If this is a client machine, to prevent the malware from spreading to other clients on the network keep this system separated (isolated) from all others and disable network file and printer sharing
until fully cleaned. Vista users can refer to these instructions
If you're not sure about the source of infection, start by disconnecting (isolating) all client machines from the network. Check and disinfect each client individually by performing a full system scan with your anti-virus in Safe Mode
to ensure it is clean before reconnecting. After that print out and follow these Instructions for using Malwarebytes Anti-Malware
and perform a Quick Scan
in normal mode, then reboot the system normally. Failure to reboot will prevent MBAM from removing any malware it found which you selected for removal.
Start with the server, then one at a time, do the same for each client machine until you ensure it is clean and can be reconnected. That is a tedious task, but it ensures each machine gets individual attention and a full system scan of all files and folders. Trying to do things remotely can result in missed detections. If scanning of a mapped drives only scans the mapped folders, it may not include all the folders on the remote computer. Further, if a malware file is detected on the mapped drive, the removal may fail if a program on the remote computer uses that file.How to scan your network
On a network where the domain controller has been infected with a rootkit, you should clean the domain controller before cleaning the remaining computers on the network. See rootkit removal on a network with an infected domain controller
If you were infected by malware that spreads to network shares or by a password stealing trojan, change the passwords for all important applications and set strong passwords for shared network resources.
The only thing that still persists is the report from mbr.exe saying that it finds malicious code. I'm not sure if that truly means there is something there or if it's some sort of false positive
Please post the results of your MBAM scan for review.
To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
Logs are saved to the following locations:
- Click the Logs Tab at the top.
- The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.
- Click on the log name to highlight it.
- Go to the bottom and click on Open.
- The log should automatically open in notepad as a text file.
- Go to Edit and choose Select all.
- Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
- Come back to this thread, click Add Reply, then right-click and choose Paste.
- Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
- Exit MBAM when done.
-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
-- In Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs