Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possible Infection

  • Please log in to reply
1 reply to this topic

#1 chebu1363


  • Members
  • 1 posts
  • Local time:12:06 PM

Posted 08 January 2010 - 08:09 PM

I am running Windows XP and Internet Explorer 8. Over the past couple of weeks the IE will not start up. It opens and then an error message pops up that it has encountered a problem and needs to close. More disturbingly when I do finally get it to stay open, I noticed a pop up box asking me for my credit card number, security code and ATM pin when I tried to make an online purchase. I have run Malwarebytes, CCleaner, AVG antivirus, and Spy Bot and the problem did not go away.
I called Plum Choice who advised me to run Combo Fix. I have the log file but did read that posts of log files will be ignored if not solicited.
Please let me know if you would like to see the log file. I am also interested in any other options I have to prohibit this issue from happening again.
Thank you very much.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,593 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:06 PM

Posted 08 January 2010 - 11:23 PM

ComboFix logs are not permitted outside the HijackThis Logs and Malware Removal forum and then only when requested by a HJT Team member.

Did your log show a section similar to this?

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0DF8F900
malicious code @ sector 0x0DF8F903 !
PE file found in sector at 0x0DF8F919 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users