Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR problem


  • Please log in to reply
8 replies to this topic

#1 idougie

idougie

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 14 July 2011 - 07:32 PM

so today i went and got myself some malwarebytes and avast antivirus and when i got round to scanning my computer i had 300 infected files which were safely quaranteened except 1. i tried everything to remove this hes the info:

FILENAME SEVERITY STATUS
MBR: \\.\PHYSICALDRIVE0 HIGH THREAT ROOTKIT HIDDEN BOOT SECTOR

i downloaded a program to try remove this called: aswMBR its a rootkit remover from avast. i went to fix MBR and got a warning up saying

WARNING

writing a new master boot record to your system partition could damage your partition tables and cause your partitions to become inaccessable

this application writes standard windows MBR code

are you sure you want to fix MBR yes? no?

i never did it because it sounded like it would damage my computer.

can anyone help with the removal of this??

thanks.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:36 PM

Posted 14 July 2011 - 07:58 PM

can you post the logs from Malwarebytes and aswMBR?

#3 idougie

idougie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 14 July 2011 - 08:08 PM

can you post the logs from Malwarebytes and aswMBR?


il have to rescan i never saved them give me like 20mins. thanks

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:36 PM

Posted 14 July 2011 - 08:10 PM

the logs should be auto saved. Fire up Malwarebytes and go to the logs tab.

#5 idougie

idougie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 14 July 2011 - 08:15 PM

il check malwarebytes now i never did a full scan with aswMBR because it detected the rtk straight away so i clicked fix MBR

#6 idougie

idougie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 14 July 2011 - 08:21 PM

i just checked the malware logs and its not in their. and then i remembered it was avast that detected it.

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:36 PM

Posted 14 July 2011 - 08:29 PM

paste that log

#8 idougie

idougie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 14 July 2011 - 08:38 PM

can you post the logs from Malwarebytes and aswMBR?


he is aswMBR log

aswMBR version 0.9.7.747 Copyright© 2011 AVAST Software
Run date: 2011-07-15 02:08:49
-----------------------------
02:08:49.640 OS Version: Windows 5.1.2600 Service Pack 3
02:08:49.640 Number of processors: 1 586 0xA00
02:08:49.640 ComputerName: COMPUTER_1 UserName: Michelle
02:08:53.203 Initialize success
02:08:53.328 AVAST engine defs: 11071401
02:08:57.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:08:57.000 Disk 0 Vendor: SAMSUNG_SV2001H QN100-07 Size: 19130MB BusType: 3
02:08:59.031 Disk 0 MBR read successfully
02:08:59.031 Disk 0 MBR scan
02:08:59.046 Disk 0 MBR:Alureon-G [Rtk]
02:08:59.046 Disk 0 TDL4@MBR code has been found
02:08:59.046 Disk 0 MBR [TDL4] **ROOTKIT**
02:08:59.109 Disk 0 scanning C:\WINDOWS\system32\drivers
02:09:34.812 Service scanning
02:09:35.968 Disk 0 trace - called modules:
02:09:35.984 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
02:09:35.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8675cab8]
02:09:35.984 3 CLASSPNP.SYS[f788ffd7] -> nt!IofCallDriver -> \Device\00000060[0x8676df18]
02:09:35.984 5 ACPI.sys[f77e6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8676bd98]
02:09:36.375 AVAST engine scan C:\WINDOWS
02:33:37.890 File: C:\WINDOWS\is-17N7D.exe **HIDDEN**
02:33:42.125 AVAST engine scan C:\Documents and Settings\Michelle
02:37:54.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michelle\My Documents\MBR.dat"
02:37:54.328 The log file has been saved successfully to "C:\Documents and Settings\Michelle\My Documents\aswMBR.txt"

#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:36 PM

Posted 14 July 2011 - 08:48 PM

Please follow the instructions in ==>

Malware Removal and Log Section Preparation Guide
<==
.

Once the proper logs are created, then make a NEW TOPIC and post it ==>

HERE
<==
Please include the link to this topic in your new topic and a description of your computer issues and

what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that

you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to

create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users