Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Root Kit


  • This topic is locked This topic is locked
3 replies to this topic

#1 Bootlegger

Bootlegger

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 03 October 2010 - 12:49 PM

Hello and thank you for the assistance on the log. I want to start off by saying I am a computer tech and played with my computer extensively and didn't qualify for assistance before as I violated all of the rules for asking for assistance by tinkering. I am very intriguied and have been studying how to remove a virus for someone else and would like to get trained in this area formally. In any event I have since done a system restore and critical updates for the most part and put Avast on with the def. file up to date. I have hesitated doing anything else until I am sure I don't have a Root-Kit installed. The only thing that I have done is to run mbr.exe and I get error reading MBR after the re-load of the OS.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: error reading MBR

I also ran mbrcheck.exe after the re-load and got the attached jpeg

I ran those tools because they were my point of concern showing possible concern and only ran them again to see if I needed to post for a guiding eye.

I am at this point not going to run anything else unless asked and wait for assistance.

I left CD emultion disabled.

Thanks and happy hunting.


Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:48 AM

Posted 09 October 2010 - 07:48 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Bootlegger

Bootlegger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 12 October 2010 - 08:00 PM

Hi m0le I appreciate you taking my post. I want to let you know I have spent hours on the site just looking over other people's problems and I would like to learn how to mentor and help. I hope you might let me add you as a friend. I am not sure of the proper way of reaching out to members and have never felt so excited over a website in such a long time. I want to let you know that you can close this post. I bit the bullet and ordered Recovery CD's and wiped all partitions out on my drive and formatted. I still think that possibly what I saw might have been a possible proprietary flair on the MBR. I wasn't going to trust the data if I was truly compromised and felt making the recovery disks was risky also. If not then it was a learning curve for me and I deserve what happened to me by neglecting to make the disk right off. I guess my intent was to ghost the whole drive so I could make disks again at some point but never got around to the ghost so it is his historical at this point. I will be interested to run the mbr test again once I finish the install from disks. Thanks for helping and I want to get signed up and tested so you guys know where to start my studies. If you would like to point that out great. Thanks again - Ralph

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:48 AM

Posted 13 October 2010 - 03:49 PM

Thanks for the reply, Bootlegger.

I'm glad you like the forum and the idea of malware removal.

With regards to the repair CD, it would have been safe but there would have been plenty of problems to get from burnt disk to working system so perhaps you made the right choice.

I can provide you with a link to the UNITE classrooms and good luck because they are busy. I would give this piece of advice, if you really want to do the training then you will get in. Be prepared for a lot of hard, and fun, work. smile.gif

--------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users