Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New version of MBR rootkit (win32/mebroot)


  • This topic is locked This topic is locked
3 replies to this topic

#1 Ace3

Ace3

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece
  • Local time:12:32 PM

Posted 05 September 2011 - 01:09 PM

NOD32 says

Scan Log
Version of virus signature database: 6436 (20110904)
Date: 5/9/2011 Time: 5:16:58 πμ
Scanned disks, folders and files: Operating memory
Operating memory - Win32/Mebroot trojan - action selection postponed until scan completion
Number of scanned objects: 504
Number of threats found: 1
Number of cleaned objects: 0
Time of completion: 5:26:08 πμ Total scanning time: 550 sec (00:09:10)

1.Tryed the EMebRemover.exe but it says
New version of MBR rootkit (win32/mebroot)detected
Unable to clean the rootkit.

2. Tryed mbam
Sees nothing wrong..

?? Can me someone help me?

6-9 steps
Done.Did it as shown in the example.

Merged topics then posts pruning off no longer relevant posts. ~ OB

Attached Files


Edited by Orange Blossom, 05 September 2011 - 11:28 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 10 September 2011 - 01:09 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

Wait for further instructions.

#3 Ace3

Ace3
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece
  • Local time:12:32 PM

Posted 10 September 2011 - 02:17 PM

Hello nasdaq.
The labtop crashed becouse of the scans of the hard disk...
Went it to the store and they did a format!!!
40 Euro.. only! But a new labtop.. only it's empty!!
Thank you anyway for trying to help me...
But it was too late.. i ll sent you a pm and explain to you what happend from the beginning!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 11 September 2011 - 08:47 AM

Thank you for the feed back.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users