Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"BOO/Sinowal.A" problem


  • Please log in to reply
8 replies to this topic

#1 john23jay

john23jay

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Laguna
  • Local time:08:15 AM

Posted 19 March 2009 - 03:21 AM

hello there!

im having a problem with regards to the BOO/Sinowal.A detection found by Avira AntiVir 9.0.0.386 at the master boot sector HD1 of my computer. the problem is, i cannot remove it. i tried removing it using my antivirus but it fails or having an error. i already tried scanning my pc using another antivirus which is avast! professional 4.8 but nothing was detected. below is the report of Avira AntiVir after full system scan:

-------------------------------------------------------------------------------------------
Avira AntiVir Personal
Report file date: Thursday, March 19, 2009 15:26

Scanning for 1306980 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : SYSTEM
Computer name : RUTH-PC

Version information:
BUILD.DAT : 9.0.0.386 17962 Bytes 3/11/2009 15:55:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 2/24/2009 04:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 02:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 03:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 02:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 04:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 12:33:26
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 3/11/2009 06:42:39
ANTIVIR3.VDF : 7.1.2.188 216064 Bytes 3/18/2009 06:42:47
Engineversion : 8.2.0.120
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 09:36:42
AESCRIPT.DLL : 8.1.1.67 364923 Bytes 3/19/2009 06:43:15
AESCN.DLL : 8.1.1.8 127346 Bytes 3/19/2009 06:43:12
AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 10:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 05:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/26/2009 12:01:56
AEHEUR.DLL : 8.1.0.107 1663352 Bytes 3/19/2009 06:43:10
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/26/2009 12:01:56
AEGEN.DLL : 8.1.1.30 336245 Bytes 3/19/2009 06:42:53
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 06:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 06:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 06:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 00:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 02:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 06:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 02:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 2/8/2009 23:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 02:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 07:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 00:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 02:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 03:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 3/11/2009 07:55:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Optimised scan......................: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PCK,+SPR,

Start of the scan: Thursday, March 19, 2009 15:26

Initiating scan of system files:
Signed -> 'C:\Windows\system32\svchost.exe'
Signed -> 'C:\Windows\system32\winlogon.exe'
Signed -> 'C:\Windows\explorer.exe'
Signed -> 'C:\Windows\system32\smss.exe'
Signed -> 'C:\Windows\system32\wininet.DLL'
Signed -> 'C:\Windows\system32\wsock32.DLL'
Signed -> 'C:\Windows\system32\ws2_32.DLL'
Signed -> 'C:\Windows\system32\services.exe'
Signed -> 'C:\Windows\system32\lsass.exe'
Signed -> 'C:\Windows\system32\csrss.exe'
Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signed -> 'C:\Windows\system32\spoolsv.exe'
Signed -> 'C:\Windows\system32\alg.exe'
Signed -> 'C:\Windows\system32\wuauclt.exe'
Signed -> 'C:\Windows\system32\advapi32.DLL'
Signed -> 'C:\Windows\system32\user32.DLL'
Signed -> 'C:\Windows\system32\gdi32.DLL'
Signed -> 'C:\Windows\system32\kernel32.DLL'
Signed -> 'C:\Windows\system32\ntdll.DLL'
Signed -> 'C:\Windows\system32\ntoskrnl.exe'
Signed -> 'C:\Windows\system32\ctfmon.exe'
The system files were scanned ('21' files)

Starting search for hidden objects.
'95308' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'FlashUtil10a.exe' - '1' Module(s) have been scanned
Scan process 'DAP.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ieuser.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'TBPANEL.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'AutorunRemover.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'VDeck.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
64 processes with 64 modules were scanned

Starting master boot sector scan:
Master boot sector HD1
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help

Start scanning boot sectors:

Starting to scan executable files (registry).

The registry was scanned ( '41' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
Begin scan in 'D:\'


End of the scan: Thursday, March 19, 2009 16:09
Used time: 42:36 Minute(s)

The scan has been done completely.

20592 Scanned directories
337989 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
337988 Files not concerned
2476 Archives were scanned
2 Warnings
1 Notes
95308 Objects were scanned with rootkit scan
0 Hidden objects were found

--------------------------------------------------------------------------------

can somebody help me fix this?
tnx a lot!


(Moderator edit: post moved to more appropriate forum. jgw)

Edited by jgweed, 19 March 2009 - 08:33 AM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:15 PM

Posted 19 March 2009 - 10:13 AM

This is what Avira suggests:

You can use AntiVir BootSector Repair Tool or AntiVir Rescue System,
http://www.avira.com/en/support/support_downloads.html


Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 john23jay

john23jay
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Laguna
  • Local time:08:15 AM

Posted 21 March 2009 - 07:25 AM

ok i'll try that one.

#4 Reed Rosa

Reed Rosa

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 29 March 2009 - 12:29 PM

John

Did this fix your problem? Im having the same issued with Avira 9.0.0.387 and Windows XP. Neither utility from Avira helped. Reformatting did not help.

#5 Bugbatter

Bugbatter

    Forum Deity


  • Malware Response Team
  • 270 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 29 March 2009 - 05:28 PM

We've got one at Dell as well -- same report and same results. Have you contacted Avira to see if this could be a False Positive?

Microsoft MVP - Consumer Security 2006-2016

Microsoft Windows Insider MVP 2016-


#6 john23jay

john23jay
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Laguna
  • Local time:08:15 AM

Posted 29 March 2009 - 07:07 PM

how will i reboot a cd drive? i dont know how. i've already burned to a cd coming from the avira as instructed.

#7 john23jay

john23jay
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Laguna
  • Local time:08:15 AM

Posted 29 March 2009 - 07:11 PM

no. i haven't contacted avira yet. i seldom encounter this kind of problem. sometimes, when i do a full scan of my computer, avira detects it. and sometimes, doesn't detect any. well, i usually perform a full scan of my computer every week. what does this mean?

#8 Reed Rosa

Reed Rosa

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 30 March 2009 - 05:35 AM

A google search turned up some reports that Dr. Web cureit is able to remove this from the MBR.

http://www.freedrweb.com/cureit/

You don't hear much about Dr. Web, but these people have an uncanny ability to pull off specialized fixes. I used a fix tool from them to recover a bunch of files encrypted by an unidentified trojan once. Every single jpeg and .doc file on the customer's hard drive and it restored every single one of them. They were the first people on the planet to come up with a fix for that.

Grogan



The above program fixed my infection. I was thinking maybe a false positive too but this showed that the infection was legit. Most importantly it cleaned my infection in like 2 minutes with only 1 or 2 clicks. Amazing program. Thanks go to Grogan on www.pcqanda.com forum. He saved my butt. Hope it helps you guys too.

Ashley

#9 john23jay

john23jay
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Laguna
  • Local time:08:15 AM

Posted 30 March 2009 - 08:15 AM

i used dr. web anti virus version 5.00.3.03240 a while ago. i performed a full system scan but nothing was detected even the boo/sinowal.a is not detected. lastly, i perform a full scan using avira antivirus, weekly as usual, but the boo/sinowal.a didn't appeared or haven't detected. i was confused why avira antivirus detect it for sometime.

can you give me another solution for this? anyway, is BOO/Sinowal.A virus a harmful one?

Edited by john23jay, 30 March 2009 - 08:16 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users