Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Whistler@mbr Rtk(Advice needed)


  • This topic is locked This topic is locked
5 replies to this topic

#1 lamienz

lamienz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 31 January 2011 - 04:22 AM

Ok, my avast scanner detected this Whistler@mbr [Rtk], so i have decided to follow the steps given from this thread
http://www.bleepingcomputer.com/forums/topic375145.html post #6 , #11, #15. Before following the steps, i did ComboFix too, not sure whether it affected or not.

I'm not sure whether i did correctly in removing the trojan, please take a look at my before and after logs, and what i should do now to clean my computer up better. Thanks

MBRcheck log before refering to the thread.
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7497000 ohci1394.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B7000 MountMgr.sys
0xF7328000 ftdisk.sys
0xF798B000 dmload.sys
0xF7302000 dmio.sys
0xF770F000 PartMgr.sys
0xF74C7000 VolSnap.sys
0xF72EA000 atapi.sys
0xF74D7000 jraid.sys
0xF72D2000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF74E7000 disk.sys
0xF74F7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72B3000 fltMgr.sys
0xF72A1000 sr.sys
0xF728A000 KSecDD.sys
0xF71FD000 Ntfs.sys
0xF71D0000 NDIS.sys
0xF71B5000 Mup.sys
0xF7637000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6C6E000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6C5A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6C35000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6C12000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77AF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7647000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7657000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7667000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6BEF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6BD5000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF7677000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7687000 \SystemRoot\system32\DRIVERS\serial.sys
0xF794F000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6BC1000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7697000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7ABE000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7953000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6BAA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6B99000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6AA0000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF799F000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6A6C000 \SystemRoot\system32\DRIVERS\update.sys
0xF796F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76F7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7547000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79A5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAE361000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAE33F000 \SystemRoot\system32\drivers\portcls.sys
0xF7557000 \SystemRoot\system32\drivers\drmk.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79A9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B07000 \SystemRoot\System32\Drivers\Null.SYS
0xF79AB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77FF000 \SystemRoot\System32\drivers\vga.sys
0xF79AD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79AF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7807000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF780F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6AF1000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE2BC000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE264000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7587000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAE243000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAE21B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7597000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7817000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xAE1F9000 \SystemRoot\System32\drivers\afd.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF75B7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAE12D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAE0BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF75C7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6A50000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF781F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF6A4C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAE04F000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7847000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xAE1D9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAE037000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A0D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE0A6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77F7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B39000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF061000 \SystemRoot\System32\ati2cqag.dll
0xBF0EB000 \SystemRoot\System32\atikvmag.dll
0xBF151000 \SystemRoot\System32\atiok3x2.dll
0xBF194000 \SystemRoot\System32\ati3duag.dll
0xBF531000 \SystemRoot\System32\ativvaxx.dll
0xAE0BA000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xABD0A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xABAC7000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xAB7E2000 \SystemRoot\system32\drivers\wdmaud.sys
0xAB8CF000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB3F6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A35000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAB327000 \SystemRoot\system32\DRIVERS\srv.sys
0xAB17F000 \??\C:\WINDOWS\gdrv.sys
0xAAF54000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7767000 \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys
0xAADC8000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 29):
0 System Idle Process
4 System
856 C:\WINDOWS\system32\smss.exe
924 csrss.exe
960 C:\WINDOWS\system32\winlogon.exe
1004 C:\WINDOWS\system32\services.exe
1016 C:\WINDOWS\system32\lsass.exe
1184 C:\WINDOWS\system32\ati2evxx.exe
1204 C:\WINDOWS\system32\svchost.exe
1292 svchost.exe
1436 C:\WINDOWS\system32\svchost.exe
1556 svchost.exe
1700 C:\WINDOWS\system32\ati2evxx.exe
1728 svchost.exe
1964 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
348 C:\WINDOWS\explorer.exe
568 C:\WINDOWS\RTHDCPL.exe
656 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
732 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
872 C:\WINDOWS\system32\spoolsv.exe
928 C:\Program Files\GIGABYTE\GEST\gest.exe
1544 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1768 svchost.exe
2488 C:\WINDOWS\system32\wuauclt.exe
3140 alg.exe
3492 C:\Program Files\GIGABYTE\GEST\GSvr.exe
3552 C:\Program Files\Mozilla Firefox\firefox.exe
540 C:\WINDOWS\system32\wuauclt.exe
1864 C:\Documents and Settings\Damian Koh\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive2 Model Number: ST3160811AS, Rev: 3.AAE
PhysicalDrive0 Model Number: ST3250620AS, Rev: 3.AAK
PhysicalDrive1 Model Number: WDCWD5001AALS-00J7B1, Rev: 05.00K05

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 680C3DFB3AF5C02B7E098CA7B25CA73D63745DC5
465 GB \\.\PhysicalDrive1 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 680C3DFB3AF5C02B7E098CA7B25CA73D63745DC5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!



