Added Date: 2008-11-25 | Editor: Jack | About: Trojan, Trojan.Mebroot
Aliases: StealthMBR [McAfee], TROJ_SINOWAL.AD [Trend],
Systems Affected: Windows95, Windows98, WindowsME, Windows2000, WindowsNT, Windows2003, WindowsXP, Windows Vista
Overview of Trojan.Mebroot:
Once Trojan.Mebroot launches, its main destructive payload is going to infect the Master Boot Record code and wreaking havoc on the infected system. This pest installs a rootkit in early stages of the system boot process, which hides the presence of the Mebroot trojan on your system.
Symptoms of Trojan.Mebroot:
The trojan attempts communication on TCP port 80 to: Http:\\ogercnt.info\[removed]
The trojan also creates the following files:
%TEMP%\cln5.tmp
%WINDIR%\Temp\00000219.tmp
%WINDIR%\Temp\ldo6.dll
%WINDIR%\Temp\ldo6.tmp
Solutions:
1. Update the virus definitions and then use antivirus software remove the trojan fast and safely:
Norton Internet Security 2009
2. Restart the computer and using the Windows Recovery Console to remove this trojan.
a. Insert the Windows XP CD-ROM into the CD-ROM drive.
b. Restart the computer from the CD-ROM drive.
c. Press R to start the Recovery Console when the "Welcome to Setup" screen appears.
e. Select the installation that you want to access from the Recovery Console.
f. Enter the administrator password and press Enter.
g. Type the following command and press Enter: fixmbr.
h. Following the onscreen instructions to restore the Master Boot Record.
i. Type exit and press Enter, to restart the computer.
|
