Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Operating Memory Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 gakkbu

gakkbu

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 21 May 2012 - 09:59 AM

My anitivirus is ESET Nod32 5

Tried using aswMBR
This was the result.
also tried using Roguekiller but wasn't able to find the virus said above.
and i think also aswMBR.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-21 22:32:27
-----------------------------
22:32:27.343 OS Version: Windows x64 6.1.7601 Service Pack 1
22:32:27.343 Number of processors: 4 586 0x3A09
22:32:27.343 ComputerName: NIALL-PC UserName: Niall
22:32:31.383 Initialize success
22:41:12.984 AVAST engine defs: 12052100
22:41:37.824 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:41:37.834 Disk 0 Vendor: ST350041 CC35 Size: 476940MB BusType: 3
22:41:37.834 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
22:41:37.834 Disk 1 Vendor: ST350032 SD15 Size: 476940MB BusType: 3
22:41:37.844 Disk 0 MBR read successfully
22:41:37.844 Disk 0 MBR scan
22:41:37.854 Disk 0 Windows 7 default MBR code
22:41:37.854 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:41:37.864 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
22:41:37.884 Disk 0 scanning C:\Windows\system32\drivers
22:41:49.794 Service scanning
22:42:05.184 Modules scanning
22:42:05.184 Disk 0 trace - called modules:
22:42:05.214 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys sptd.sys hal.dll
22:42:05.214 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009dcc060]
22:42:05.224 3 CLASSPNP.SYS[fffff88001c5143f] -> nt!IofCallDriver -> [0xfffffa8007874620]
22:42:05.224 5 ACPI.sys[fffff880011a57a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007876050]
22:42:18.804 AVAST engine scan C:\Windows
22:42:20.374 AVAST engine scan C:\Windows\system32
22:44:38.124 AVAST engine scan C:\Windows\system32\drivers
22:44:52.074 AVAST engine scan C:\Users\Niall
22:45:22.224 File: C:\Users\Niall\AppData\Roaming\Hacker.exe **INFECTED** Win32:Dropper-KXU [Drp]
22:49:49.084 AVAST engine scan C:\ProgramData
22:50:00.914 Scan finished successfully
22:50:34.425 Disk 0 MBR has been saved successfully to "C:\Users\Niall\Desktop\MBR.dat"
22:50:34.435 The log file has been saved successfully to "C:\Users\Niall\Desktop\aswMBR.txt"

any help will be appreciated. thanks.

Edited by gakkbu, 21 May 2012 - 11:21 AM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:51 PM

Posted 21 May 2012 - 02:56 PM

Good evening. :)

Please go here, follow steps six and seven and then post accordingly into this thread.

So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:51 PM

Posted 27 May 2012 - 03:26 PM

Helpers are limited in the number of logs they can take by the time they have available and having threads sit idle means that somebody else who could be being helped has to wait.
Given that there has been no response for at least five days, and I have no way of knowing when there will be one, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users