Boot.Mebroot

12 Responses for "Boot.Mebroot"

1. precisesecurity January 9th, 2008 at 5:44 am 1

   1. Start the computer using Windows Recovery Console:
   - Insert the Windows XP CD-ROM into the CD-ROM drive.
   - Restart the computer from the CD-ROM drive.
   - Press R to start the Recovery Console when the “Welcome to Setup” screen appears.
   - Select the installation that you want to access from the Recovery Console.
   - Enter the administrator password and press Enter.
   - Type “fixmbr” command and press Enter:
   (Following the onscreen instructions to restore the Master Boot Record)

   2. Exit by typing “Exit” and press enter when done. The computer will now restart automatically.

   3. Temporarily Disable System Restore (For WinXP only)
   - On the Desktop, Right Click on My Computer
   - Select the System Restore Tab
   - Mark the “Turn Off System Restore” to disable and UnMark to Enable
   - Click Apply on the Bottom of the Dialog Box to save the settings.
   - A message “This deletes all existing restore points” will appear, click Yes to disable.
   - Click OK.
   Note: System Restore must be enabled after cleaning process.

   4. Update the virus definitions.

   5. Reboot computer in SafeMode
   - During BootUp (just before Windows Start) process Press F8 continuously until selection appears
   - Use Arrow Up+Down to select SafeMode on the selections menu.

   6. Run a full system scan and clean/delete all infected file(s)

2. Mackerz July 22nd, 2008 at 12:22 am 2

   hi,
   My system files are not infected with Boot.Mebroot but i downloaded a file which had it. I had suspicion on that file so before i even click it i scanned it with Norton Antivirus. The updates were up to date. it showed that the file contain virus. It was not resolving the issue. I deleted the file. But when again i scan my system with Norton it still it shows there and do not remove it. And yes… when ever i install the windows i turn off the System Restore point and its off from the beginning thats why i believe there are no infected files. Could you please help me with this ? And is any information going out from my system ?
   I have Norton 2007 and ‘Outpost firewall’ installed on my system.

3. Mackerz July 22nd, 2008 at 12:23 am 3

   Sorry i forgot to mention that it shows Boot.Mebroot virus.

4. Tinamarie July 27th, 2008 at 8:17 pm 4

   I have the same problem as Mackerz and I tried what precisesecurity suggested. However, when I typed in “fixmbr” - it came back with this:
   Non-Standard or Invalid Master Boot Record.
   Fixmbr may damage your partition table if you proceed.
   This could cause all the partitions on the current hard drive to become inaccessible.
   If you are not having problems accessing your hard drive - DO NOT CONTINUE.

   What do I do now.

   Please help - I’m desparate.
   Thank you
   Tinamarie

5. Whistler September 10th, 2008 at 9:19 am 5

   I had the virus, and did as described. the warning about the partitions i think is a possibillity. Cause i have no problems accessing all my hdd’s and partitions after fixing my mbr this way.
   I hope i helped a little bit. Greetz from Holland

6. NoXiouS September 14th, 2008 at 5:22 pm 6

   Hello. Clean Format, Clean Install of XPMCE and Norton. Install Zone Alarm, Finally connect net cable and go to Norton’s Live Update, then boom it finds it? I am on third attempt to fix/remove it. Already did the fixmbr thing and I still get this threat. Could it be in my Motherboard? Bios? I’m using all factory install discs that should be safe? This is so frustrating :(

7. Hannah12 October 5th, 2008 at 7:11 pm 7

   I have a long thread going on Symantec’s Norton forum about how I cannot remove this virus from my computer. Symantec’s Virus Removal Support that costs $99.99 couldn’t remove it. 30 HP techs from their paid support can not remove it. I have done everything including erasing the hard drive, deleting all partitions, writing zero’s to the hard drive and reformatting using HP disks. Norton’s virus removal tool that is specific to this virus does nothing. What next? I asked the service department at Fry’s about installing another hard drive and they said that they could try, but that the virus might be in the memory. Is that possible?

8. hannah13 May 19th, 2009 at 2:49 am 8

   That’s just stupid. Memory is volatile, turn it off and theres nothing left.
   You HAVE to low level format the hard drive not just quick format it
   Done properly NOTHING survives a low level format

9. Craig May 26th, 2009 at 9:55 am 9

   A low level format doesn’t work either. I’ve tried everything as above and deleting partitions and full low level format, reinstalled Windows XP and the virus is still there. I’m also coming to a deadend with this one. Anyone actually managed to remove it?

10. sctbrd July 21st, 2009 at 12:44 am 10

    Download the free 15 day trial Norton Anti-Virus 2009. It found Trojan.Mebroot and removed it. Sophos and the other forums gave all kinds of fancy, complex, lengthy repair steps.

    And it didnt cost anything-and no long list of programs you dont know about That can tie up your registry and just be a pain. Safe and inexpensive.

    Try to check the “Documents and Settings” file. The old installation files were still there when I thought a clean install would remove them. I deleted the old files then restored them to get my old address book file. When I restored them I got the alert and that Norton cleaned it up.

    Be very careful if you do try to delete the old Documents and Settings subfiles- dont get the current ones!! Check some of the files for what Favorites or Cookies are and compare them to what you recently have done on the Net. Also check the created date- they will be the older ones.

    Now Ill buy Norton- one virus was worth it. Plus it’s on sale at Office Max!

11. Khaos July 28th, 2009 at 3:08 pm 11

    You can fdisk>Delete partitions then shut down the pc. Then after you start back up you can format. This wipes the memory and the disk. Theres no place for the code to live. Make sure there are no other removable drives/storage that could be an underground railroad for our little friend.

    pita I know but what are you gonna do?

12. goatman August 13th, 2009 at 11:26 am 12

    this freakin mebrrot….I have thrown ll I can at this,followed all these suggestions and keeps showing up on the next reboot,I’m at the end of my rope….