What's The Best MBR Rootkit Trojan Removal Software

liquidfluidity

liquidfluidity

2[H]4U
Joined
Dec 28, 2006
Messages
2,926
Somehow my parents machine has been infected with a MBR Rootkit Trojan and NOD32 can't remove it. What's the best program for doing this or should I just plan on reformatting? Their machine is running XP Pro SP3 with NOD32 4.0434 , Malware Bytes , and a few other cleanup utilities. NOD is detecting it but can't seem to eradicate it. Help!:(
 
Will do. This is the first time I've ran into something that my "staple tools" couldn't deal with. Thanks!

Is that "Panda Anti-Rootkit Tool" ? Googling right now
 
When NOD32 failed for me, I used Sophos Anti-Rootkit. After running Sophos, I was then able to use Malwarebytes.
 
I actually ran Malwarebytes and it didn't pick up anything. I am going to make a list of suggested programs and run down the list. Hopefully one of them will do it. Thanks guys!
 
try my minipack let me know if you need help.
http://www.5secondnews.com/3/post/2009/09/roes-minipack-v4-released.html

steps a-c should take 30min or less.... sometimes sophos runs for a long time, after about 10 min, i often stop it, remove its suggestions that i know must be removed, when im done for the day i will go back and finish a full scan.

i would do this:
a. ccleaner to reduce scan time/files to scan
-run temper as well if multiuser machine
b. hijack this>paste log into the website i have in the minipack>fix/remove the red-x issues found on the site.
c. run sophos antirootkit carefully removing only the non-legit files. example: UAC in windows xp as a service is a red flag that it would be a virus since XP doesn't have UAC, then you would remove all related files in sophos... however something lets say a file you created and are 100% certain does not have a virus, would not need to be removed.
d. finish with malwarebytes full scan again from malwarebytes.org
e. afterwards if winxp check out dialafix (if you have ie8 uncheck the ie stuff and SSL), this will help repair damaged files
f. check for windows updates windowsupdate.com
 
One other tool that I have used and paid for is PC tools Spyware Doctor. It was one of the only tools that would help me remove Trojan.Vundo off of a friends machine. I have since used it on my wifes machine numerous times to clean off malware that she can't seem to keep out out.......

KM
 
for rootkits i start with GMER, then i use Spyware Doctor/MalwareBytes/ComboFix to ensure everything else hiding behind the rootkit is gone
 
Thanks for all of the replies ,guys. I have always been fond of PC Tools and some of the others mentioned. I will be getting All of these together and hope for the best. Will post back when I can get over to the parents house to deal with it.
 
cool let me know if you need any help with my minipack. the hijack this log analyzer is very handy followed by a sophos scan and then malwarebytes.org
 
A rootkit has no effect if you take the HD out and put it in another machine. Might want to try swapping it into another box and running an AV scan on it from there, if possible.
 
You must log in or register to reply here.
Back
Top