Mebroot Trojan detected - not cleaned

Discussion in 'ESET Smart Security' started by wamattox, Apr 15, 2010.

Thread Status:
Not open for further replies.
  1. wamattox

    wamattox Registered Member

    Joined:
    Oct 15, 2009
    Posts:
    8
    I have a workstation thet gives a warning on startup that there is a memory Mebroot detection that ESET cannot remove. In the virus encyclopedia when I go to Mebroot and then click on the htxt link to the removal tool it just loops back to the encyclopedia index. In safe mode, ESET detected and removed a trojan in a "data(1).pdf file. Three other programs detect nothing. o_O

    Virus promulgation should be a capitol offense. Thanks

    Wayne Mattox
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    Try the Mebroot removal tool downloadable from here.
     
  3. wamattox

    wamattox Registered Member

    Joined:
    Oct 15, 2009
    Posts:
    8
    Thank you. I have marked the page for reference.

    Maybe life with no parole...

    Wayne
     
  4. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The ESET threat Encyclopedia entry for Win32/Mebroot is here
    Based on previous threads, use of the tool, findings and results have been successful.
     
  5. facadegeniality

    facadegeniality Registered Member

    Joined:
    Jun 24, 2010
    Posts:
    1
    hi guys, i have the same issue and used the tool. It stated that the virus is removed and asked me to restart.

    upon restart, i did a scan of the operating memory and the virus is still there.

    im on windows 7.

    i've tried using Malwarebytes anti-malware. it showed no infection. Could this be a false positive?


    facade




    edit: i went to the repair windows 7 and used the command prompt

    i entered bootrec.exe /fixmbr

    now i scan the operating memory and all is good. so i guess the tool does work afterall.
     
    Last edited: Jun 24, 2010
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.