Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible master boot record infection


  • This topic is locked This topic is locked
6 replies to this topic

#1 Tyroleus

Tyroleus

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 16 November 2011 - 04:41 PM

About a week ago my amd m3a78-em desktop windows xp pro starting acting abnormal the keyboard would not function properly (stuck in cap locks), if you tried to click a shortcut you would end up clicking 10 shortcuts, when clicking links on the web they open the same page that the link you just clicked was on in a new window, and other errors. So I began checking for viruses using avast quick, full, and bootup scans, and malwarebytes which came up with some adware and 1 trojan which I quarantined and eventually deleted when I was still having the same problems so not knowing all that much about virus removal and not wanting to bring it into the shop I decided to reformat it to windows xp pro(same operating system as before) which made no difference even during the reformat the keyboard wasnt functioning so that kinda made me think it may be a hardware problem so I tried formating a blank hard drive in it and again same problem so then remebering that linux isnt effected by windows based viruses I tried that on the original hardrive and everything worked properly again I then reinstalled xp still having the same problems. so I could really use some help is this a virus or a hardware problem and is it possible I have buried the problem by reformating. If you require any other information just ask and I will do my best to provide it. Thanks in advance for any help you can offer.

currently this is a fresh install of xp and there are no driver updates or anti_virus programs installed with the exception of a ethernet driver and malwarebytes because of the complications im facing with the computer


this post is in response to: http://www.bleepingcomputer.com/forums/topic428030.html

dds:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Administrator at 11:00:26 on 2011-11-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.411 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9A0D34A5-24E3-40D6-978A-73FE308CB0DB} : DhcpNameServer = 192.168.2.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\9n92n57q.default\
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-15 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-15 22216]
.
=============== Created Last 30 ================
.
2011-11-16 18:55:00 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
2011-11-16 18:45:25 -------- d-s---w- c:\documents and settings\administrator\UserData
2011-11-16 18:42:11 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-11-16 18:42:11 142336 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2011-11-16 18:42:10 -------- d-----w- c:\program files\Realtek
2011-11-15 20:58:36 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-11-15 20:58:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-15 20:58:27 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 20:58:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
.
============= FINISH: 11:00:41.71 ===============

Attached Files


Edited by Tyroleus, 16 November 2011 - 05:55 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:59 PM

Posted 20 November 2011 - 09:24 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Tyroleus

Tyroleus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 20 November 2011 - 04:48 PM

Ok odd thing, all of the sudden my computer is functioning properly again all the keys work properly, it doesnt open everything in link etc. I have made absolutely no changes to the computer all I did was use it to do the scans you asked for then killed the power to it until you responded to my post which I think took approx. 3-4 days and now I have fired it back up to do this OTL scan so I dont know whats going on however I hope you will still have a look at my scan. cause problems dont just disapear like that. I will continue to make no changes to the computer until you instruct me to all I will do is what I did last time. Kill the power to it and await your response. also I am going to attach the scans cause there to long to post.

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:59 PM

Posted 20 November 2011 - 08:01 PM

Hi,

all your logs look clean. So I am not sure if you are or have been infected.

Just to be sure, when you reformated your drive you were booting from CD, right? In that case whatever virus was on your hard drive would have been inactive and incapable of causing any symptoms.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Tyroleus

Tyroleus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 21 November 2011 - 01:16 PM

Yeah I booted from the disc. like I said im confused because all of the sudden the symptoms have disappeared anyways should I try to put in all the drivers and use it then?

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:59 PM

Posted 21 November 2011 - 07:04 PM

Hi,

yes, please do.

If it was a stuck key of sorts, it may have come unstuck.. it's not the most natural thing to happen, but it happens.
Anything but a hardware issue will fail to explain the symptoms on multiple OS and boot media.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:59 PM

Posted 03 December 2011 - 09:26 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users