Overall Risk Level:
Trojan.Mebroot is a dealdy Trojan that can modify and infect the Master Boot Record (MBR) of the hard-disk. Antivirus will hardly detect the trojan because it uses rootkit techniques to hide itself.
Other Alias:
StealthMBR
Stealth MBR rootkit
Threat Level: Low
Systems Affected: Windows - All
More: Trojan.Mebroot on SSR
How to Remove Trojan.Mebroot:
On this page is our suggested (by precisesecurity) removal procedure and Visitor's own suggestion. We cannot control and evaluate each suggested procedure so please use it at your own risks. If no suggestion is present to remove virus, spyware, adware and malware, you may try the following:- Remove Trojan.Mebroot with Standard Virus Scan
- Scan Trojan.Mebroot with MalwareByte's Anti-Malware
One Response for "Trojan.Mebroot"
1. Start the computer using Windows Recovery Console:
- Insert the Windows XP CD-ROM into the CD-ROM drive.
- Restart the computer from the CD-ROM drive.
- Press R to start the Recovery Console when the “Welcome to Setup” screen appears.
- Select the installation that you want to access from the Recovery Console.
- Enter the administrator password and press Enter.
- Type “fixmbr” command and press Enter:
(Following the onscreen instructions to restore the Master Boot Record)
2. Exit by typing “Exit” and press enter when done. The computer will now restart automatically.
3. Temporarily Disable System Restore (For WinXP only)
- On the Desktop, Right Click on My Computer
- Select the System Restore Tab
- Mark the “Turn Off System Restore” to disable and UnMark to Enable
- Click Apply on the Bottom of the Dialog Box to save the settings.
- A message “This deletes all existing restore points” will appear, click Yes to disable.
- Click OK.
Note: System Restore must be enabled after cleaning process.
4. Update the virus definitions.
5. Reboot computer in SafeMode
- During BootUp (just before Windows Start) process Press F8 continuously until selection appears
- Use Arrow Up+Down to select SafeMode on the selections menu.
6. Run a full system scan and clean/delete all infected file(s)
Any Response?