Jump to content

MBR Thought

Rubixone

By Rubixone,
in Malwarebytes for Windows

 Share

Recommended Posts

Rubixone

Rubixone

Posted
Posted

So i just wanna start out by saying that I love MBAM, and will always use it. Love it love it love it.

So heres what happened, I had an xp system with like 14 virus, 42 mw, 710 reg errors.

So I cleaned all that up, the major problem was "system tools" mw, rolled the system back like 3 days, took out the "system tools", used MBAM and clean rest out had a clean machine for 2 weeks then it came back, "system tools" that is. So I pulled the HD and formated it from another machine cause there was no value on the data, turns out there was Something nested in the MBR.

1. Why wasn't MBAM able to remove this?

2. Why couldn't MBAM Find this infection? dos\alureon its in the MBR

3. Why did I have to use Microsoft securty Essentials to find it? Mind you that wouldn't remove it either.

4. Was using the XP disk the only way to rewrite the MBR, or would have "remove on boot" taken it out, and if so how would you even see the MBR?

Link to post
Share on other sites
  • Staff
nosirrah

nosirrah

Posted
  • Staff
Posted

So i just wanna start out by saying that I love MBAM, and will always use it. Love it love it love it.

So heres what happened, I had an xp system with like 14 virus, 42 mw, 710 reg errors.

So I cleaned all that up, the major problem was "system tools" mw, rolled the system back like 3 days, took out the "system tools", used MBAM and clean rest out had a clean machine for 2 weeks then it came back, "system tools" that is. So I pulled the HD and formated it from another machine cause there was no value on the data, turns out there was Something nested in the MBR.

1. Why wasn't MBAM able to remove this?

2. Why couldn't MBAM Find this infection? dos\alureon its in the MBR

3. Why did I have to use Microsoft securty Essentials to find it? Mind you that wouldn't remove it either.

4. Was using the XP disk the only way to rewrite the MBR, or would have "remove on boot" taken it out, and if so how would you even see the MBR?

There are multiple issues with the MBR the biggest being that it loads before anything else can so there is no typical way to trump it on reboot. There are also issues with OEM specific MBRs that if overwritten with the OS standard MBR can cause serious problems. There is no 'perfect way' to fix the MBR but FIXMBR from recovery console is the likely the best way in most cases.

Link to post
Share on other sites
Rubixone

Rubixone

Posted
  • Author
Posted

Did you use a Registry Cleaner / Fixer to find 710 Reg errors - These are not detected by Malwarebytes (and are often false) -

Read http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html and your system will be better off -

yeah I used CCLeaner for the reg. files. So when you use the XP cd to fixMBR and it rewrites it, it that because the xp is acting like a live distro cd? so there for it has its owen MBR, and why do some programs claim they can fix it.

Also does any one know if the "system tools" mw is connected with the "Dos\alou" whatever it is?

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted
Also does any one know if the "system tools" mw is connected with the "Dos\alou" whatever it is?

Can you please check the spelling of Dos\alou - There are no items in Google to match it -

For CCleaner , Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
Quote = AdvancedSetup

Great as a Temp file cleaner , but the Registry area should be unchecked, as you may get false readings -

Link to post
Share on other sites
Rubixone

Rubixone

Posted
  • Author
Posted

Can you please check the spelling of Dos\alou - There are no items in Google to match it -

Quote = AdvancedSetup

Great as a Temp file cleaner , but the Registry area should be unchecked, as you may get false readings -

the spelling is dos\alureon.a it was in the original post if you readit. every one should forget about reg cleaners, this topic is not even about that, mt reg cleaner works fine, my concern is why wont MBAM remove system tools or did it and the dos\alureon.a, made a gateway to come back or how did it happen is mainly my question.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Do you have the paid version of MBAM?

If so, was it active when you were infected?

Do you have a updated anti-virus running?

Do you have a firewall active?

If you're trying to use a tool / program "after" you're infected, it's a whole different ballgame.

BTW, running FixMBR on some computers, will leave you with a Windows re-install.

As for TDSSKiller, it's designed to remove Rootkits and that's all.

Link to post
Share on other sites
Rubixone

Rubixone

Posted
  • Author
Posted

Do you have the paid version of MBAM?

If so, was it active when you were infected?

Do you have a updated anti-virus running?

Do you have a firewall active?

If you're trying to use a tool / program "after" you're infected, it's a whole different ballgame.

BTW, running FixMBR on some computers, will leave you with a Windows re-install.

As for TDSSKiller, it's designed to remove Rootkits and that's all.

Yes the paid for version was running when I got infected, yes it was active till System Tools deactivated it.

yes avast was updated and running, and yes fire wall was on.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept