Comments on: Boot.Mebroot

By: Mac

Mac — Tue, 12 Apr 2011 07:38:18 +0000

hondo wrote:
“I found the solution elsewhere, and it’s FREE.
It will first scan your computer. It took about 2 hours on mine, and then the fix came. That stinking’ virus is finally gone!”

Wow… how did you do it? What program did you use?
This virus/rootkit is a pain in the a**.

Hope you,or anyone else that had successfully removed this, answers soon…

Thanks in advance!

//Markus from Sweden

By: hondo

hondo — Sun, 06 Feb 2011 20:33:02 +0000

I also had this very annoying problem, and my Norton 2001 could not fix it, so I went to the NAV to get info on how to create a reboot disk reboot. The disk fixed it ONLY for that reboot. I had to reboot each and every time I started my computer. Shame on Norton Anti Virus for not having dealt with this problem.
I found the solution elsewhere, and it’s FREE.
It will first scan your computer. It took about 2 hours on mine, and then the fix came. That stinking’ virus is finally gone!

By: Henry

Henry — Sun, 04 Jul 2010 09:36:38 +0000

The best way to remove this particular piece of malware is to have a second computer available (make sure that it is fully updated and that the anti-virus is fully updated also), remove each hard drive from the infected computer, place the drive in an external hard drive case, connect the external drive (using USB or firewire – whichever your computer and external drive supports) to your computer and scan the drive (also run the removal tool(s) on the external drive). In this way you are using a confirmed clean computer to scan the infected drive(s). This method has worked for me with no issues.

By: Danq

Danq — Thu, 10 Jun 2010 23:34:08 +0000

Hi, has anyone (except for me :) experienced this Trojan on a windows 7 machine? I tried Burnt’s method above but it did not fix the problem. I have a machine running windows 7 pro with 2 internal HDD. I have Norton IS 2010 running and every time I boot up it finds boot.mebroot and removes it (so it says). I just recently reinstalled windows and that did not do the trick eithere. I did a clean install and format the partition that windows was installed on. Maybe I should delete the partition table and reformat next? Any other suggestions? Thanks

By: Don

Don — Thu, 10 Jun 2010 03:48:24 +0000

This is a nice long thread and Symantec says that it is a low level threat and it states removal is EASY. If it’s so easy, why can’t Symantec Anti-Virus remove it? Once again a software company taking our money and giving us nothing in return.

By: Ray

Ray — Wed, 09 Jun 2010 16:19:46 +0000

I got this sink hole of a virus on my PC a little ways back, and am having all the problem listed above. I’m not the greatest with computers so I’m pretty hesitant about doing the recovery console bit as I don’t really know what I’m doing and don’t want to make things worse. to that end, does anybody know if just straight up getting rid of the old hard drive and having a new one installed works? Sure I have files, but nothing I cant live without so if anybody knows if just shelling out the money for a new hard drive would work I’m all ears

By: john

john — Mon, 31 May 2010 07:25:04 +0000

I cant believe I am reading this! about the 2 years ago a hard drive antivirus built into the motherboard (asus p4pe)
began making noise on start up. i disabled it after doing some searching, I’m using Norton right? Norton never found this until today, I am losing control of my computer after a long idle time, a window pops up telling me my computer is in use enter a password. when I re-enter windows Norton is busy doing an idle time scan, doing battle with this virus. funny Norton now says it has found the virus before. I have never seen it in the history before? Norton doesn’t seem to remember after a restart. I don’t know where to begin. I don’t have a recovery disk

By: Remover

Remover — Sat, 03 Apr 2010 04:25:32 +0000

I have Boot.Mebroot on my 2nd physical drive – 1tb (not on the boot drive). Try all the method above, none work. even formatting the drive no luck. I had it resolved by cloning the the drive using another empty clean formatted drive. (I use acronis true image). It works like a charm. No more Boot.Mebroot

By: Kap'n Krunch

Kap'n Krunch — Mon, 29 Mar 2010 02:24:56 +0000

I finally got this thing off my computer. Gone. But for me, it was on my external hard drive. Turned out the trigger for the virus was the autoplay function for the device. Once I disabled all the autoplay features, Norton stopped blocking it. I was then able to easily get my files off of my external. mebroot was chilling in 2 places called 0×85 and 0×81 which I found at:
run: regedit — hkey_local_machine — software — Microsoft — windows — current version — policies — explorer then into HonorAutoRunSetting — Modify. Once I knew where it was I could understand how it was launching itself.

If you have an external or some USB flash drive thumb drive or whatever, don’t be fooled. It could be in there.

Also, partioning your unused space, no matter how small, is really important I think.

By: Burnt

Burnt — Sun, 21 Mar 2010 15:53:08 +0000

@ Ricardo

I also have a blank password
I’m not sure if the virus places itself into the recovery partition, so after booting into the repair console run these commands, one of which may not work as I’m not sure if the recovery partition would have a device #

fixmbr \device0
fixmbr \device1
and maybe for the recovery partition
fixmbr \device3

Recovery partition does have a boot letter ie: E\
so run these commands also

Fixboot c:
Fixboot d:
Fixboot e:

exit

then restart.