Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BOO/Whistler tdss rootkit infection


  • Please log in to reply
1 reply to this topic

#1 nitro1

nitro1

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 10 September 2011 - 01:39 PM

I initially posted a topic in the internal hardware forum, (which can be found here). Upon the advice of 1972vet, I have come to this forum to seek further assistance.

A brief background for you: I have reformatted one of my computers with a fresh install of windows xp pro. I left a secondary hard drive in tact as I wanted to save the data. However, upon installing Avira AntiVir, I encountered some problems with it detecting BOO/Whistler.

The event log shows these messages:

The file 'Master boot sector HD1'
contained a virus or unwanted program 'BOO/Whistler' [virus]
Action(s) taken:
Contains code of the BOO/Whistler boot sector virus.
The boot sector was not written!

The file 'Boot sector 'D:\''
contained a virus or unwanted program 'BOO/Whistler' [virus]
Action(s) taken:
Contains code of the BOO/Whistler boot sector virus.
The boot sector was not written!


A virus or
unwanted program 'BOO/Whistler' [virus] was found in Boot sector of drive 'D:'.
Action executed: Deny access

A virus or
unwanted program 'BOO/Whistler' [virus] was found in Master boot sector of drive 'Master boot sector HD1'.
Action executed: Deny access


The file 'Boot sector 'D:\''
contained a virus or unwanted program 'BOO/Whistler' [virus]
Action(s) taken:
Contains code of the BOO/Whistler boot sector virus.

The file 'Master boot sector HD1'
contained a virus or unwanted program 'BOO/Whistler' [virus]
Action(s) taken:
Contains code of the BOO/Whistler boot sector virus.


I lost access to my secondary drive, either after the 2nd or 3rd set of logs, but have since restored it with partition wizard. However I am under the assumption that this drive is still infected. I don't want to run a scan with avira again in case I run into the same issue, so I was hoping someone could guide me along in disinfecting my computer. Let me know if there is anymore info you need. Thanks in advance!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:03 AM

Posted 10 September 2011 - 03:50 PM

Your secondary drive is not bootable, so it really doesn't matter if it's boot sector is infected, or not.

You can always scan it with your AV program to see if something else is hiding there.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users