- 1 Post By hackerman1
- 1 Post By hackerman1
Boot loop caused by MBR virus
I am having some trouble removing a virus that is apparently on the MBR of a hard disk and I have had no luck removing it. I've rebuilt the MBR, ran malwarebytes, combofix, roguekiller, eset online scanner, Kaspersky Boot CD, etc.. Malwarebytes doesn't even find it, but MSE does. Offline Defender can't even remove it. Any ideas? How to scan and remove MBR viruses?
Last edited by Phoebe; 1st July 2015 at 09:36.
Removal Strategy: Remove viruses on the system that may have initially caused the MBR infection, check the MBR, clean the MBR, reboot, recheck the MBR.
Step 1: Disinfect as much of the system as you can. I recommend running Malwarebytes in Safe Mode and doing a full scan, then removing everything found. This step is important because it will most likely find the malware that can reinfect the MBR.
Step 2: Scan for the MBR virus with Bootkit Remover (don't forget to "Run as Admin" if you are not in Safe Mode).
If it says "Rootkit Activity Detected" it's self-explanatory)
Step 3: You have three options, one safe route and two risky routes
Read what Phoebe said:
Originally Posted by RulJessica
Originally Posted by Phoebe
Try Emsisoft Emergency Kit.
For more information read this post: Emsisoft Emergency Kit 10 released
MBR is the Master Boot Record which is stored in the hard drive but kept outside Windows partitions and volumes. It is tough to remove MBR virus but you can use antivirus software like OptimoAV, which help you to remove it.
Typical sign of MBR Virus:
Redirected to other web pages
System running too slow
Very slow start up
Unwanted error messages
To fix MBR virus, first check if the system has this virus using MBRCheck. If it reports an unknown MBR then use Windows Recovery Console or Recovery Environment to fix it.
A WARNING ABOUT Optimo Antivirus Software
BOTH ESET & EMSISOFT ANTIMALWARE (EAM) CLASSIFIES THEIR WEBBSITE AS A MALWARE SITE.
I CHECKED THE URL ON VIRUSTOTAL, SEE BELOW:
Detection ratio: 2 / 63
Analysis date: 2015-07-03 14:50:46 UTC ( 0 minutes ago )
ESET Malware site
Emsisoft Malware site
NOTE: THE PREVIOUS SCAN ON VIRUSTOTAL WAS ABOUT A YEAR AGO,
IT WAS FIRST ANALYSED BY VIRUSTOTAL ON 2014-06-17 18:51:38 UTC, WITH THE SAME RESULT.
SO THINK TWICE BEFORE YOU VISIT THAT WEBBSITE AND DOWNLOAD THEIR SOFTWARE.....
YOU MIGHT GET SOMETHING THAT YOU REALLY DONīT WANT....
Anyway, why use software from an unknown company for something so important as cleaning a computer from malware ?
You should use software from wellknown and respected companies like Malwarebytes and Emsisoft etc.
Last edited by hackerman1; 3rd July 2015 at 15:45.
Regarding my tip in the thread about Emsisoft Emergency Kit: Emsisoft Emergency Kit 10 released
"Itīs a good idea to have recoverytools like Emsisoft Emergency Kit on a USB-memory.
Create a bootable USB-memory with fx. WINDOWS-USB-DVD-DOWNLOAD-TOOL
Direct-download: Windows USB/DVD Download Tool - Download Release File
Then copy Emsisoft Emergency Kit to the USB-memory.
If your computer gets infected and doesnīt start your O/S, then you can boot the computer from the USB-memory and run Emsisoft Emergency Kit.
You should of course do this on a "clean" computer.
Since you have problems with your computer, do not do it on that computer....
There is also another way to get professional help, contact Emsisoft and ask for their assistance.
They will help you for free even if you havenīt bought their software !
Last edited by hackerman1; 23rd July 2015 at 11:46.