Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 1 subscriber
  • Views 7187 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trojan in master boot record, please help

zonedogg

how do I make a bootable flash drive so i can clean the boot record, something the computer will run before it reads the hard drive, I really dont want to reformatt and re-install windows to deal with this. zonedogg@verizon.net

:6009


This thread was automatically locked due to age.
Parents
  • 0

    Hello weschrist and Matt,

    so C: is the OS partition. If D: contains only data Sophos shouldn't choke on D:\System Volume Information\...\*.

    But one step at a time. So Sophos Anti-Virus is up to date. You should run SAV32CLI (from the Sophos Anti-Virus directory) with the following settings:

    sav32cli.exe -mbr -bs=C,D -all C:\ -p=sav32cli-C.log

    This will run quite some time and should detect a threat if there is one. Or you could run a full scan:

    sav32cli.exe -mbr -bs=C,D -f -all C:\ -p=sav32cli-C.log

    This will take even longer and is usually not necessary. Note that in both cases the scan is restricted to C:.

    If it hangs at this point try without the -mbr and -bs options - if it works then this indicates a problem scanning the boot record. Unlikely but who knows.

    If you are happy with the results scan your D: drive.

    sav32cli.exe -ns -f -all D:\ -p=sav32cli-D.log

    If it stops progressing make a note of the last file scanned and stop it using CTRL-C (if it stops the logs should also list where it has been when it has been stopped). Maybe this gives a hint where it "hangs" or seems to hang.

    Re: remsav. It is not available for download, you get it from Support. And then only if you have made your case. Doesn't look like a flawed install to me and as long the above checks haven't been done I don't see it's benefit. Anyway it is no longer to be the "big gun" like some previous version as it says: 

    Note: This script will attempt to perform a REGULAR uninstall ...

    and indeed all it does is calling MSIEXEC /x {ProductCode}.

    Christian

    :6291
Reply
  • 0

    Hello weschrist and Matt,

    so C: is the OS partition. If D: contains only data Sophos shouldn't choke on D:\System Volume Information\...\*.

    But one step at a time. So Sophos Anti-Virus is up to date. You should run SAV32CLI (from the Sophos Anti-Virus directory) with the following settings:

    sav32cli.exe -mbr -bs=C,D -all C:\ -p=sav32cli-C.log

    This will run quite some time and should detect a threat if there is one. Or you could run a full scan:

    sav32cli.exe -mbr -bs=C,D -f -all C:\ -p=sav32cli-C.log

    This will take even longer and is usually not necessary. Note that in both cases the scan is restricted to C:.

    If it hangs at this point try without the -mbr and -bs options - if it works then this indicates a problem scanning the boot record. Unlikely but who knows.

    If you are happy with the results scan your D: drive.

    sav32cli.exe -ns -f -all D:\ -p=sav32cli-D.log

    If it stops progressing make a note of the last file scanned and stop it using CTRL-C (if it stops the logs should also list where it has been when it has been stopped). Maybe this gives a hint where it "hangs" or seems to hang.

    Re: remsav. It is not available for download, you get it from Support. And then only if you have made your case. Doesn't look like a flawed install to me and as long the above checks haven't been done I don't see it's benefit. Anyway it is no longer to be the "big gun" like some previous version as it says: 

    Note: This script will attempt to perform a REGULAR uninstall ...

    and indeed all it does is calling MSIEXEC /x {ProductCode}.

    Christian

    :6291
Children
No Data
Unfiltered HTML