Tydda Jon - Slough
jon.tydda at lonza.com
Thu Apr 9 04:19:43 CDT 2009
Although, having googled it myself, you should look at this thread on the Vipre page: http://support.sunbeltsoftware.com/Default.aspx?answerid=1851 Answer ID: 1851 Product: VIPRE Last Updated: 4/1/2009 VIPRE found "Generic MBR Rootkit" Question What can I do about this "Generic MBR Rootkit"? Answer VIPRE is identifying a false positive on your computer. A false positive occurs when a virus scanner erroneously detects a 'virus' in a non-infected file. False positives result when the definition file used to detect a particular virus is not unique to the virus - i.e. the same signature appears in legitimate, non-infected software. The Generic MBR Rootkit that VIPRE is detecting is caused by a hidden partition on your computer. This hidden partition is in part generated by an active Backup software. e.g. Norton's GoBack, Roxio's GoBack, FarStone's DriveClone Pro & RestoreIT. The trace for this threat, in the detail summery looks something like this: - **<trace type="32" dispValue="""."PhysicalDrive0">** ** <attr n="path" v="""."PhysicalDrive0" />** We are currently working on correcting this false positive. In the meantime, you can set VIPRE to "always allow" this detection the next time the scan detects it. Also, this page tells you how to report a false positive: http://www.sunbeltsecurity.com/Submit.aspx?type=falsePositive&cs=5104D20A8309C784EE7BCD8BFF85EB45 And this one might help too: http://getsatisfaction.com/sunbeltsoftware/topics/need_help_with_mbr_rootkit_removal Jon -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Lembit Soobik Sent: Thursday, April 09, 2009 10:02 AM To: Discussion of Hardware and Software issues Subject: [dba-Tech] Generic MBR Rootkit and Vipre Hi, I have just installed Vipre on an old Win2K PC and the first scan found a "Generic MBR Rootkit", recommended action "Quarantaine". when I clicked "Clean", it showed up as "Allowed". scanned again, found the rootkit again, this time I definetely set it to "Delete", hit Clean and again it shows up as allowed. Obviously this kid is able to cheat Vipre. just ran Malwarebytes, which did not find that rootkit - at least not with quickscan. now running deep scan. any idea how to get rid of that beast? thanks Lembit _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com This communication and its attachments, if any, may contain confidential and privileged information the use of which by other persons or entities than the intended recipient is prohibited. If you receive this transmission in error, please contact the sender immediately and delete the material from your system.