computerpro3
LightningRod
- Joined
- Mar 29, 2003
- Messages
- 8,702
So, I just had my first major virus problem in about six or seven years. I was unraring a file I downloaded and MSE alerted to Aluren.a. I clicked "remove" and my computer immediately did a "unknown hard error" BSOD. Then it would no longer boot.
Apparently, this is a really nasty rootkit that injects itself into not only system drivers (atapi.sys) but into the MBR as well. A simple reformat will not fix it.
I transferred the drive (250GB Vertex SSD) into a second PC and MSE claimed to remove it. TDSSKiller also comes up clean. But honestly I just don't trust it. MSE shouldn't be able to affect the MBR, right? It's got to be still there.
Is there any way to truly remove it or should I just secure-erase the drive?
Will fixmbr overwrite the infected copy with a clean one?
Apparently, this is a really nasty rootkit that injects itself into not only system drivers (atapi.sys) but into the MBR as well. A simple reformat will not fix it.
I transferred the drive (250GB Vertex SSD) into a second PC and MSE claimed to remove it. TDSSKiller also comes up clean. But honestly I just don't trust it. MSE shouldn't be able to affect the MBR, right? It's got to be still there.
Is there any way to truly remove it or should I just secure-erase the drive?
Will fixmbr overwrite the infected copy with a clean one?