Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85A241F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x85a231f8 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection !fixmbr gives no results
In safe mode, it is clean (??)
I've tried rootrepeal, the restore and reboot immediately option with no successful result
VolumeC:\ | MBR Rookit Detcted
Volume C:\, Sector 62 | Sector mismatch
I've tried Prevx 3.0, no results
Tried Malwarebytes' Anti-Malware, Nothing
Tried GMER, think I did it wrong.
OTL also, did that wrong too.
Is afraid to try combofix
This all started because some dll with the start address schedsvc.dll!servicemain+0x2299, or task scheduler, started to use all the CPUs. I also tried to Virscan.com that dll, nothing.
All of this was done with UAC and DEP on with Microsoft Security Essentials realtime scanner on, which is probably what caused the BSOD when I tried to run GMER and rootrepeal at the same time
Edited by Whitewizard67676, 03 October 2010 - 02:07 PM.