Mebroot Trojan detected - not cleaned

Discussion in 'ESET Smart Security' started by wamattox, Apr 15, 2010.

Thread Status:
Not open for further replies.
  1. wamattox

    wamattox Registered Member

    Joined:
    Oct 15, 2009
    Posts:
    8
    I have a workstation thet gives a warning on startup that there is a memory Mebroot detection that ESET cannot remove. In the virus encyclopedia when I go to Mebroot and then click on the htxt link to the removal tool it just loops back to the encyclopedia index. In safe mode, ESET detected and removed a trojan in a "data(1).pdf file. Three other programs detect nothing. o_O

    Virus promulgation should be a capitol offense. Thanks

    Wayne Mattox
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Try the Mebroot removal tool downloadable from here.
     
  3. wamattox

    wamattox Registered Member

    Joined:
    Oct 15, 2009
    Posts:
    8
    Thank you. I have marked the page for reference.

    Maybe life with no parole...

    Wayne
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The ESET threat Encyclopedia entry for Win32/Mebroot is here
    Based on previous threads, use of the tool, findings and results have been successful.
     
  5. facadegeniality

    facadegeniality Registered Member

    Joined:
    Jun 24, 2010
    Posts:
    1
    hi guys, i have the same issue and used the tool. It stated that the virus is removed and asked me to restart.

    upon restart, i did a scan of the operating memory and the virus is still there.

    im on windows 7.

    i've tried using Malwarebytes anti-malware. it showed no infection. Could this be a false positive?


    facade




    edit: i went to the repair windows 7 and used the command prompt

    i entered bootrec.exe /fixmbr

    now i scan the operating memory and all is good. so i guess the tool does work afterall.
     
    Last edited: Jun 24, 2010
Thread Status:
Not open for further replies.