Win32/Mebroot Trojan in Operating Memory

Discussion in 'ESET NOD32 Antivirus' started by Tuffdeal, May 11, 2010.

Thread Status:
Not open for further replies.
  1. Tuffdeal

    Tuffdeal Registered Member

    Joined:
    Jun 4, 2007
    Posts:
    2
    Have been using ESET AV [auto updated daily] for years and have just had first problem: the Win32/Mebroot Trojan is now resident in my Operating Memory and ESET cannot delete it. On start up it seems to generate a virus called unruy.AV which ESET does delete but the Mebroot is still there. My machine is a netbook so I have no CD drive. Have reinstalled my OS but its still there as I figured it would be and the Windows Recovery Console doesn't help. How do I get rid of this trojano_O
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Or you can try to download Malwarebytes and/or Superantispyware to see if they are able to get rid of the Mebroot infection.
     
  4. Tuffdeal

    Tuffdeal Registered Member

    Joined:
    Jun 4, 2007
    Posts:
    2
    Thanks to all. Just got it fixed. Downloaded the Windows XP Recovery Console. Booted into it and simply ran fixmbr. I think that I just got frustrated and overloaded by complexity that I forgot the simplest solution is usually the best.

    BTW, the recovery tool on this site for Mebroot doesn't download. Ran the page on my desktop in IE, Firefox, Opera and Pale Moon and each time when I clicked the link it just took me to the same page. Something is wrong there.
     
  5. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    not sure why it worked fine here. Run few more tools and make sure no more badware is lurking
     

    Attached Files:

  6. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
    The infection probably stopped you from reaching the Eset site by altering your hosts file or DNS.
     
  7. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    Help: I Got Hacked. Now What Do I Do?
    http://technet.microsoft.com/de-de/library/cc512587(en-us).aspx
    Malware - what now?
    * save data (copy documents, music aso., create image/backup...)

    * insert Windows-CD/DVD, reboot
    * format windows partition with that cd/dvd
    * reinstall windows from scratch
    * install all windows updates
    (or use a clean backup/image instead)

    * use a secure browser
    * install only programs from trustable sources
    * revise your security concept
    * change all passwords at trojan infections
    * dont work as admin
     
Thread Status:
Not open for further replies.