[dba-Tech] Generic MBR Rootkit and Vipre

Tydda Jon - Slough jon.tydda at lonza.com
Thu Apr 9 04:05:16 CDT 2009


Hi Lembit

Can you run Vipre when you boot into safe mode? Lots of drivers etc aren't loaded in safe mode, so you might be able to remove it. Otherwise, try googling for specific removal tools. Some anti-virus companies make tools to remove specific individual infections, I remember they all did one for Sasser, maybe there's one for this one?

Hope this helps


Jon

-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Lembit Soobik
Sent: Thursday, April 09, 2009 10:02 AM
To: Discussion of Hardware and Software issues
Subject: [dba-Tech] Generic MBR Rootkit and Vipre

Hi,
I have just installed Vipre on an old Win2K PC and the first scan found a "Generic MBR Rootkit", recommended action "Quarantaine".
when I clicked "Clean", it showed up as "Allowed".
scanned again, found the rootkit again, this time I definetely set it to "Delete", hit Clean and again it shows up as allowed.

Obviously this kid is able to cheat Vipre.

just ran Malwarebytes, which did not find that rootkit - at least not with quickscan. now running deep scan.

any idea how to get rid of that beast?

thanks
Lembit

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

This communication and its attachments, if any, may contain confidential and privileged information the use of which by other persons or entities than the intended recipient is prohibited. If you receive this transmission in error, please contact the sender immediately and delete the material from your system.




More information about the dba-Tech mailing list