Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR Trojan? Any help appreciated


  • Please log in to reply
3 replies to this topic

#1 CLEE25

CLEE25

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 09 March 2009 - 09:44 AM

Hi, and thanks for taking the time to read this post.

For the past two days I have been receiving this popup message on my computer when I first boot up.

Posted Image

Steps taken:

1) I have done a FULL SCAN using Macafee (up to date), but found nothing.

2) I have used AVAST to do a full scan before booting, and found nothing.

3) I have run MBR.exe on both my drives from gmer.net and found nothing:
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

4) I have run Malwarebyte's Anti Malware (up to date) and found nothing.

Does anyone have any suggestions of what I can do next? I am thinking this might even be a False positive, but not sure how to confirm. Also, I find it interesting that this started happening on March 6--made me think of the old Michaelangelo virus--is that still around?

Anyway, thanks for any and all help.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:07 AM

Posted 09 March 2009 - 11:27 AM

It's saying C:|Windows\Explorer.exe is the infected application. Navigate to that file and see what size and date it shows.

Anytime you suspect a file may be a false positive, get a second opinion. Go to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis.

If it is a false positive, then you should contact the vendor and advise them so they can investigate and make corrections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 CLEE25

CLEE25
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 09 March 2009 - 12:38 PM

Thank you quietman.

Nothing was found at Joitti. HoweverI did get one hit at VirusTotal.

eSafe found a Win32.Banker

Not sure what to do next.

Edited by CLEE25, 09 March 2009 - 12:52 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:07 AM

Posted 09 March 2009 - 01:04 PM

You should contact the vendor and advise them so they can investigate. Most anti-virus vendors have instructions for file submissions posted on their web sites. Once a file is received, a technician can examine it in more detail and provide a report letting you know the results.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users