This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MBRoot-D still there after disinfect and delete scans

Have a problem on a PC, it's infected withTroj/MBRoot-D and slowing internet access. Ran the Sophos Bootable Anti-Virus - on the disinfect scan it picked up the presence of the virus and it's location /dev/sda/. After this scan ran a detect scan - scan picked up the Troj/MBRoot-D again. Then ran a Delete Scan and then ran another detect scan - so far 4 hours of scanning and no satisfactory outcome, emailed Sophos support 1 hour ago, does anyone have any solutions or used the standalone Rootkit Removal Tool to get rid of this problem?

This thread was automatically locked due to age.

0 ShimTeMaster over 13 years ago

Hi,
Did you get a response from Sophos Support on this, Richard?
I have two machines with the same malware, and having detected this boot sector virus (and what I believe was the stager and associated payload) with the native Windows ESC 9.5 client, I wanted to scan the system independent of the OS, for a complete picture.
However the Sophos Bootable AV scanner wouldn't allow me to remove the MBR virus.
I'm about to call Sophos myself, but I think it would be useful to have an answer on this thread.
Thanks,
ShimTe Master, C|EH
:22475
Cancel
Vote Up 0 Vote Down

Cancel