Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dell Laptop Possibly Infected Seriously


  • Please log in to reply
4 replies to this topic

#1 coolguy223

coolguy223

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 20 January 2011 - 01:07 PM

Hi my name is Mike and I'm a college student. I will try to explain my problem as best as I can. Recently over my christmas holiday I sent in my laptop to Dell, it is a Dell Latitude D820, because it needed a new motherboard as well as palm rest. Both of those were replaced leaving all the original hardware in it. I just received it in the mail a few days ago. When I restarted the computer I had a blue screen on startup. I decided that because the motherboard had just been replaced and it was essentially a new computer, that I should reformat it so that it could be fresh. So I decided to reformat it. I know I had viruses on it when I sent it in so was planning on reformatting it anyways. After reformatting it though I still had problems. When I first started up windows I decided to do the windows updates. I noticed though that the laptop was being very slow after the updates. I then decided to check for malware, specifically rootkits, so I used combofix to do that. The reason I used combofix was because I once had a rootkit before and couldn't remove it by reformatting my laptop and after instruction on a blog like this was told to use combofix. After using combofix and turning off my computer and restarting it my laptop would go to a bluescreen each time I started it again. I then decided to reformat it again thinking that perhaps I did something to it when using combofix. I reformatted it again and then did the windows updates but was still having problems. I decided to try another rootkit program called rootkit revealer. It found some files and said that it cleaned them up. It seemed to be working until I restarted it and it bluescreened. I then decided to reformat it again and still had problems after the updates and then reformatted it again this morning. I ran the windows updates again this morning. This morning the updates were better than before but now I get the bluescreen when I restart my computer again. Like I said, I once had a similar problem about 2 years ago and joined a blog like this and was told that I had a serious rootkit and was given instructions on how to remove it. I'm not sure if it is a rootkit, but I think I have something which will not go away when I reformat my laptop. As I said previously, I'm a student and need to use this computer for school. Fortunately because the semester has just started and classes are not heavy I can go without it. Do you think that you can help me?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:22 PM

Posted 20 January 2011 - 01:42 PM

After a ReFormat and Install there should be no malware,except a possible MBR infection.
Using ComboFix unassisted is not recommended and may have altered something.


To check for and confirm the MBR rootkit.


Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.

Edited by boopme, 20 January 2011 - 01:43 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 coolguy223

coolguy223
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 20 January 2011 - 02:32 PM

Here is what the log said:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: TOSHIBA_MK1254GSYF rev.LF001D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

What do these reesults mean?

Edited by coolguy223, 20 January 2011 - 02:37 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:22 PM

Posted 20 January 2011 - 03:21 PM

Nothing there. I suspect a hardware issue. Either take it back or repost this question in Internal Hardware forum and they can test a few things.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 coolguy223

coolguy223
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 20 January 2011 - 03:28 PM

Okay. Thanks for all your help. I appreciate it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users