Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blacklight hints needed. Mater boot Record rooted...


  • This topic is locked This topic is locked
1 reply to this topic

#1 bimmerbill

bimmerbill

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 14 February 2009 - 01:43 PM

Forgive me if this isn't posted in the right place, I'm a newbie on this forum.

One of my machines has a rootkit issue. I have alot of experience ridding viruses and malware, and am familiar with the use of Hijack This, and Combofix.

Once I realized something had hit the machine, I went to run Combofix, but it wouldn't run. I saw the post about re-naming it, and got past that. Now when I run it, it tells me that rootkit acticity has been detected, and it needs to reboot, which of course, it won't.

I downloaded Blacklight, and it finds a Master Boot record Hidden Item. Since the only thing I can do is Rename it, I was looking for some assurances.

I'm assuming that once it is renamed, a re-boot is called for. If I rename it, what happens then? Where does it get the new boot record?

Can't find any documentation on what to expect next, so I figured I'd ask before I destroyed the boot record.

Thanks,

Bimmerbill

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 14 February 2009 - 02:29 PM

Hello bimmerbill,

ComboFix should not to be discussed outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users