NOD32 ~ MBR Sector of the 0.physical hard disk - Win/32 Mebrot.mbr trojan?!

Discussion in 'ESET Smart Security' started by graeme122, Dec 1, 2009.

Thread Status:
Not open for further replies.
  1. graeme122

    graeme122 Registered Member

    Joined:
    Dec 1, 2009
    Posts:
    2
    Hi, iv'e been downloading few programs and games.

    Anyway, 2 days ago i received this:

    http://img682.imageshack.us/img682/9211/nod32error.png

    Iv'e reinstalled Windows XP with a full format on C:\ aswell as a format on the partition on the same hard disk drive and nothing helps removing it.
    Iv'e tried writing a new mbr still picks up this trojan....
    I installed XP and nod32 without anything else and still receive it.....
    Iv'e ran COMBOFIX and didn't find anything so.......

    What can I do to remove it, try kapersky or diskepper?

    I'm going to install Vista Nvidia Edition on my Sata and see if it's fine on there. If so I will have to completely format the IDE drive and delete the partitions.
     
  2. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello graeme122,

    Try booting to the Windows CD after turning the machine off and then use the FIXMBR command to rebuild the master boot record. If you run the command while the infected item is loaded in memory, it can keep itself from being overwritten.
     
  3. graeme122

    graeme122 Registered Member

    Joined:
    Dec 1, 2009
    Posts:
    2
    Hi, iv'e tried that but doesn't help doing fixmbr in recovery console in XP, anyway news:

    Iv'e used gparted to delete both partitions and recreate 1 partition, reinstalled my legit XP, used Nod32, it seems it's the nod32 4.0 edition no here, the newest *updates* is picking some weird mbr bug up, which there isn't one..... o_O? weird o_O

    I ran combfix etc, and that's a pretty good tool to find bugs in mbr and system files. So it's something to do with that nod32 version. But iv';e used it for a few months now, and it's been fine till past few days it seems it's the updates that think there is a mbr bug which it cant clean...
     
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Try downloading the standalone ESET Win32/Mebroot Remover from this page on ESET's web site and see if that resolves the problem.

    Regards,

    Aryeh Goretsky
     
  5. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    I have the same disease.
    Mine is in a secondary data storage disk - not the C drive. When i run your suggested tool I get this message;

    What now?
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Try booting into the Recovery Console and issuing a "FIXMBR \Device\HardDisk3\" command (or to the correct deivce, if the hard disk drive is mapped differently at the Recovery Console).

    Afterward, start the computer as normal and re-scan the external hard disk drive to verify the threat has been removed.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.