation media for Windows Vista or Windows 7, should you decide to copy the contents of an installation DVD over to the drive and later use it for that purpose. Making a USB flash drive bootable for installation is done using the BootSect command on the Windows installation disc, but that's getting a little outisde the scope of this discussion, which was how to remove Win32/Mebroot from the USB Flash RAM drive.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.