Virus Removal: boo/cidox.b

Share This:

Virus Removal: boo/cidox.b 1

The boo/cidox.b virus can cause various problems on your system, including installing itself into the bootsector of your computer, the Master Boot Record (MBR). It can cause BSODs (Blue Screen Of Death), making your system inoperable. I recently had a client infected with this and their computer was getting a BSOD with a 0x50 PAGE_FAULT_IN_NONPAGED_AREA with ntfs.sys. Normally, this would point at a RAM issue, but after running memory diagnostics, the memory came back good.

The first step I took in removing this virus was to build a Kaspersky Rescue Disk. You can download it from here. It is a .iso file that you can burn onto a bootable CDR. You can also read their instructions on copying it to a blank USB stick and making it bootable here.

Once booted into the Kaspersky Rescue Disk, you can run a scan on the C drive of the computer. I selected GUI mode and ran scans from there. You can also access your Windows registry. One thing I did was check out the STARTUP registry key under HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWS. I noticed there was a key for pcreg and a file called service.exe. I deleted this registry key since it seemed suspicious. The Kaspersky scan found a few infected files, one of which included Trojan.zbot, which could have been how this virus got on the system.

After the Kaspersky Rescue Disk cleaned the system, I was able to boot into regular Windows. I still didn’t have it connected to the internet, but I downloaded TDSSKILLER on a clean computer and copied it over to the infected one. While running a scan with it, it found boo/cidox.b in the MBR. TDSSKILLER was able to remove the virus from the MBR.

To finish cleaning up boo/cidox.b, I ran a scan with Malwarebytes and I also used TFC – Temp File Cleaner By OldTimer to remove any leftover temp files from these viruses.


Share This:

 

Leave a Comment