virus in c: mbr

June 11, 2011 at 10:56:54
Specs: Windows XP
I have been told by my AV that I have a virus called Rootkit.MBR.Mebroot.B
This is located in the C: drive MBR and the AV program can't remove it.
IF I were to format c: /mbr would the data on the drive be lost as I have 167 Gb of info that I do not want to lose. I might add that C: is NOT my boot drive. Years ago it used to be but no longer.
The virus has not been detected until a few days ago. Also my AV program expires in a few days. Makes me wonder if it is actually there or if the AV is trying to get me to renew.
Thanks for any help.

See More: virus in c: mbr

Report •

June 11, 2011 at 11:08:06
.................................. see #5 in this thread.

... FDISK /MBR should remove the mbr leaving other data intact.
Demonstrative exspelling
... there is logic to this madness!
Grrrrrrrrrrrrrrrrrrrrrrrrrrr... .im

Report •

June 11, 2011 at 11:10:13
I should add that my system is win XP Pro, 2 gigs ram, 4 HDDs, and the infected one is not the boot drive. AV is Shield Deluxe 2010. This will expire in 13 days. Hmm...
If this virus attacks the boot drive then it was infected years ago as I have not used this drive as a boot drive in that long so why would it only be found now? Curious.
If there is a way to save the data AND get rid of the virus, that would be great.
Thanks for any help.

Report •

June 11, 2011 at 14:32:49

Let's get some diagnostics, see if they find a RootKit, and then determine what strategy to pursue.

Please download GMER:
[Downloads a randomly named file. (Recommended)]

Disconnect from the Internet and close all running programs.

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver. Info:

Double-click on the randomly named GMER file (i.e. n7gmo46c.exe)
Allow the gmer.sys driver to load...

GMER opens to the Rootkit/Malware tab and performs an automatic quick scan when first run. (Please do not use the computer while the scan is in progress.)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your NO

Now, click the >Scan< button.
If you see a rootkit warning window, click OK.

When the scan finishes, click 'Save...' button to save the scan results to your Desktop.
Save the file as >gmer.log<

>>Click the Copy button and Paste the results in your reply.<<

Note: Please, do not take action on any of the information on the GMER report!!

If you encounter any problems, try running GMER in Safe Mode:

If GMER crashes or keeps resulting in a BSODs, uncheck 'Devices' (on the right side) before scanning.

Next, please download mbr.exe

Save the file to your Desktop.
Double-click >mbr.exe< and follow the prompts.

When mbr.exe is done, it creates a log.
>>Also copy and paste contents of the mbr.exe log in your reply.<<

Retired - Doin' Dis, Dat, and slapping malware.

Report •

Related Solutions

Ask Question