I live in Southern Cal, and am running Windows XP, with Mc Afee Security and
Norton Virus, now all of a sudden - It shows computer is being recorded, by a
new virus, of which is to only be showing up in europe, called Boot.MeBroot--
Well I have news for you it is here in the United States too, It roots its
way in to the boot processes of your computer then records everythng
after,and sends where??
I am infected,, Need to know how to get rid of it, have gone to Windows and
taken every security patch, Norton says it can not get rid of it and McAfee
just tells me it is there,, Need Help,,
Utilizing retail version of Norton *and* McAfee is asking for trouble
A number of experts agree that the retail AV version of McAfee, Norton and
Trend Micro has become cumbersome and bloated for the average user.
The major criticisms are related to stability and footprint, the most
common problem being slow-downs because of the massive system resources
they utilize. There are products on the market with equal or better test
results than these products, consuming less resources at a lower price
(even free ones).
Download and run the Norton Removal Tool and try to get a refund:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003
products and Norton 360 from your computer.
Removal tools for recent Mcafee products:-
Request assistance from here:
http://forums.mcafeehelp.com/
or download and run:
http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
or
http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=1033&partner=10005&type=TS
or
Download and run the McAfee Removal tool:
https://us.mcafee.com/root/MCPR2.exe
If you receive a security alert, click Yes.
Click Save to download the file to a location on your computer.
Navigate to the location where the file was saved.
Ensure all McAfee application windows are closed.
Double-click MCPR2.exe to run the removal tool.
Note: Windows Vista users must right-click and select Run as Administrator.
Restart your computer when prompted. Your McAfee products will not be fully
removed until you restart.
All McAfee products are now removed from your computer.'
or
Remove all remnants of McAfee...
http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
Reformatting of HDD is the preferred course of action!
"The only way to clean a compromised system is to flatten and rebuild.
Thatÿs right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system
disk) and rebuild it from scratch (re-install Windows and your
applications)..."
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
There are however a number of valid reasons where this may not be possible
or achievable. Not everybody is technically versed to do so or has an
acquaintance who may be able to assist. There are many users who reside in
less developed environments where professional help just does not exist or
is very hard to acquire. Therefore, a user may find the procedures as per:
http://michaelstevenstech.com/cleanxpinstall.html
http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows
too overwhelming and shy away from the perceived complexeties of
re-installing the OS.
The procedures as per:
http://www.claymania.com/removal-trojan-adware.html
(especially David's MULTI_AV Tool) have had helped solving malware issues
for uncountable users for many years; And is (IMO) the next best thing to
flatten and rebuild an operating system. It can keep you going until
experienced and/or professional is available for thorough examination
and/or reformatting of HDD.
David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html
Kaspersky's AVPTool
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Note: It is Free for private use. Just download (do NOT buy) and install.
Another alternative:
How to Remove Boot.Mebroot:
http://www.precisesecurity.com/threats/bootmebroot/
Once your OS is clean consider the following:
Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class
GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)
or
ESET NOD32 Antivirus - Not Free
http://www.eset.com/
or
Kaspersky® Anti-Virus 7.0 - Not Free
http://www.kaspersky.com/homeuser
1 year FREE trial of CA Anti-Virus (May 2008)
http://home3.ca.com/SubscriptCenter/MSTrialRegistration.aspx?cid=573
and (optional but highly recommendable)
On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av scanner).
David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html
Kaspersky's AVPTool
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Note: It is Free for private use. Just download (do NOT buy) and install.
A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging and
oftentimes a collection of scanners is best. There isn't one software that
cleans and immunizes you against everything. That's why you need multiple
products to do the job i.e. overlap their coverage - one may catch what
another may miss, (grab'em all).
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free (build-in in Vista)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."
After the software is updated, it is suggested scanning the system in Safe
Mode.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
Alternatively:
click onto Start==>Run, type "msconfig" (without quotation marks), click
OK. Then click onto BOOT.INI tab and 'check' /SAFEBOOT then OK and click
Restart. To go back to Normal Mode, you must access the System
Configuration utility again and click the General tab then click/check the
radio button 'Normal Startup'- load all device drivers and services'.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
A clarification on the terminology: the word "malware" is short for
"malicious software." Most Anti-Virus applications detect many types of
malware such as viruses, worms, trojans, etc.
What AV applications usually don't detect is "non-viral" malware, and the
term "non-viral malware" is normally used to refer to things like spyware
and adware.
For the average homeuser, the Windows Firewall in XP does a fantastic job
at its core mission and is really all you need if you have an 'real-time'
anti-virus program, [another firewall on your router or] other edge
protection like SeconfigXP and practise safe-hex.
The windows firewall deals with inbound protection and therefore does not
give you a false sense of security. Best of all, it doesn't implement lots
of nonsense like pretending that outbound traffic needs to be monitored.
Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs
and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
If on dial-up connection use:
Seconfig XP 1.0
http://seconfig.sytes.net/
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.)
If on high-speed internet use a router.
It is suggested specifically blocking both TCP and UDP ports 135 ~ 139 and
445 on *any* SOHO Router.
Countermeasures against DNSChanger:
http://extremesecurity.blogspot.com/2008/06/use-default-password-get-hijacked.html
Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp
Good luck
