Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Win32.BackBoot.gen


  • Please log in to reply
3 replies to this topic

#1 Himemiya

Himemiya

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:48 PM

Posted 11 May 2012 - 07:18 PM

Hi,

My computer is running abnormally slow and my internet will disconnect after the computer has been on for maybe 10 minutes.

I have run AVG, MalwareBytes,SAS,and ESET and they aren't picking up anything. However, TDSSKiller will find a "suspiscious object" titled Rootkit.Win32.BackBoot.gen but fails to remove it.

Any help would be greatly appreciated!!

--Emi

Edited by Himemiya, 11 May 2012 - 07:21 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:48 PM

Posted 11 May 2012 - 08:04 PM

Hello,lets run another tool.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Himemiya

Himemiya
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:48 PM

Posted 11 May 2012 - 09:52 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-11 21:23:07
-----------------------------
21:23:07.078 OS Version: Windows 5.1.2600 Service Pack 3
21:23:07.078 Number of processors: 2 586 0xF02
21:23:07.078 ComputerName: DELL-D999CB1682 UserName: Dell
21:23:07.546 Initialize success
21:29:40.921 AVAST engine defs: 12051101
21:30:04.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:30:04.609 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
21:30:04.656 Disk 0 MBR read successfully
21:30:04.656 Disk 0 MBR scan
21:30:04.718 Disk 0 Windows XP default MBR code
21:30:04.718 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
21:30:04.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76238 MB offset 96390
21:30:04.781 Disk 0 scanning sectors +156232125
21:30:05.000 Disk 0 scanning C:\WINDOWS\system32\drivers
21:30:22.421 Service scanning
21:30:53.937 Modules scanning
21:31:03.203 Disk 0 trace - called modules:
21:31:03.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
21:31:03.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f5fab8]
21:31:03.281 3 CLASSPNP.SYS[f7633fd7] -> nt!IofCallDriver -> \Device\00000069[0x86f1f5a0]
21:31:03.281 5 ACPI.sys[f74ca620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f62d98]
21:31:06.156 AVAST engine scan C:\WINDOWS
21:31:13.281 AVAST engine scan C:\WINDOWS\system32
21:35:27.468 AVAST engine scan C:\WINDOWS\system32\drivers
21:35:54.375 AVAST engine scan C:\Documents and Settings\Dell
21:44:38.875 AVAST engine scan C:\Documents and Settings\All Users
21:49:35.765 Scan finished successfully
21:50:57.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dell\Desktop\MBR.dat"
21:50:57.437 The log file has been saved successfully to "C:\Documents and Settings\Dell\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-11 21:23:07
-----------------------------
21:23:07.078 OS Version: Windows 5.1.2600 Service Pack 3
21:23:07.078 Number of processors: 2 586 0xF02
21:23:07.078 ComputerName: DELL-D999CB1682 UserName: Dell
21:23:07.546 Initialize success
21:29:40.921 AVAST engine defs: 12051101
21:30:04.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:30:04.609 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
21:30:04.656 Disk 0 MBR read successfully
21:30:04.656 Disk 0 MBR scan
21:30:04.718 Disk 0 Windows XP default MBR code
21:30:04.718 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
21:30:04.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76238 MB offset 96390
21:30:04.781 Disk 0 scanning sectors +156232125
21:30:05.000 Disk 0 scanning C:\WINDOWS\system32\drivers
21:30:22.421 Service scanning
21:30:53.937 Modules scanning
21:31:03.203 Disk 0 trace - called modules:
21:31:03.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
21:31:03.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f5fab8]
21:31:03.281 3 CLASSPNP.SYS[f7633fd7] -> nt!IofCallDriver -> \Device\00000069[0x86f1f5a0]
21:31:03.281 5 ACPI.sys[f74ca620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f62d98]
21:31:06.156 AVAST engine scan C:\WINDOWS
21:31:13.281 AVAST engine scan C:\WINDOWS\system32
21:35:27.468 AVAST engine scan C:\WINDOWS\system32\drivers
21:35:54.375 AVAST engine scan C:\Documents and Settings\Dell
21:44:38.875 AVAST engine scan C:\Documents and Settings\All Users
21:49:35.765 Scan finished successfully
21:50:57.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dell\Desktop\MBR.dat"
21:50:57.437 The log file has been saved successfully to "C:\Documents and Settings\Dell\Desktop\aswMBR.txt"
21:51:22.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dell\Desktop\MBR.dat"
21:51:22.703 The log file has been saved successfully to "C:\Documents and Settings\Dell\Desktop\aswMBR.txt"

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:48 PM

Posted 11 May 2012 - 10:06 PM

Not showing there either. Looks like we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users