Best or your favorite MRB scanner?
- Thread starter Mushin
- Start date
iisjman07
Active Member
- Reaction score
- 6
- Location
- South End Of The UK
I use a tool called 'mbr' by the people who make GMER, as well as the Sinowal mbr rootkit remover made by eset (since I had a bad experience with that infection). As well as that most antivirus software scans the disk boot sectors.
Download: http://www2.gmer.net/mbr/mbr.exe
Download: http://www2.gmer.net/mbr/mbr.exe
Vicenarian
Active Member
- Reaction score
- 19
yeah mbr...and gmer detects MBR infections too...I forget the exact code it shows, but something like \Device\HardDisk0\DR0 or whatever.
I dealt with Sinowal not too long ago...what a pain.
I dealt with Sinowal not too long ago...what a pain.
iisjman07
Active Member
- Reaction score
- 6
- Location
- South End Of The UK
No, that's correct. I believe it says something like 'malicous code found @ sector 02132' or something, but most antivirus software will give you a name
In evaluating this progam I found that I do like it (MBR.exe) but I think it may be giving a fale positive. Every boot sector scanner that I run comes back clen but MBR comes back with malicious code at sector such and such.
I for the life of me can not determine if it has an infection for real or not.
The reason I am skeptical is that there are muliple Dell paritions (Dell Diagnostics, and Dell system restore)
I have this on a system that was actual donated by a client (Never approved repairs and never picked it up) I have the infected images and then what I believe is now a clean image except for the "malicious code"
Any suggestions?
Vicenarian
Active Member
- Reaction score
- 19
Well, one system I had, that had the Mebroot MBR rootkit infection, I used the Avira MBR scanner disc, and it found nothing. The MBR tool however found traces of MBR infection, as well as GMER. Basically, you don't need to know exactly what infection it is...just kill it.
