Guest Helpless in California Posted July 19, 2008 Posted July 19, 2008 I live in Southern Cal, and am running Windows XP, with Mc Afee Security and Norton Virus, now all of a sudden - It shows computer is being recorded, by a new virus, of which is to only be showing up in europe, called Boot.MeBroot-- Well I have news for you it is here in the United States too, It roots its way in to the boot processes of your computer then records everythng after,and sends where?? I am infected,, Need to know how to get rid of it, have gone to Windows and taken every security patch, Norton says it can not get rid of it and McAfee just tells me it is there,, Need Help,,
Guest Carey Frisch [MVP] Posted July 19, 2008 Posted July 19, 2008 Re: Boot.MeBroot virus, Once your PC is infected with a computer virus or worm, your computer becomes compromised and nothing less than a reinstallation of the operating system is going to work. Yes, you can try to scan and eliminate the initial virus, but you generally cannot undo the damage caused by the virus to the system files. You'll need to reformat your hard drive and then reinstall your Windows operating system. Cleaning a Compromised System http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx Clean Install Windows XP http://www.michaelstevenstech.com/cleanxpinstall.html After restoring your system, consider installing a good antivirus program, such as Windows OneCare. You can try it absolutely FREE for 90 days. http://onecare.live.com/standard/en-us/default.htm -- Carey Frisch Microsoft MVP Windows Desktop Experience - Windows Vista Enthusiast --------------------------------------------------------------- "Helpless in California" <Helpless in California@discussions.microsoft.com> wrote in message news:3FFF4930-7320-4C7E-A2D7-B679BBCB80AA@microsoft.com... I live in Southern Cal, and am running Windows XP, with Mc Afee Security and Norton Virus, now all of a sudden - It shows computer is being recorded, by a new virus, of which is to only be showing up in europe, called Boot.MeBroot-- Well I have news for you it is here in the United States too, It roots its way in to the boot processes of your computer then records everythng after,and sends where?? I am infected,, Need to know how to get rid of it, have gone to Windows and taken every security patch, Norton says it can not get rid of it and McAfee just tells me it is there,, Need Help,,
Guest db.·.. > Posted July 19, 2008 Posted July 19, 2008 Re: Boot.MeBroot virus, nuking the disk is not always necessary after being infected, but it is the easiest method to make your system functional again. however, you might first simply try the recommendations as noted here: http://search.live.com/results.aspx?q=Boot.MeBroot&src=IE-SearchBox then if the system is still dysfunctional after inoculation, then you might try a windows repair, which will only replace missing or corrupted system files with genuine ones from the cd. the above will give you the opportunity to retain your personal files. and if the repair proves futile, then nuking is likely the only option. -- db·´¯`·...¸><)))º> "Helpless in California" <Helpless in California@discussions.microsoft.com> wrote in message news:3FFF4930-7320-4C7E-A2D7-B679BBCB80AA@microsoft.com... >I live in Southern Cal, and am running Windows XP, with Mc Afee Security and > Norton Virus, now all of a sudden - It shows computer is being recorded, by a > new virus, of which is to only be showing up in europe, called Boot.MeBroot-- > Well I have news for you it is here in the United States too, It roots its > way in to the boot processes of your computer then records everythng > after,and sends where?? > > I am infected,, Need to know how to get rid of it, have gone to Windows and > taken every security patch, Norton says it can not get rid of it and McAfee > just tells me it is there,, Need Help,,
Guest Kayman Posted July 19, 2008 Posted July 19, 2008 Re: Boot.MeBroot virus, On Sat, 19 Jul 2008 14:40:01 -0700, Helpless in California wrote: > I live in Southern Cal, and am running Windows XP, with Mc Afee Security and > Norton Virus, now all of a sudden - It shows computer is being recorded, by a > new virus, of which is to only be showing up in europe, called Boot.MeBroot-- > Well I have news for you it is here in the United States too, It roots its > way in to the boot processes of your computer then records everythng > after,and sends where?? > > I am infected,, Need to know how to get rid of it, have gone to Windows and > taken every security patch, Norton says it can not get rid of it and McAfee > just tells me it is there,, Need Help,, Utilizing retail version of Norton *and* McAfee is asking for trouble :) A number of experts agree that the retail AV version of McAfee, Norton and Trend Micro has become cumbersome and bloated for the average user. The major criticisms are related to stability and footprint, the most common problem being slow-downs because of the massive system resources they utilize. There are products on the market with equal or better test results than these products, consuming less resources at a lower price (even free ones). Download and run the Norton Removal Tool and try to get a refund: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039 The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. Removal tools for recent Mcafee products:- Request assistance from here: http://forums.mcafeehelp.com/ or download and run: http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html or http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=1033&partner=10005&type=TS or Download and run the McAfee Removal tool: https://us.mcafee.com/root/MCPR2.exe If you receive a security alert, click Yes. Click Save to download the file to a location on your computer. Navigate to the location where the file was saved. Ensure all McAfee application windows are closed. Double-click MCPR2.exe to run the removal tool. Note: Windows Vista users must right-click and select Run as Administrator. Restart your computer when prompted. Your McAfee products will not be fully removed until you restart. All McAfee products are now removed from your computer.' or Remove all remnants of McAfee... http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml Reformatting of HDD is the preferred course of action! "The only way to clean a compromised system is to flatten and rebuild. Thatÿs right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (re-install Windows and your applications)..." http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx There are however a number of valid reasons where this may not be possible or achievable. Not everybody is technically versed to do so or has an acquaintance who may be able to assist. There are many users who reside in less developed environments where professional help just does not exist