06-20-2010 10:55 PM
Got 3 hard drives on my PC (the OS drive is clean, no problems), but NIS finds and "Fully Removes" Boot.Mebroot from those 2 extra drives every time I boot (or restart) my PC.... The way I see it, NIS doesn't really remove those trojans, it just bloks them.
Is there a way to remove for good the Rootkit from those hard drives? I really don't want to fdisk /mbr them.
06-21-2010 01:17 AM - edited 06-21-2010 01:18 AM
You might want to try the steps provided @
06-21-2010 01:25 AM
Bleeping Computer have tools, to check for Mebroot (and variants) and one to remove the bootkit.
To be used under supervision by the Malware Removal Team or Instructor, they are 2 nice little tools.
06-21-2010 06:53 AM - edited 06-21-2010 06:56 AM
Well, the solution implied by this article is based on the Rootkit residing on the booting drive. When you open the Windows Recovery Console, you can only fix the MBR of the hard drive where your OS is installed. This MBR on my PC is clean. The rootkit resides on each of the other 2 HDD that I have installed...
Oh, by the way, I'm running Win 7 and the article in your link doesn't seem to cover Win 7...
06-21-2010 07:09 AM
You would be best advised to follow the recommendations of Quads, who is a rootkit and malware expert, and contact Bleeping Computer ( www.bleepingcomputer.com ).
We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone
06-21-2010 08:19 AM
The Symantec link is also from January 2008, and may not be valid for the new malware.
06-21-2010 03:21 PM
There is also another tool that should also be used under supervision like on Bleeping, that will check all installed drives boot code
40 GB \\.\PhysicalDrive0 OK(DOS/Win32 Boot code found)
1 TB \\.\PhysicalDrive1 OK (DOS/Win32 Boot code found)
1 TB \\.\PhysicalDrive2 OK (DOS/Win32 Boot code found)
1.5 TB \\.\PhysicalDrive3 OK (DOS/Win32 Boot code found)
But to fix the drives involved it's either use of the command prompt and typing out the command(s) or the use of a script, (I have the template).
Though problems can occur if you have like a Dell Recovery Hard Drive installed after cleaning.
06-26-2010 04:37 PM
I no longer do malware removal on this Forum due to the forums danger level.
Bleeping Computers Malware Removal Team and Intructors have available to them all the tools including the tool that checks all Hard Drives installed in a PC.
Supervision is advised due to the tools involved and the MBR (boot records). This is why problem can occur after with like installed Dell /HP etc recovery drives.