Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Removal Of Rootkit.mbr.sst.b (boot Image) Virus
walkerbraces
post Nov 3 2011, 04:54 PM
Post #1


Newbie


Group: Members
Posts: 4
Joined: 3-November 11
Member No.: 79,820



I just reformatted my computer, installed BD2010 AntiVirus (updated version), ran all updates, and did a full scan. I got the following message:

Bit Defender has blocked a virus!
Name: Rootkit.MBR.Sst.B (Boot Image)
Location: C:
BD could not disinfect, delete or quarantine this item. Access to this object has been denied.


I couldn't find this particular virus mentioned anywhere on the forums. Can anyone help?
Go to the top of the page
 
+Quote Post
Cristi
post Nov 3 2011, 05:19 PM
Post #2


Technical Support
*****

Group: Technical Support
Posts: 1,560
Joined: 25-January 10
From: BD HQ
Member No.: 30,868



Please run a deep system scan and post here the results.
This infection should already be disinfected.
Also let me know what is your operating system and how many gigs/megs of RAM you have on the system.
Go to the top of the page
 
+Quote Post
walkerbraces
post Nov 3 2011, 09:56 PM
Post #3


Newbie


Group: Members
Posts: 4
Joined: 3-November 11
Member No.: 79,820



I've tried the post this response three times, so please forgive me if it is a duplicate. After running the deep scan, I got the message that the virus was still there, so I clicked the option to delete. It then gave me a message that no action could be taken, so it is still there. I am running Windows XP on a 2.40 gig with 988 megs of RAM.

What now?
Go to the top of the page
 
+Quote Post
Cristi
post Nov 4 2011, 03:53 PM
Post #4


Technical Support
*****

Group: Technical Support
Posts: 1,560
Joined: 25-January 10
From: BD HQ
Member No.: 30,868



To remove this virus you have 2 options available.

1. upgrade for free to Bitdefender 2012 and run a complete scan when done.

http://www.bitdefender.com/support/How-to-...r-2012-711.html

2.restore the MBR (Master Boot Record) of your hard disk using the Windows CD.
the command that you need to run is: fixmbr
Full info is available here:


http://helpdeskgeek.com/how-to/fix-mbr-xp-vista/
Go to the top of the page
 
+Quote Post
walkerbraces
post Nov 4 2011, 05:52 PM
Post #5


Newbie


Group: Members
Posts: 4
Joined: 3-November 11
Member No.: 79,820



is bit defender 2012 compatible with windows xp?
Go to the top of the page
 
+Quote Post
Christian
post Nov 4 2011, 06:08 PM
Post #6


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hi

Bitdefender 2012 is compatible with Windows XP, but you need to have Service Pack 3 installed.

Installation steps are available here:

http://forum.bitdefender.com/index.php?act...f=226&id=42

Thank you.
Go to the top of the page
 
+Quote Post
walkerbraces
post Nov 8 2011, 04:36 PM
Post #7


Newbie


Group: Members
Posts: 4
Joined: 3-November 11
Member No.: 79,820



I've had internet connectivity issues, so haven't been able to move through these steps until now.

I restored the Master Boot Record as directed, restarted computer and got the same message about virus.
I followed instructions for upgrading to BD 2012, and at the end of the scan received an alert under Events that said:
Infected file detected
Event details:
File: C:
Action taken: Deny
Date: Tuesdsay, November 8, 2011 9:25:35 am
Virus name: Rootkit.MBR.Sst.B (Boot Image)

My assumption is this means my computer is not actually infected, but a threat was detected and denied. Is this correct, or does "deny" mean the virus was not allowed to be deleted from computer?
I may be overthinking this....