or is very hard to acquire. Therefore, a user may find the procedures as per: http://michaelstevenstech.com/cleanxpinstall.html http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows too overwhelming and shy away from the perceived complexeties of re-installing the OS. The procedures as per: http://www.claymania.com/removal-trojan-adware.html (especially David's MULTI_AV Tool) have had helped solving malware issues for uncountable users for many years; And is (IMO) the next best thing to flatten and rebuild an operating system. It can keep you going until experienced and/or professional is available for thorough examination and/or reformatting of HDD. David H. Lipman's MULTI_AV Tool http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/ Additional Instructions: http://pcdid.com/Multi_AV.htm and/or BitDefender10 Free Edition http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html Kaspersky's AVPTool http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ There's no updating involved since the scanning engine is updated several times a day and you simply download the updated scanner whenever you want to do a scan. Dr.Web CureIt!® Utility - FREE http://www.freedrweb.com/cureit/ Malwarebytes© Corporation - Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe Note: It is Free for private use. Just download (do NOT buy) and install. Another alternative: How to Remove Boot.Mebroot: http://www.precisesecurity.com/threats/bootmebroot/ Once your OS is clean consider the following: Avira AntiVir® Personal - FREE Antivirus http://www.free-av.com/ You may wish to consider removing the 'AntiVir Nagscreen' http://www.elitekiller.com/files/disable_antivir_nag.htm or Free antivirus - avast! 4 Home Edition It includes ANTI-SPYWARE protection, certified by the West Coast Labs Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class GMER technology. http://www.avast.com/eng/avast_4_home.html (Choose Custom Installation and under Resident Protection, uncheck: Internet Mail and Outlook/Exchange.) or AVG Anti-Virus Free Edition http://free.grisoft.com/ (Choose custom install and untick the email scanner plugin.) or ESET NOD32 Antivirus - Not Free http://www.eset.com/ or Kaspersky® Anti-Virus 7.0 - Not Free http://www.kaspersky.com/homeuser 1 year FREE trial of CA Anti-Virus (May 2008) http://home3.ca.com/SubscriptCenter/MSTrialRegistration.aspx?cid=573 and (optional but highly recommendable) On-demand AV applications. (add them to your arsenal and use them as a "second opinion" av scanner). David H. Lipman's MULTI_AV Tool http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/ Additional Instructions: http://pcdid.com/Multi_AV.htm and/or BitDefender10 Free Edition (*NOT FOR VISTA*) http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html Kaspersky's AVPTool http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ There's no updating involved since the scanning engine is updated several times a day and you simply download the updated scanner whenever you want to do a scan. Dr.Web CureIt!® Utility - FREE http://www.freedrweb.com/cureit/ Malwarebytes© Corporation - Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe Note: It is Free for private use. Just download (do NOT buy) and install. A-S applications - for non-viral malware. The effectiveness of an individual A-S scanners can be wide-ranging and oftentimes a collection of scanners is best. There isn't one software that cleans and immunizes you against everything. That's why you need multiple products to do the job i.e. overlap their coverage - one may catch what another may miss, (grab'em all). SuperAntispyware - Free http://www.superantispyware.com/superantispywarefreevspro.html and Ad-Aware 2007 - Free http://www.lavasoftusa.com/products/ad_aware_free.php http://www.download.com/3000-2144-10045910.html and Spybot Search & Destroy - Free http://www.safer-networking.org/en/download/index.html and Windows Defender - Free (build-in in Vista) http://www.microsoft.com/athome/security/spyware/software/default.mspx WD monitors the start-registry and hooks registers/files to prevent spyware and worms to install to the OS. Interesting reading: http://www.pcworld.com/article/id,136195/article.html "...Windows Defender did excel in behavior-based protection, which detects changes to key areas of the system without having to know anything about the actual threat." After the software is updated, it is suggested scanning the system in Safe Mode. How do you boot to Safe Mode? By pressing/tabbing F8 (or F5 on some keyboards) during re-boot. Alternatively: click onto Start==>Run, type "msconfig" (without quotation marks), click OK. Then click onto BOOT.INI tab and 'check' /SAFEBOOT then OK and click Restart. To go back to Normal Mode, you must access the System Configuration utility again and click the General tab then click/check the radio button 'Normal Startup'- load all device drivers and services'. A description of the Safe Mode Boot options in Windows XP http://support.microsoft.com/default.aspx?scid=315222 A clarification on the terminology: the word "malware" is short for "malicious software." Most Anti-Virus applications detect many types of malware such as viruses, worms, trojans, etc. What AV applications usually don't detect is "non-viral" malware, and the term "non-viral malware" is normally used to refer to things like spyware and adware. For the average homeuser, the Windows Firewall in XP does a fantastic job at its core mission and is really all you need if you have an 'real-time' anti-virus program, [another firewall on your router or] other edge protection like SeconfigXP and practise safe-hex. The windows firewall deals with inbound protection and therefore does not give you a false sense of security. Best of all, it doesn't implement lots of nonsense like pretending that outbound traffic needs to be monitored. Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs and Services under the Exception tab. Read through: Understanding Windows Firewall. http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx Using Windows Firewall. http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx If on dial-up connection use: Seconfig XP 1.0 http://seconfig.sytes.net/ Seconfig XP is able configure Windows not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139 and 445 (the most exploited Windows networking weak point) closed.) If on high-speed internet use a router. It is suggested specifically blocking both TCP and UDP ports 135 ~ 139 and 445 on *any* SOHO Router. Countermeasures against DNSChanger: http://extremesecurity.blogspot.com/2008/06/use-default-password-get-hijacked.html Routinely practice Safe-Hex. http://www.claymania.com/safe-hex.html Hundreds Click on 'Click Here to Get Infected' Ad http://www.eweek.com/article2/0,1895,2132447,00.asp Good luck :)
Recommended Posts