ugh. boot.mebroot maleware/virus.

[Rulke]

Greetings,

So I got this from opening an email I thought was from a craigslist buyer (or so this is my best guess). Ive done research online about this and it seems its near impossible to get rid of. Here is a question I have: can maleware/viruss write itself into the bIOS? I ask this beacuse I have reformatted my infected HDD and as soon as I got a fresh copy of windowsXP on it, and installed Norton, it found it again. I cant get rid of it. I am wondering if my HDD is still somehow infected (I can get a spare from my dad after work) or if my BIOS is messed up. If its in my BIOS what do I do? For those still reading/curious, here is what I did to try to remove it based of research/directions posted on various antivirus sites:

1. Start the computer using Windows Recovery Console:
- Insert the Windows XP CD-ROM into the CD-ROM drive.
- Restart the computer from the CD-ROM drive.
- Press R to start the Recovery Console when the “Welcome to Setup” screen appears.
- Select the installation that you want to access from the Recovery Console.
- Enter the administrator password and press Enter.
- Type “fixmbr” command and press Enter:
(Following the onscreen instructions to restore the Master Boot Record)

2. Exit by typing “Exit” and press enter when done. The computer will now restart automatically.

3. Temporarily Disable System Restore (For WinXP only)
- On the Desktop, Right Click on My Computer
- Select the System Restore Tab
- Mark the “Turn Off System Restore” to disable and UnMark to Enable
- Click Apply on the Bottom of the Dialog Box to save the settings.
- A message “This deletes all existing restore points” will appear, click Yes to disable.
- Click OK.
Note: System Restore must be enabled after cleaning process.

4. Update the virus definitions.

5. Reboot computer in SafeMode
- During BootUp (just before Windows Start) process Press F8 continuously until selection appears
- Use Arrow Up+Down to select SafeMode on the selections menu.

6. Run a full system scan and clean/delete all infected file(s)

I am unable to delete the file, as #6 suggests. Anyway, just to rephrase the main question: can a virus/maleware be written into BIOS somehow? How can this be fixed if so? Thanks.

[Cephius]

It's possible but pretty unlikely. Are you sure you don't have some kind of removable media attached to your computer (floppy, USB stick, external HDD, etc) where it installed itself?

Also I'm confused, did you actually reformat the computer or did you follow the steps you posted? (Or both?)

Anyway, every BIOS has a "reset to defaults" option. Also try unplugging the computer and pulling the CMOS battery (it looks like a watch battery, located directly on the motherboard) for about 5 minutes. Press the power button to discharge any juice and that should reset everything.

[Mafai]

So I got this from opening an email I thought was from a craigslist buyer (or so this is my best guess).

by this you mean a casual encounter, right? anyway

give this a shot.

Download Trojan.Mebroot Removal Tool 1.0.1 - Antivirus tool that will enable the removal of Trojan.Mebroot - Softpedia

if it fails i have some more manual instructions

[Rulke]

It's possible but pretty unlikely. Are you sure you don't have some kind of removable media attached to your computer (floppy, USB stick, external HDD, etc) where it installed itself?

Also I'm confused, did you actually reformat the computer or did you follow the steps you posted? (Or both?)

Anyway, every BIOS has a "reset to defaults" option. Also try unplugging the computer and pulling the CMOS battery (it looks like a watch battery, located directly on the motherboard) for about 5 minutes. Press the power button to discharge any juice and that should reset everything.

I actually refromatted first. Then, when I came back into windows for the first time, and installed Norton, upon the following restart the virus popped back up again. I do have a slave drive on my system, I didnt think it would go there but I will check that out.

[Mafai]

I actually refromatted first. Then, when I came back into windows for the first time, and installed Norton, upon the following restart the virus popped back up again. I do have a slave drive on my system, I didnt think it would go there but I will check that out.

what files is it saying it infected?