Boot.Mebroot

1. Start the computer using Windows Recovery Console:
- Insert the Windows XP CD-ROM into the CD-ROM drive.
- Restart the computer from the CD-ROM drive.
- Press R to start the Recovery Console when the “Welcome to Setup” screen appears.
- Select the installation that you want to access from the Recovery Console.
- Enter the administrator password and press Enter.
- Type “fixmbr” command and press Enter:
(Following the onscreen instructions to restore the Master Boot Record)

2. Exit by typing “Exit” and press enter when done. The computer will now restart automatically.

3. Temporarily Disable System Restore (For WinXP only)
- On the Desktop, Right Click on My Computer
- Select the System Restore Tab
- Mark the “Turn Off System Restore” to disable and UnMark to Enable
- Click Apply on the Bottom of the Dialog Box to save the settings.
- A message “This deletes all existing restore points” will appear, click Yes to disable.
- Click OK.
Note: System Restore must be enabled after cleaning process.

4. Update the virus definitions.

5. Reboot computer in SafeMode
- During BootUp (just before Windows Start) process Press F8 continuously until selection appears
- Use Arrow Up+Down to select SafeMode on the selections menu.

6. Run a full system scan and clean/delete all infected file(s)

hi,
My system files are not infected with Boot.Mebroot but i downloaded a file which had it. I had suspicion on that file so before i even click it i scanned it with Norton Antivirus. The updates were up to date. it showed that the file contain virus. It was not resolving the issue. I deleted the file. But when again i scan my system with Norton it still it shows there and do not remove it. And yes… when ever i install the windows i turn off the System Restore point and its off from the beginning thats why i believe there are no infected files. Could you please help me with this ? And is any information going out from my system ?
I have Norton 2007 and ‘Outpost firewall’ installed on my system.

Sorry i forgot to mention that it shows Boot.Mebroot virus.

I have the same problem as Mackerz and I tried what precisesecurity suggested. However, when I typed in “fixmbr” - it came back with this:
Non-Standard or Invalid Master Boot Record.
Fixmbr may damage your partition table if you proceed.
This could cause all the partitions on the current hard drive to become inaccessible.
If you are not having problems accessing your hard drive - DO NOT CONTINUE.

What do I do now.

Please help - I’m desparate.
Thank you
Tinamarie

I had the virus, and did as described. the warning about the partitions i think is a possibillity. Cause i have no problems accessing all my hdd’s and partitions after fixing my mbr this way.
I hope i helped a little bit. Greetz from Holland

Hello. Clean Format, Clean Install of XPMCE and Norton. Install Zone Alarm, Finally connect net cable and go to Norton’s Live Update, then boom it finds it? I am on third attempt to fix/remove it. Already did the fixmbr thing and I still get this threat. Could it be in my Motherboard? Bios? I’m using all factory install discs that should be safe? This is so frustrating :(

I have a long thread going on Symantec’s Norton forum about how I cannot remove this virus from my computer. Symantec’s Virus Removal Support that costs $99.99 couldn’t remove it. 30 HP techs from their paid support can not remove it. I have done everything including erasing the hard drive, deleting all partitions, writing zero’s to the hard drive and reformatting using HP disks. Norton’s virus removal tool that is specific to this virus does nothing. What next? I asked the service department at Fry’s about installing another hard drive and they said that they could try, but that the virus might be in the memory. Is that possible?

That’s just stupid. Memory is volatile, turn it off and theres nothing left.
You HAVE to low level format the hard drive not just quick format it
Done properly NOTHING survives a low level format

A low level format doesn’t work either. I’ve tried everything as above and deleting partitions and full low level format, reinstalled Windows XP and the virus is still there. I’m also coming to a deadend with this one. Anyone actually managed to remove it?

Download the free 15 day trial Norton Anti-Virus 2009. It found Trojan.Mebroot and removed it. Sophos and the other forums gave all kinds of fancy, complex, lengthy repair steps.

And it didnt cost anything-and no long list of programs you dont know about That can tie up your registry and just be a pain. Safe and inexpensive.

Try to check the “Documents and Settings” file. The old installation files were still there when I thought a clean install would remove them. I deleted the old files then restored them to get my old address book file. When I restored them I got the alert and that Norton cleaned it up.

Be very careful if you do try to delete the old Documents and Settings subfiles- dont get the current ones!! Check some of the files for what Favorites or Cookies are and compare them to what you recently have done on the Net. Also check the created date- they will be the older ones.

Now Ill buy Norton- one virus was worth it. Plus it’s on sale at Office Max!

You can fdisk>Delete partitions then shut down the pc. Then after you start back up you can format. This wipes the memory and the disk. Theres no place for the code to live. Make sure there are no other removable drives/storage that could be an underground railroad for our little friend.

pita I know but what are you gonna do?

this freakin mebrrot….I have thrown ll I can at this,followed all these suggestions and keeps showing up on the next reboot,I’m at the end of my rope….

yea! me too! format. low level, delete partition, restore MBR, ……reload XP…??? still housing boot.mebroot. what if i dont remove it……… is there life after mebroot?