And btw, I can't tell you how much I appreciate your help with this. I NEVER would have been able to get to the "root" of the problem. (IMG:style_emoticons/default/laugh.gif)
Go to the top of the page
 
+Quote Post
Christian
post Nov 8 2011, 05:29 PM
Post #8


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



In order to be able to further investigate the reported situation we need a bit more information from your computer as follows:

. A BDSYS log;

[how to GENERATE A BDSYS LOG]
. Save and extract the BDSYS tool to a location of your choice:

http://www.bitdefender.com/files/Knowledge.../BDInfoTool.exe

. Make sure you close all active applications and then run "BDInfoTool.exe"; If you receive a firewall
alert,select to Allow the application to connect;
. Click the "Create log" button to start generating the
log; A progress bar is indicating that the tool is creating the report;
. When the small window appears with the message "Log
saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;
. Send me via PM the generated log file.
. If the file is to big for send it over PM, upload the results to one of the online file hosting servers mentioned below or use one of your own and send via PM the download link.

http://www.sendspace.com
http://www.mediafire.com

IMPORTANT:

.During this process the Real Time Protection in Bitdefender must be temporarily disabled;
.If you receive a Bitdefender Firewall alert to inform you that BDInfoTool.exe tries to connect to the internet,then you need to select Allow;

[how to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2012]
In order to disable the antivirus protection,please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield"tab and click on "Turn off" under On-access scanning.Select the time interval that suites your troubleshooting needs and click "OK" . The On-access scanning should be enabled back after finishing the troubleshooting procedure.

We will get back to you as soon as the analysis is complete. Have a nice day.
Go to the top of the page
 
+Quote Post
blueorder
post Nov 10 2011, 05:45 PM
Post #9


Newbie


Group: Members
Posts: 1
Joined: 10-November 11
Member No.: 80,737



I'm actually having similar issues. I have bitdender 2011 and Windows 7. After several different scans and being reinfected a few times, this was my last showing:

Ignored issues:
File path: Master boot record....Rootkit.MBR.sst.c (boot image) (ignored limited rights)
Also: Trojan.generic 6793636 (ignored limited rights)

I don't have a Windows boot disc as I bought my computer as is...

Can anyone provide any tips?
Thank you!!

Attached File(s)
Attached File  virus.jpg ( 140.25K ) Number of downloads: 19
 
Go to the top of the page
 
+Quote Post
Christian
post Nov 12 2011, 07:18 PM
Post #10


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello

Sorry for the delayed reply.

The guys from our lab are working on a solution for these types of infections(MBR infection).

I will post more details on Monday.

Thank you.
Go to the top of the page
 
+Quote Post
Christian
post Nov 17 2011, 02:00 PM
Post #11


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello

Sorry for the delayed reply.

The removal tool has been posted here:

http://www.malwarecity.com/blog/new-bitdef...ction-1238.html

This should clean all the know MBR infectors.

Thank you.
Go to the top of the page
 
+Quote Post
Technology Now
post Nov 20 2011, 10:30 PM
Post #12


Newbie


Group: Members
Posts: 2
Joined: 20-November 11
Member No.: 82,043



I have a customer with BitDefender Internet Security 2012 got hit with the Rootkit.mbr,sst,b bootimage virus. Tried booting in safe mode to run the tool with no luck? Especially with all the admin rights gone, also tried to boot to an ultimate XP CD load XP shell and no luck loading or running the tool. Any suggestions would be greatly appreciated.


Thanks
Kevin
Go to the top of the page
 
+Quote Post
Christian
post Nov 21 2011, 10:13 AM
Post #13


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hi Kevin.

Can you run a scan in Rescue Mode?

You have all the information right here:

http://www.bdantivirus.com/bitdefender/ant...ion.rescue.html

Thank you.
Go to the top of the page
 
+Quote Post
Technology Now
post Nov 23 2011, 12:51 AM
Post #14


Newbie


Group: Members
Posts: 2
Joined: 20-November 11
Member No.: 82,043



QUOTE (Cristi B. @ Nov 21 2011, 03:13 AM) *
Hi Kevin.

Can you run a scan in Rescue Mode?

