Boot.Mebromi
Boot.Mebromi is identification for Master Boot Record (MBR) that is compromised by Trojan.Mebroni. Since MBR is section of hard drive used primarily to execute start up operation of the system, it is constantly targeted by virus developers.
Boot.Mebromi utilized low-level type of infection in sync with advanced rootkit method makes it less likely to get detected by security programs. The Trojan is not contented on infecting the boot record alone but also employs direct disk access and embeds malicious code to vacant sectors of hard disk causing operating system insensible of its presence. Given these sophisticated means of invading local hard drive Its not at all surprising why Boot.Mebromi is hard to detect and much complex to remove.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Distribution
Boot.Mebromi can infect any computer users in a variety of method. The usual way of spreading this Trojan is through spam email messages. Either Trojan is attached to email or a body of the message may contain links pointing to the Trojan. Other propagation means includes instant messaging software and compromised legitimate web sites.
%System%\winlogon.exe (found on Windows XP or 2003) %System%\winnt.exe (found on Windows 2000 systems)
How to Remove Boot.Mebromi
Restore Windows Components
During an infection, Boot.Mebromi drops various files. The worm intentionally hides system files by setting options in the registry. With these accomplishments, the best solution is to return Windows to previous working state is trough System Restore. If previous restore point is saved, you may proceed with Windows System Restore.Manual Removal Procedure
1. If an anti-virus program is present, update the definition file. Each anti-virus program has its own way to update the database. Please refer to your software manufacturer’s manual.
2. Reboot Windows in Safe Mode to ensure that only minimal Windows components are loaded.
- After turning on the power of the computer, press F8 on your keyboard.
- It will display the Boot Options menu, select Safe Mode.
3. Run a full system scan and clean/delete all infected files related to Boot.Mebromi.
4. Delete or modify any values added by Boot.Mebromi to the registry if present. Please see the reference.
- To edit the registry, click on Start > Run and type regedit.exe in the field.
- Alternatively, you may press Windows Key + R on your keyboard to open the RUN command.
5. Exit registry editor when done. You may now restart the computer.