Removing MBR Virus

[Jsch38]

Just a quick tip:
I learned that Avast the free edition has nice feature that scans the MBR's for viruses and malware.
The other software I use MBM and AVG does not have this feature.

Anybody know of other antivruse/malware programs that offer this feature ?

 

[Nakin]

Nod32 does this too, since... wow... A long time.

 

[cyabro]

The problem with a virus in the mbr is that it can hide itself from av software and will run even in safe mode.
The only way to detect and remove one of these is by booting off another device and run the av scan from that over the hdd.

 

[MobileTechie]

I use mbr.exe or offline scanning.

 

[Avgsmoe]

TDSSKiller checks, and fixes it also

 

[lassenpc]

+1 Avgsmoe and Mobile Techie

TDSSKiller and MBR Check are good side utilities for MBR infection; have had both find things that AVG and Sophos (even the new 64bit ver) could not find.

 

[pceinc]

We've had good results with Hitmanpro lately.

 

[Tekguy]

Hitman Pro is very good. It's bailed me out a few times now finding rootkits that none of my other usual scanners could.

 

[MobileTechie]

I keep having problems with Hitman in that the portable mode just sits there doing nothing after the scan is started. Anyone else get that?

 

[Avgsmoe]

I keep having problems with Hitman in that the portable mode just sits there doing nothing after the scan is started. Anyone else get that?

yup all the time. I'll cancel it through taskman, and restart. Then it'll work.

 

[pceinc]

We don't have that issue. One thing to check is whether the infection has set a proxy in IE before scanning with Hitman. Hitman will detect the proxy but if you are not watching while it scans it will not upload files to the cloud for scanning.

 

[badkinsdesigns]

Had never used this before, but checked out Hitman Pro last night after reading this thread and loved it. Ran portable in safe mode and it defintely did the trick. Went from an unusable laptop to just fine with essentially no work from me besides plugging in the usb stick - gotta love that.

 

[Xander]

"ItsFixed" (sic), please cite your sources when you're just copying and pasting from other sites (as each of your posts have done so far)

http://computermagic.wordpress.com/2008/07/07/how-to-remove-virus-from-mbrmaster-boot-record-in-xp/

 

[MobileTechie]

To remove a virus from Master Boot Record you have to initially setup the Recovery console:

Step 1

Login into your desktop and launch the command prompt through the run dialogue box by typing cmd or clicking strart-all programs-accessories-command prompt.

Step 2

From command prompt type cd I386 and press enter.

Step 3

A i386:\> prompt appears in which you type the following i386:\>WINNT32 /CMDCONS

Step 4

A prompt appears asking you wether you want to reboot click yes.

Step 5

After the machine has performed a reboot two options appear

1) Login into Recovery Console

2) Login into Windows Xp Professional/Home

Select a and a prompt for administrator password comes out, enter it and then after which a blank command prompt appears.
To remove virus from MBR enter the following cmd FIXMBR it will ask if you are sure and click yes.

Step 6

Explain to your customer why their Dell no longer boots.

 

[Xander]

Nothing like getting your MBR virus info from a 2.5 year old blog that offers to "Lets make your computer problems disappear like Hudini!!" (sic) whose few posts all occurred on the same day.

http://goo.gl/hl40D
Even so, the guy deserves a little credit (backlink) for actually doing the work quoted.

 

[BDPCR]

Step 6

Explain to your customer why their Dell no longer boots.

Yup got to watch out for those customized boot records.