is a rootkit scanner that detects userland rootkits and is incorporated with some specialized fix tools like Combofix and GMER. Mbr.sys
is the driver related to GMER's MBR rootkit detector
which also uses catchme.exe.
Please note the message text in blue
at the top of this forum. No one should be using ComboFix
unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator
to be "used under the guidance and supervision of an expert
. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read the pinned topic ComboFix usage, Questions, Help? - Look here
is a stand-alone tool that will help investigate for the presence of rootkits. It will not actually tell you if you are infected or not unless you know what you're looking for. If you're unsure how to use a particular Anti-rootkit (ARK) tool or interpret the log it generates, then you should not
be using it. Some ARK tools are intended for advanced users
or to be used under the guidance
of an expert who can interpret the log results. Arks are powerful
tools and using them incorrectly could lead to disastrous problems with your operating system
. Most of the more effective ARK tools like GMER should only be used under the guidance of an expert who knows how to investigate its log for malicious entries before taking any removal action. Why? Not all hidden components detected by ARKs are malicious
. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. SSDT (System Service Descriptor Table) is a table that stores addresses of functions that are used by Windows. Whenever a function is called, Windows looks in this table to find the address for it. Both Legitimate programs and rootkits can hook into and alter this table. You should not be alarmed if you see any hidden entries created by legitimate programs after performing a scan.
With that said, what specific issues are you having that require a request for assistance with malware removal? Please describe any problem(s) in detail as they could provide a clue as to whether your issues are malware related or not.