Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Google Testing Removal of WWW Subdomain from Search Results

Featured Deal: Get 95% off The Ultimate MCSE Certification Training Bundle

Blacklight hints needed. Mater boot Record rooted...

Started by bimmerbill , Feb 14 2009 01:43 PM

This topic is locked

1 reply to this topic

#1 bimmerbill

Members
2 posts
OFFLINE

Local time:12:42 AM

Posted 14 February 2009 - 01:43 PM

Forgive me if this isn't posted in the right place, I'm a newbie on this forum.

One of my machines has a rootkit issue. I have alot of experience ridding viruses and malware, and am familiar with the use of Hijack This, and Combofix.

Once I realized something had hit the machine, I went to run Combofix, but it wouldn't run. I saw the post about re-naming it, and got past that. Now when I run it, it tells me that rootkit acticity has been detected, and it needs to reboot, which of course, it won't.

I downloaded Blacklight, and it finds a Master Boot record Hidden Item. Since the only thing I can do is Rename it, I was looking for some assurances.

I'm assuming that once it is renamed, a re-boot is called for. If I rename it, what happens then? Where does it get the new boot record?

Can't find any documentation on what to expect next, so I figured I'd ask before I destroyed the boot record.

Thanks,

Bimmerbill

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Guest_The weatherman_*

Guests
OFFLINE

Posted 14 February 2009 - 02:29 PM

Hello bimmerbill,

ComboFix should not to be discussed outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff