Trojan.Mebroot
Trojan.Mebroot is one threat that uses advanced techniques to infect a computer. It requires systematic removal procedure to get rid of this Trojan.
Trojan.Mebroot is a deadly Trojan that can modify and infect Master Boot Record (MBR) of hard-drive. This Trojan can hide its presence by utilizing a complex rootkit technology. Trojan.Mebroot will infect the Master Boot Record (MBR) of the hard drive where boot-strapping of the operating system occurs. When starting the computer, infected MBR is loaded so as the Trojan that became a part of it. This method makes the harmful Trojan memory-resident. Trojan.Mebroot can now execute its own code that will load specific rootkit-driver and execute other malware that were dropped on the compromised computer.
Trojan.Mebroot may arrive on the system in a variety of ways. It primarily propagate on web sites that will take advantage of Internet browser’s vulnerability. Visiting these sites can download the Trojan without the knowledge of user. Fake multimedia web site that offers online adult movies are also responsible to broaden the infection of Trojan.Mebroot. The Trojan will disguise as a required player or decoder needed to watch movie which is actually non-operative. Additionally, Trojan.Mebroot is famously distributed as software cracks and key generators on file-sharing networks. Malicious files are deliberately uploaded by malware authors and shared as useful tool to completely run an unlicensed program.
Alias: StealthMBR, Stealth MBR rootkit
Threat Level: High
Systems Affected: Windows 9x, 2000, XP, Windows Vista/7
How to Remove Trojan.Mebroot
NOTE: We suggest that you PRINT or BOOKMARK this guide. There are steps that we may have to restart the computer in order to successfully remove the threat.
Step 1 : Scan and remove Trojan.Mebroot with this special tool
1. Temporarily Disable System Restore if your system is running on Windows Me/XP. [how to]
2. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- Windows will boot loading only necessary drivers and system files. Expect that it will run with minimal features and low-resolution display.
Anti-rootkit utility called TDSSKiller is a free tool from Kasperksy that neutralizes complicated malware which effectively hides its process, folders, files and registry entries.
3. Click the button to download TDSSKiller from Kaspersky's official web site. Save the file to your desktop.
4. Extract the contents using archiver applications.
5. Locate and run the TDSSKiller.exe file.
6. On Object to Scan, please mark Services and drivers as well as Boot Sectors.
7. Click on Start Scan to begin scanning your system. This may take a while.
8. After the scan is finished, it will reboot the computer. Continue with the steps to further test the computer for virus infection.
Step 2 : Run a scan with your antivirus program
1. Repeat the process of starting Windows in Safe Mode with Networking.
2. Open your antivirus program and download the most recent update. This method ensures that your antivirus program can detect even newer variants of Trojan.Mebroot.
Updating your antivirus software is a one-click process. Please refer to your software manual for complete instructions.
3. Once updating is finished, run a full system scan on the affected PC. After the scan, delete all infected items. If unable to clean or delete, better place the threat in quarantine.
Step 3: Run another test with online virus scanner
Another way to remove Trojan.Mebroot without the need to install additional antivirus software is to perform a thorough scan with free online virus scanner. It can be found on websites of legitimate antivirus and security provider.
1. Click the button below to proceed to the list of suggested Online Virus Scanner. Choose your desired provider. You can run each scan individually, one at a time, to ensure that all threats will be removed from the computer. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
2. After completing the necessary download, your system is now ready to scan and remove Trojan.Mebroot and other kinds of threats.
3. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
4. Remove or delete all detected items.
5. When scanning is finished, you may now restart the computer in normal mode.
Alternative Removal Procedures for Trojan.Mebroot
Option 1 : Use Windows System Restore to return Windows to previous state
If Trojan.Mebroot enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Trojan.Mebroot infiltrates the PC, we highly encourage you to execute this procedure if none of the above works.
To verify if System Restore is active on your computer, you can type system restore into the Start menu search box. Typing rstrui on the same box and pressing Enter also opens this function.
If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.
Ways to Prevent Trojan.Mebroot Infection
Take the following steps to protect the computer from threats. Suggested tools and security setup within installed software helps prevent the same attack on your PC.
Install an effective anti-malware program
Your first line of defense would be an effective security program that provides real-time protection. We have a list of anti-malware program that are tried and tested. It does not only scan files but also monitors your Internet traffic and is extremely active on blocking malicious communication. Click on the button below to download our recommended anti-malware program.