Jump to content


Photo

Removal Of Rootkit.mbr.sst.b (boot Image) Virus


  • Please log in to reply
17 replies to this topic

#1 walkerbraces

walkerbraces

    Newbie

  • Members
  • 4 posts

Posted 03 November 2011 - 05:54 PM

I just reformatted my computer, installed BD2010 AntiVirus (updated version), ran all updates, and did a full scan. I got the following message:

Bit Defender has blocked a virus!
Name: Rootkit.MBR.Sst.B (Boot Image)
Location: C:
BD could not disinfect, delete or quarantine this item. Access to this object has been denied.


I couldn't find this particular virus mentioned anywhere on the forums. Can anyone help?


#2 Cristi

Cristi

    Technical Support

  • Technical Support
  • PipPipPipPipPip
  • 1,575 posts
  • Gender:Male
  • Location:BD HQ

Posted 03 November 2011 - 06:19 PM

Please run a deep system scan and post here the results.
This infection should already be disinfected.
Also let me know what is your operating system and how many gigs/megs of RAM you have on the system.

#3 walkerbraces

walkerbraces

    Newbie

  • Members
  • 4 posts

Posted 03 November 2011 - 10:56 PM

I've tried the post this response three times, so please forgive me if it is a duplicate. After running the deep scan, I got the message that the virus was still there, so I clicked the option to delete. It then gave me a message that no action could be taken, so it is still there. I am running Windows XP on a 2.40 gig with 988 megs of RAM.

What now?

#4 Cristi

Cristi

    Technical Support

  • Technical Support
  • PipPipPipPipPip
  • 1,575 posts
  • Gender:Male
  • Location:BD HQ

Posted 04 November 2011 - 04:53 PM

To remove this virus you have 2 options available.

1. upgrade for free to Bitdefender 2012 and run a complete scan when done.

http://www.bitdefend...r-2012-711.html

2.restore the MBR (Master Boot Record) of your hard disk using the Windows CD.
the command that you need to run is: fixmbr
Full info is available here:


http://helpdeskgeek....x-mbr-xp-vista/

#5 walkerbraces

walkerbraces

    Newbie

  • Members
  • 4 posts

Posted 04 November 2011 - 06:52 PM

is bit defender 2012 compatible with windows xp?


#6 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 04 November 2011 - 07:08 PM

Hi

Bitdefender 2012 is compatible with Windows XP, but you need to have Service Pack 3 installed.

Installation steps are available here:

http://forum.bitdefe...t...f=226&id=42

Thank you.

#7 walkerbraces

walkerbraces

    Newbie

  • Members
  • 4 posts

Posted 08 November 2011 - 05:36 PM

I've had internet connectivity issues, so haven't been able to move through these steps until now.

I restored the Master Boot Record as directed, restarted computer and got the same message about virus.
I followed instructions for upgrading to BD 2012, and at the end of the scan received an alert under Events that said:
Infected file detected
Event details:
File: C:
Action taken: Deny
Date: Tuesdsay, November 8, 2011 9:25:35 am
Virus name: Rootkit.MBR.Sst.B (Boot Image)

My assumption is this means my computer is not actually infected, but a threat was detected and denied. Is this correct, or does "deny" mean the virus was not allowed to be deleted from computer?
I may be overthinking this....

And btw, I can't tell you how much I appreciate your help with this. I NEVER would have been able to get to the "root" of the problem. laugh.gif

#8 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 08 November 2011 - 06:29 PM

In order to be able to further investigate the reported situation we need a bit more information from your computer as follows:

. A BDSYS log;

[how to GENERATE A BDSYS LOG]
. Save and extract the BDSYS tool to a location of your choice:

http://www.bitdefend.../BDInfoTool.exe

. Make sure you close all active applications and then run "BDInfoTool.exe"; If you receive a firewall
alert,select to Allow the application to connect;
. Click the "Create log" button to start generating the
log; A progress bar is indicating that the tool is creating the report;
. When the small window appears with the message "Log
saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;
. Send me via PM the generated log file.
. If the file is to big for send it over PM, upload the results to one of the online file hosting servers mentioned below or use one of your own and send via PM the download link.

http://www.sendspace.com
http://www.mediafire.com

IMPORTANT:

.During this process the Real Time Protection in Bitdefender must be temporarily disabled;
.If you receive a Bitdefender Firewall alert to inform you that BDInfoTool.exe tries to connect to the internet,then you need to select Allow;

[how to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2012]
In order to disable the antivirus protection,please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield"tab and click on "Turn off" under On-access scanning.Select the time interval that suites your troubleshooting needs and click "OK" . The On-access scanning should be enabled back after finishing the troubleshooting procedure.

We will get back to you as soon as the analysis is complete. Have a nice day.

#9 blueorder

blueorder

    Newbie

  • Members
  • 1 posts

Posted 10 November 2011 - 06:45 PM

I'm actually having similar issues. I have bitdender 2011 and Windows 7. After several different scans and being reinfected a few times, this was my last showing:

Ignored issues:
File path: Master boot record....Rootkit.MBR.sst.c (boot image) (ignored limited rights)
Also: Trojan.generic 6793636 (ignored limited rights)

I don't have a Windows boot disc as I bought my computer as is...

