Endpoint Protection

 View Only

  • 1.  Need help in MBR virus

    Posted Sep 23, 2010 03:17 AM

    Hi,

    Here's an easy one...

    Anybody has any suggestions in fixing the MBR infected with Quaint (b) , Mebroot and similar threats. Procedures, scripts and executables perhaps.

    All I can see more or less is this from Symantec. There are other websites that also show similar steps: 

    1. Insert the Windows XP CD-ROM into the CD-ROM drive.
    2. Restart the computer from the CD-ROM drive.
    3. Press R to start the Recovery Console when the "Welcome to Setup" screen appears.
    4. Select the installation that you want to access from the Recovery Console.
    5. Enter the administrator password and press Enter.
    6. Type the following command and press Enter:
      fixmbr
    7. Following the onscreen instructions to restore the Master Boot Record.
    8. Type exit
    9. Press Enter. The computer will now restart automatically.
       

    Thanks.



  • 2.  RE: Need help in MBR virus

    Posted Sep 23, 2010 03:25 AM

    This is really helpful.Actually it rewrite the MBR and any old entry(including virus) in MBR will get removed.This method saved me may times....



  • 3.  RE: Need help in MBR virus

    Posted Sep 23, 2010 07:11 AM

    Helpful steps, it would be great if you can post this in the Blog section of the Connect Web Site.

    Web URL: https://www-secure.symantec.com/connect/security/blogs



  • 4.  RE: Need help in MBR virus

    Posted Sep 23, 2010 08:14 AM

    Actually, I'm asking for help. :D

    What can I do aside from the process I mentioned above? And can a malware infect a boot sector without going through the boot process? Probably, yes.  I'm currently researching on this. I found out that one of the first boot sector virus is called the Brain from the DOS era. I think it copies itself with the floppy disk. Back then there are utilities for endusers that copies a disk sector per sector. So a disk or diskette with that virus gets copied using said application. So the same principle applies with the current medium. A removable and bootable storage device is infected and is the first thing a PC reads, loads the malware into memory and copies itself on any fixed storage found.



  • 5.  RE: Need help in MBR virus

    Posted Sep 23, 2010 08:34 AM

    Hi Everyone,

    Please check out the below link which has surely helped me with solving a lot of boot sector virus issues and other Windows related issues, and also the explanation is clear and fine

    http://technet.microsoft.com/en-us/library/bb457122.aspx

    Topics:

    a. Troubleshooting Disks and File Systems

    b. Tools for Troubleshooting

     

    Below site can provide some minimal information about MBR viruses and to avoid/clear, but ll majorly work with DOS based machines

    http://antivirus.about.com/od/securitytips/a/bootsectorvirus.htm

     

    Hope that anyone will find these as helpful



  • 6.  RE: Need help in MBR virus

    Posted Sep 24, 2010 02:45 AM

    Thanks, for the comments, suggestions and infos. +1 to you all from me. :D

    A blog has been made and submitted.



  • 7.  RE: Need help in MBR virus

    Posted Sep 24, 2010 09:07 AM

    You can use Symantec Endpoint Recovery Tool for removing such infections

    How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions

    Have a look at this video also

    Symantec Endpoint Recovery Tool (SERT)