Questions

"BOO/Sinowal.A" problem

Tags:
+
0 Votes
Locked

"BOO/Sinowal.A" problem

john23jay
hello there!

im having a problem with regards to the BOO/Sinowal.A detection found by Avira AntiVir 9.0.0.386 at the master boot sector HD1 of my computer. the problem is, i cannot remove it. i tried removing it using my antivirus but it fails or having an error. i already tried scanning my pc using another antivirus which is avast! professional 4.8 but nothing was detected.

can somebody help me pls?
tnx a lot!
  • +
    0 Votes
    Jacky Howe

    Run this Rootkit Revealer GMer
    <a href="http://www.gmer.net/index.php" target="_blank"><u>Gmer</u></a>

    FAQ
    <a href="http://www.gmer.net/faq.php" target="_blank"><u>FAQ</u></a>

    Follow the steps below with the System started and restarted in Safe Mode with Networking. Running in Safe Mode loads a minimal set of drivers for the Operating System. You can use these options to start Windows so that you can modify the registry or load or remove drivers.

    Removing malware from System Restore points
    To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.

    Default Start Menu XP
    If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore".

    Classic Start Menu XP
    If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".

    Vista
    Start, right mouse click Computer and select Properties. Select Advanced System Properties, click contine and then System Protection. Untick the box nect to Local Disk C: and click on Turn System Restore off.


    After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".

    Download Malwarebytes Anti-Malware, install it and update it.

    <a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>Malwarebytes</u></a>

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.

    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    <a href="http://malwarebytes.gt500.org/mbam-rules.exe" target="_blank"><u>mbam-rules</u></a>

    I would keep scanning with it until it is clean by closing out and rebooting and running it again.


    From another PC download and install Spybot, update it and copy the the installed folders to a USB Stick.

    Restart the PC in Safe Mode, navigate to the USB stick and run Spybot.

    Download Spybot - Search & Destroy and install it. Update it.

    <a href="http://www.safer-networking.org/en/download/index.html " target="_blank"><u>Spybot</u></a>

    With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.


    BleepingComputer
    <a href="http://www.bleepingcomputer.com/malware-removal/" target="_blank"><u>bleepingcomputer</u></a>

    Update your Antivirus software.

    <i>Keep us informed as to your progress if you require further assistance.
    </i>

    +
    0 Votes
    Jacky Howe

    Insert your XP CD and when you see ?Press any key to boot from CD? press a key. Now wait for the XP installer to finish loading up and you will be presented with the option to press R to Repair.
    <br><br>
    Press R.
    The next screen will ask you which Windows? installation you would like to log on to. Normally the following will be listed:
    <br><br>
    1: C:\WINDOWS
    <br><br>
    Press 1, then Enter to continue.
    <br><br>
    You may now be asked for the Administrator password. If you know this type it and press Enter. If you don't know the Administrators password it may be blank. Just press Enter or type your username and password.
    <br><br>
    At the command prompt type:
    <br><br>
    fixmbr and press Enter
    <br><br>
    fixboot and press Enter
    <br><br>
    bootcfg /rebuild and press Enter
    <br><br>
    Wait until you are returned to the Recovery Console.
    <br>
    Once you are back to the Recovery Console remove the XP CD and restart your PC.

    +
    0 Votes
    Jacky Howe

    Thats because it has been changed by the Virus. Continue with the instructions provided to fix the mbr.

    <i>Keep us informed as to your progress if you require further assistance.</i>
    <HR>
    <i>If you think that any of the posts that have been made by all TechRepublic Members, have solved or contributed to solving the problem, please Mark them as <b>Helpful</b> so that others may benefit from the outcome. </i> :-bd

  • +
    0 Votes
    Jacky Howe

    Run this Rootkit Revealer GMer
    <a href="http://www.gmer.net/index.php" target="_blank"><u>Gmer</u></a>

    FAQ
    <a href="http://www.gmer.net/faq.php" target="_blank"><u>FAQ</u></a>

    Follow the steps below with the System started and restarted in Safe Mode with Networking. Running in Safe Mode loads a minimal set of drivers for the Operating System. You can use these options to start Windows so that you can modify the registry or load or remove drivers.

    Removing malware from System Restore points
    To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.

    Default Start Menu XP
    If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore".

    Classic Start Menu XP
    If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".

    Vista
    Start, right mouse click Computer and select Properties. Select Advanced System Properties, click contine and then System Protection. Untick the box nect to Local Disk C: and click on Turn System Restore off.


    After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".

    Download Malwarebytes Anti-Malware, install it and update it.

    <a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>Malwarebytes</u></a>

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.

    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    <a href="http://malwarebytes.gt500.org/mbam-rules.exe" target="_blank"><u>mbam-rules</u></a>

    I would keep scanning with it until it is clean by closing out and rebooting and running it again.


    From another PC download and install Spybot, update it and copy the the installed folders to a USB Stick.

    Restart the PC in Safe Mode, navigate to the USB stick and run Spybot.

    Download Spybot - Search & Destroy and install it. Update it.

    <a href="http://www.safer-networking.org/en/download/index.html " target="_blank"><u>Spybot</u></a>

    With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.


    BleepingComputer
    <a href="http://www.bleepingcomputer.com/malware-removal/" target="_blank"><u>bleepingcomputer</u></a>

    Update your Antivirus software.

    <i>Keep us informed as to your progress if you require further assistance.
    </i>

    +
    0 Votes
    Jacky Howe

    Insert your XP CD and when you see ?Press any key to boot from CD? press a key. Now wait for the XP installer to finish loading up and you will be presented with the option to press R to Repair.
    <br><br>
    Press R.
    The next screen will ask you which Windows? installation you would like to log on to. Normally the following will be listed:
    <br><br>
    1: C:\WINDOWS
    <br><br>
    Press 1, then Enter to continue.
    <br><br>
    You may now be asked for the Administrator password. If you know this type it and press Enter. If you don't know the Administrators password it may be blank. Just press Enter or type your username and password.
    <br><br>
    At the command prompt type:
    <br><br>
    fixmbr and press Enter
    <br><br>
    fixboot and press Enter
    <br><br>
    bootcfg /rebuild and press Enter
    <br><br>
    Wait until you are returned to the Recovery Console.
    <br>
    Once you are back to the Recovery Console remove the XP CD and restart your PC.

    +
    0 Votes
    Jacky Howe

    Thats because it has been changed by the Virus. Continue with the instructions provided to fix the mbr.

    <i>Keep us informed as to your progress if you require further assistance.</i>
    <HR>
    <i>If you think that any of the posts that have been made by all TechRepublic Members, have solved or contributed to solving the problem, please Mark them as <b>Helpful</b> so that others may benefit from the outcome. </i> :-bd