You have all the information right here:

http://www.bdantivirus.com/bitdefender/ant...ion.rescue.html

Thank you.



Let me clerify, The PC was not running BitDefender when it was infected it was Trend, with that said.

I built a new Hard Drive up from Scratch and Loaded BitDefender IS 2012, Attached the original drive up as a slave and scanned it, I can see it scanning data files and it found the infection but was denied of cleaning it. I did try running this in Rescue Mode but it fails to reboot the PC once I make that choice??


When I boot the the original infected drive in the system I can't get the software to install, and everything appears to be GONE!! LOL
Go to the top of the page
 
+Quote Post
Stillwater
post Nov 23 2011, 02:03 AM
Post #15


Newbie


Group: Members
Posts: 8
Joined: 9-September 08
Member No.: 16,522



I also got this and was scanning from a clean computer hooked to an external drive up and was scanning when this showed up. Bitdefender 2012 could not remove it. It also reported weird drive letter (ie it was on the G drive but showed up as a E: drive which was my DVD drive with no disk in it.). I ran the recommeded removal tool but it did not find any infection.

Further investigation of the drive showed a new partition on the drive where one should not have been. On a clean system i used disk manager to delete the additional partition and then mark the "good" partition as the active partition. Apparently this MBR creates a new partition and then sets it as the active parition and when you reboot it boots to the new partition which then infects the PC, and then boots to the old parition. After I deleted the partition, I ran another scan and it showed up clean.
Go to the top of the page
 
+Quote Post
Christian
post Nov 27 2011, 04:50 PM
Post #16


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello

New removal tools have been posted here:

http://www.malwarecity.com/blog/new-bitdef...ction-1238.html

Thank you.
Go to the top of the page
 
+Quote Post
Mike G
post Dec 22 2011, 06:02 AM
Post #17


Newbie


Group: Members
Posts: 1
Joined: 22-December 11
Member No.: 85,525



QUOTE (Cristi B. @ Nov 27 2011, 06:50 PM) *
Hello

New removal tools have been posted here:

http://www.malwarecity.com/blog/new-bitdef...ction-1238.html

Thank you.

Hello,

I downloaded and ran the removal tool. It said the computer needed to restart. Once it was restarting it didn't go through the boot process and is now stuck with a black screen that says "loading operating system... " please help as I do not have a boot disk to load from.
Go to the top of the page
 
+Quote Post
Christian
post Dec 28 2011, 10:46 AM
Post #18


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello

Our lab just released a new removal tool.

This tool can remove the following infections:

QUOTE
Rootkit.MBR.Alipop.B
Rootkit.MBR.Alipop.C
Rootkit.MBR.Fengd.A
Rootkit.MBR.Fips.A
Rootkit.MBR.Locker.A
Rootkit.MBR.Locker.B
Rootkit.MBR.Mayachok.A
Rootkit.MBR.Mebratix.A
Rootkit.MBR.Mebratix.B
Rootkit.MBR.Mebroot.A
Rootkit.MBR.Mebroot.B
Rootkit.MBR.Mybios.A
Rootkit.MBR.Pihar.A
Rootkit.MBR.Pihar.B
Rootkit.MBR.Pihar.C
Rootkit.MBR.Pihar.D
Rootkit.MBR.Ramnit.A
Rootkit.MBR.Sst.A
Rootkit.MBR.Sst.B
Rootkit.MBR.Sst.C

Rootkit.MBR.TDSS.A
Rootkit.MBR.TDSS.B
Rootkit.MBR.TDSS.C
Rootkit.MBR.Whistler.A
Rootkit.MBR.Whistler.B
Rootkit.MBR.Whistler.C
Rootkit.MBR.Yoddos.A
Rootkit.MBR.Yoddos.B
Rootkit.MBR.Zegost.A
Win32.Ramnit.N


http://www.malwarecity.com/blog/new-bitdef...ction-1238.html

Thank you.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 1st September 2014 - 01:28 PM