Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR Boot Kit Trojan


  • Please log in to reply
1 reply to this topic

#1 seether

seether

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Dakota
  • Local time:12:32 PM

Posted 06 January 2012 - 10:04 PM

Hello,

I suspect I have a problem with a boot kit trojan.

BCD Store looks like this:


Windows Boot Manager
--------------------------
identifier {bootmgr}
device unknown
description Windows Boot Manager
locale in-US
inherit {globalsettings}
default {current}
resumeobject {9b133800-38df-11e1-919c-cfb3aaf7c08d}
displayorder {current}
toolsdisplayorder {memdiag}
timeout {30}

Windows Boot Manager
-------------------------------
identifier {current}
device partition=C:
path \Windows\system32\sinload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
default {current}
recoverysequence {9b133800-38df-11e1-919c-cfb3aaf7c08d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {9b133800-38df-11e1-919c-cfb3aaf7c08d}
nx OptIn

Edited by seether, 06 January 2012 - 10:05 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:32 PM

Posted 06 January 2012 - 11:25 PM

Hello seether
To confirm this bootkit, do the following:

In case you don't have an archive extracter installed already:
Please download 7zip and install the program on your computer (we need this program in order to be able to unzip the tool that can delete Bootkit Whistler).

When 7zip is succesfully installed, please download bootkit_remover.rar and save the file to your desktop.

Right click on the file and select "extract/unzip here".

This will create two readme files and remover.exe on your desktop.
Double click on remover.exe; a command window will open. Please copy/paste the text under "MBR Status" and post that in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users