Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Boot malmo aka Junkie - detected but no removal

Created: 08 Nov 2012 • Updated: 10 Dec 2012 | 10 comments
ThaveshinP's picture
This issue has been solved. See solution.

Does anyone have a response to remove this virus. The article from the symantec site is almost 5 years old and we have a stack of machines
infected and detected with SEP 11RU7 but SEP does not remove the virus?

Has anyone resolved to get this virus off machines?

Comments 10 CommentsJump to latest comment

Ambesh_444's picture

Hi,

 

To remove this virus, boot the computer from a Norton AntiVirus Rescue Disk and then run a DOS scan:

  1. Shut down the computer, and turn off the power. You must turn off the power to remove the virus form memory.
  2. Do one of the following:
    • If you have recently created a Rescue Disk set on the computer that is infected, and you updated the virus definitions before doing so, go on to the next step.
    • If you do not have a Rescue Disk set that contains recently updated virus definitions, you will have to create a Rescue Disk set on an uninfected computer. Skip to the section To install and create Rescue Disk on an uninfected computer.
  3. Insert disk 1 of the Rescue Disk set (the boot disk), restart the computer, and follow the prompts to scan the hard drive.

 

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Mithun Sanghavi's picture

Hello,

Check this featured Article:

Is your system infected? Symantec tools to help clear an infection

and 

Symantec Endpoint Protection – Security Best Practices for Stopping malware and other Threats

http://www.symantec.com/theme.jsp?themeid=stopping_malware

Best practices for troubleshooting viruses on a network

http://www.symantec.com/business/support/index?page=content&id=TECH122466

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ThaveshinP's picture

How do I make a Norton rescue disk or do I use the SERT ?

ThaveshinP's picture

This is outdated - who has windows 95/98 stiffy drive???

To install and create Rescue Disk on an uninfected computer:
Requirements: Five or more blank 1.44 MB floppy disks and a Windows 95/98 computer that is not infected by a virus.

  1. Install Norton AntiVirus on an uninfected computer that has the same operating system as the one that you are trying to clean.
  2. Run LiveUpdate to update the virus definitions.
  3. Follow the instructions in the section "Updating Rescue Disks" (or similar title) in the Norton AntiVirus User's Guide.
  4. Return to step 3 of the previous section.

 

We are using SEP11RU7 - where or how do I make a bootable cd for the rescue disk?

Mithun Sanghavi's picture

Hello,

I would prefer SERT tool. Since you are running the SEP version.

1. The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

2. If you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ThaveshinP's picture

Can I boot up from a mem stick using the tool? What are the requirements to get the SERT tool running from boot and scan the machine?

Mithun Sanghavi's picture

Hello,

Yes, check this Article:

How to make the Symantec Endpoint Recovery Tool boot from a USB memory stick

http://www.symantec.com/business/support/index?page=content&id=TECH131578

and this VIDEO:

Symantec Endpoint Recovery Tool (SERT)

https://www-secure.symantec.com/connect/videos/symantec-endpoint-recovery-tool-sert

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
ThaveshinP's picture

Is there a way to remove this virus without having to go through the steps mentioned for the SERT tool?

Automated ?

Mithun Sanghavi's picture

Hello,

We are suggesting the SERT Tool as this tool would assist you with Boot related Threats.

However, In case you would like to get a hand on to other tools, check this Article below:

Is your system infected? Symantec tools to help clear an infection

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ThaveshinP's picture

Will try the SERT tool and see whether it does the trick.