Topic: BOO/mebrot.a - SOLVED

[mewnlite]

This is a copy of a post I made in alt.comp.anti-virus. David Lipman (everybody knows Dave) recommended that I come here for help. I am not including any logs at this point since the MBR rootkit is not on the system drive and your instructions state specifically to uncheck "other drives" when preparing a log. Here's what I posted....

Dell XP Pro, SP3
2 hard drives, 750Gb and 160Gb.
Avira flagged both MBRs with BOO/Mebrot.A
So I Googled around and someone suggested using a restore CD, going into
system recovery console, and running FIXMBR. The second drive had an old
Windows installation on it so the recovery console had given me the option
of 1: C\WINDOWS or 2: D\WINDOWS. I picked 1.
When I rebooted, Avira no longer flagged the first drive, but still did the
2nd one. So I did the recovery console again and picked 2: D\WINDOWS.
However Avira continues to flag the second drive. There was nothing
important on that drive anyway, so I used an old 98 boot disk, and FDISK to
totally remove the single 160Gb partition. And then reformatted it in NTFS.
BOO/Mebrot.A is still there, or at least Avira says it is.
I downloaded a Symantec tool that was supposed to get rid of it but it
claimed it didn't find it.
So how do I clean up that MBR?

Since I see I have a chance to "modify" this message, I have now marked it as solved.
My Win98 boot disk saved me again. I had forgotten about "FDISK/MBR". I ran that and it fixed it!
Thanks for listening... :-)