Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected And Nothing Is Finding It

  • Please log in to reply
1 reply to this topic

#1 itsmedahling


  • Members
  • 2 posts
  • Local time:12:36 AM

Posted 03 August 2008 - 08:32 PM

I've been trying to figure this out and it's driving me crazy.
A few months ago (system's been off the network since until right now) I went to make an online purchase, and after entering my credit card info, a "verified by visa" box popped up.
I hit proceed without putting info in and it kept coming up, I hit the X and it went away.
I had heard of verified by visa, but wasn't confident about it.

I got sidetracked and forgot about it, thinking it may have been real.

I went to go to 401k.com and wasn't sure of my password, and entered it and thought maybe I put it in wrong - in fact was pretty sure I did. Up came the next page asking for all sorts of my info. I checked the URL, it was real. Checked all sorts of things, hosts file, nothing odd. Like an ID10T I entered info. Then up came the warning page saying I was infected from 401k.com. I wanted to kick myself SO hard.

Anyhow, no flames about that please. I've been beating myself up badly enough. After the shock wore off I pulled the network cable, but knew it was too late.

I have been searching using all sorts of tools, searching online for ideas about it, and can find nothing.
Avira, Symantec, Trend, Kaspersky, all found NOTHING.

I desperately would prefer not to have to rebuild this system, but will if I have to. I DO have my data backed up, but finding where what is on all the CDs will take a lot of time I don't have extra of, so....

So - Help please? Thanks, I really appreciate it!


BC AdBot (Login to Remove)


#2 itsmedahling

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:36 AM

Posted 03 August 2008 - 09:54 PM

Ok, SDKill (appears to have) gotten it. MBR Rootkit.

I went to 401k.com and put in fake credentials and voila, it didn't come up.

I'll do more testing, but how reliable is this tool for removing MBR Rootkit?
Should I be safe now? What's the best practice with handling this one?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users