MBRcheck log after following the thread method


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7497000 ohci1394.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B7000 MountMgr.sys
0xF7328000 ftdisk.sys
0xF798B000 dmload.sys
0xF7302000 dmio.sys
0xF770F000 PartMgr.sys
0xF74C7000 VolSnap.sys
0xF72EA000 atapi.sys
0xF74D7000 jraid.sys
0xF72D2000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF74E7000 disk.sys
0xF74F7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72B3000 fltMgr.sys
0xF72A1000 sr.sys
0xF728A000 KSecDD.sys
0xF71FD000 Ntfs.sys
0xF71D0000 NDIS.sys
0xF71B5000 Mup.sys
0xF7597000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6C6E000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6C5A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6C35000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7797000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6C12000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF779F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF75B7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF75C7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6BEF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6BD5000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF75E7000 \SystemRoot\system32\DRIVERS\serial.sys
0xF793F000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6BC1000 \SystemRoot\system32\DRIVERS\parport.sys
0xF75F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A6F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7607000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7943000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6BAA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7617000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7627000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6B99000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7637000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6AC4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7647000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7995000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6A44000 \SystemRoot\system32\DRIVERS\update.sys
0xF7963000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7657000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7687000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7999000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAE361000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAE33F000 \SystemRoot\system32\drivers\portcls.sys
0xF7697000 \SystemRoot\system32\drivers\drmk.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF799D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AD8000 \SystemRoot\System32\Drivers\Null.SYS
0xF799F000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77EF000 \SystemRoot\System32\drivers\vga.sys
0xF79A1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79A3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77F7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77FF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6ABC000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE2BC000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE264000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAE243000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF76B7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF76C7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAE21B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7807000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF76D7000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAE159000 \SystemRoot\System32\drivers\afd.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAE12D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAE0BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76F7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6AA0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7527000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF780F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAE077000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7827000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF6A88000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7557000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAE037000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79BD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE31F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF782F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B12000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF061000 \SystemRoot\System32\ati2cqag.dll
0xBF0EB000 \SystemRoot\System32\atikvmag.dll
0xBF151000 \SystemRoot\System32\atiok3x2.dll
0xBF194000 \SystemRoot\System32\ati3duag.dll
0xBF531000 \SystemRoot\System32\ativvaxx.dll
0xAE31B000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xABD0A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xABB67000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xAB6F2000 \SystemRoot\system32\drivers\wdmaud.sys
0xABB1F000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB3A6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A15000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAB327000 \SystemRoot\system32\DRIVERS\srv.sys
0xAB24F000 \??\C:\WINDOWS\gdrv.sys
0xAB03E000 \SystemRoot\System32\Drivers\HTTP.sys
0xF783F000 \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 29):
0 System Idle Process
4 System
848 C:\WINDOWS\system32\smss.exe
924 csrss.exe
956 C:\WINDOWS\system32\winlogon.exe
1000 C:\WINDOWS\system32\services.exe
1012 C:\WINDOWS\system32\lsass.exe
1184 C:\WINDOWS\system32\ati2evxx.exe
1204 C:\WINDOWS\system32\svchost.exe
1272 svchost.exe
1432 C:\WINDOWS\system32\svchost.exe
1556 svchost.exe
1664 svchost.exe
1844 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1868 C:\WINDOWS\system32\ati2evxx.exe
184 C:\WINDOWS\explorer.exe
644 C:\WINDOWS\RTHDCPL.exe
672 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
772 C:\WINDOWS\system32\spoolsv.exe
804 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
900 C:\Program Files\GIGABYTE\GEST\gest.exe
1284 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2064 svchost.exe
3036 alg.exe
3372 C:\Program Files\GIGABYTE\GEST\GSvr.exe
4036 C:\WINDOWS\system32\wuauclt.exe
524 C:\Program Files\Mozilla Firefox\firefox.exe
2240 C:\Program Files\Mozilla Firefox\plugin-container.exe
2724 C:\Documents and Settings\Damian Koh\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive2 Model Number: ST3160811AS, Rev: 3.AAE
PhysicalDrive0 Model Number: ST3250620AS, Rev: 3.AAK
PhysicalDrive1 Model Number: WDCWD5001AALS-00J7B1, Rev: 05.00K05

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


Pleases kindly advise what steps should i do next to clean up better, right now avast is not detecting any infections, so is it good ?

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:52 PM

Posted 04 February 2011 - 09:38 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 lamienz

lamienz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 06 February 2011 - 12:34 AM

check my logs as stated, ty

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:52 PM

Posted 06 February 2011 - 05:37 AM

The MBRCheck log shows that you did replace the Whistler-infected MBR :)

Are there any other symptoms because if not you've done the trick there.
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:52 PM

Posted 08 February 2011 - 08:43 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:52 PM

Posted 09 February 2011 - 07:55 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users