Can anyone provide any tips?
Thank you!!

Attached Files



#10 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 12 November 2011 - 08:18 PM

Hello

Sorry for the delayed reply.

The guys from our lab are working on a solution for these types of infections(MBR infection).

I will post more details on Monday.

Thank you.

#11 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 17 November 2011 - 03:00 PM

Hello

Sorry for the delayed reply.

The removal tool has been posted here:

http://www.malwareci...ction-1238.html

This should clean all the know MBR infectors.

Thank you.

#12 Technology Now

Technology Now

    Newbie

  • Members
  • 2 posts

Posted 20 November 2011 - 11:30 PM

I have a customer with BitDefender Internet Security 2012 got hit with the Rootkit.mbr,sst,b bootimage virus. Tried booting in safe mode to run the tool with no luck? Especially with all the admin rights gone, also tried to boot to an ultimate XP CD load XP shell and no luck loading or running the tool. Any suggestions would be greatly appreciated.


Thanks
Kevin


#13 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 21 November 2011 - 11:13 AM

Hi Kevin.

Can you run a scan in Rescue Mode?

You have all the information right here:

http://www.bdantivir...ion.rescue.html

Thank you.

#14 Technology Now

Technology Now

    Newbie

  • Members
  • 2 posts

Posted 23 November 2011 - 01:51 AM

QUOTE (Cristi B. @ Nov 21 2011, 03:13 AM) <{POST_SNAPBACK}>
Hi Kevin.

Can you run a scan in Rescue Mode?

You have all the information right here:

http://www.bdantivir...ion.rescue.html

Thank you.



Let me clerify, The PC was not running BitDefender when it was infected it was Trend, with that said.

I built a new Hard Drive up from Scratch and Loaded BitDefender IS 2012, Attached the original drive up as a slave and scanned it, I can see it scanning data files and it found the infection but was denied of cleaning it. I did try running this in Rescue Mode but it fails to reboot the PC once I make that choice??


When I boot the the original infected drive in the system I can't get the software to install, and everything appears to be GONE!! LOL

#15 Stillwater

Stillwater

    Newbie

  • Members
  • 8 posts

Posted 23 November 2011 - 03:03 AM

I also got this and was scanning from a clean computer hooked to an external drive up and was scanning when this showed up. Bitdefender 2012 could not remove it. It also reported weird drive letter (ie it was on the G drive but showed up as a E: drive which was my DVD drive with no disk in it.). I ran the recommeded removal tool but it did not find any infection.

Further investigation of the drive showed a new partition on the drive where one should not have been. On a clean system i used disk manager to delete the additional partition and then mark the "good" partition as the active partition. Apparently this MBR creates a new partition and then sets it as the active parition and when you reboot it boot_s to the new partition which then infects the PC, and then boot_s to the old parition. After I deleted the partition, I ran another scan and it showed up clean.

#16 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 27 November 2011 - 05:50 PM

Hello

New removal tools have been posted here:

http://www.malwareci...ction-1238.html

Thank you.

#17 Mike G

Mike G

    Newbie

  • Members
  • 1 posts

Posted 22 December 2011 - 07:02 AM

QUOTE (Cristi B. @ Nov 27 2011, 06:50 PM) <{POST_SNAPBACK}>
Hello

New removal tools have been posted here:

http://www.malwareci...ction-1238.html

Thank you.

Hello,

I downloaded and ran the removal tool. It said the computer needed to restart. Once it was restarting it didn't go through the boot process and is now stuck with a black screen that says "loading operating system... " please help as I do not have a boot disk to load from.

#18 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 28 December 2011 - 11:46 AM

Hello

Our lab just released a new removal tool.

This tool can remove the following infections:

QUOTE
Rootkit.MBR.Alipop.B
Rootkit.MBR.Alipop.C
Rootkit.MBR.Fengd.A
Rootkit.MBR.Fips.A
Rootkit.MBR.Locker.A
Rootkit.MBR.Locker.B
Rootkit.MBR.Mayachok.A
Rootkit.MBR.Mebratix.A
Rootkit.MBR.Mebratix.B
Rootkit.MBR.Mebroot.A
Rootkit.MBR.Mebroot.B
Rootkit.MBR.Mybios.A
Rootkit.MBR.Pihar.A
Rootkit.MBR.Pihar.B
Rootkit.MBR.Pihar.C
Rootkit.MBR.Pihar.D
Rootkit.MBR.Ramnit.A
Rootkit.MBR.Sst.A
Rootkit.MBR.Sst.B
Rootkit.MBR.Sst.C

Rootkit.MBR.TDSS.A
Rootkit.MBR.TDSS.B
Rootkit.MBR.TDSS.C
Rootkit.MBR.Whistler.A
Rootkit.MBR.Whistler.B
Rootkit.MBR.Whistler.C
Rootkit.MBR.Yoddos.A
Rootkit.MBR.Yoddos.B
Rootkit.MBR.Zegost.A
Win32.Ramnit.N


http://www.malwareci...ction-1238.html

Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users