Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


MBR rookit

  • This topic is locked This topic is locked
2 replies to this topic

#1 erikandersen


  • Members
  • 5 posts
  • Local time:09:46 PM

Posted 03 August 2012 - 03:38 PM

Norton Antivirus found rikvm_C6F09094.sys infected. I downloaded Norton Power Eraser that wanted to remove the program. I saw that it was a registry program and did not remove it, but do not know how to fix the potential threat in my registry. Please help

Here is the root kit

MBRCheck, version 1.2.3
© 2010, AD

Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: AMI
System Manufacturer: Hewlett-Packard
System Product Name: HPE-510T
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 199):
0x02C0F000 \SystemRoot\system32\ntoskrnl.exe
0x031F7000 \SystemRoot\system32\hal.dll
0x00BD3000 \SystemRoot\system32\kdcom.dll
0x00C07000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C56000 \SystemRoot\system32\PSHED.dll
0x00C6A000 \SystemRoot\system32\CLFS.SYS
0x00CC8000 \SystemRoot\system32\CI.dll
0x00E54000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F07000 \SystemRoot\system32\drivers\ACPI.sys
0x00F5E000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F67000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F71000 \SystemRoot\system32\drivers\pci.sys
0x00FA4000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FB1000 \SystemRoot\System32\drivers\partmgr.sys
0x00FC6000 \SystemRoot\system32\drivers\volmgr.sys
0x00D88000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FDB000 \SystemRoot\System32\drivers\mountmgr.sys
0x01004000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01158000 \SystemRoot\system32\drivers\amdxata.sys
0x01163000 \SystemRoot\system32\drivers\fltmgr.sys
0x01226000 \SystemRoot\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
0x01297000 \SystemRoot\system32\drivers\fileinfo.sys
0x012AB000 \SystemRoot\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
0x01415000 \SystemRoot\System32\Drivers\Ntfs.sys
0x016BC000 \SystemRoot\System32\Drivers\msrpc.sys
0x0171A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01735000 \SystemRoot\System32\Drivers\cng.sys
0x017A7000 \SystemRoot\System32\drivers\pcw.sys
0x017B8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x018ED000 \SystemRoot\system32\drivers\ndis.sys
0x01800000 \SystemRoot\system32\drivers\NETIO.SYS
0x01860000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A24000 \SystemRoot\System32\drivers\tcpip.sys
0x01C27000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01C71000 \SystemRoot\system32\drivers\volsnap.sys
0x01CBD000 \SystemRoot\System32\Drivers\spldr.sys
0x01CC5000 \SystemRoot\System32\drivers\rdyboost.sys
0x01CFF000 \SystemRoot\System32\Drivers\mup.sys
0x01D11000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01D1A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01D54000 \SystemRoot\system32\DRIVERS\disk.sys
0x01D6A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03000000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0302A000 \SystemRoot\system32\drivers\N360x64\0602010.005\ccSetx64.sys
0x03058000 \SystemRoot\system32\drivers\N360x64\0602010.005\Ironx64.SYS
0x031F1000 \SystemRoot\System32\Drivers\Null.SYS
0x01DA8000 \SystemRoot\System32\Drivers\Beep.SYS
0x01DAF000 \SystemRoot\system32\Drivers\MtiCtwl.sys
0x01DB8000 \SystemRoot\System32\drivers\vga.sys
0x01DC6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01DEB000 \SystemRoot\System32\drivers\watchdog.sys
0x01A00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01A09000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01A12000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0188A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01895000 \SystemRoot\System32\Drivers\Npfs.SYS
0x018A6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x018C8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01600000 \SystemRoot\system32\drivers\afd.sys
0x015B8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01A1B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01689000 \SystemRoot\system32\DRIVERS\pacer.sys
0x018D5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x019E0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x017C2000 \SystemRoot\system32\drivers\termdd.sys
0x04481000 \SystemRoot\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
0x044ED000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x04525000 \SystemRoot\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
0x0453A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0458B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04597000 \SystemRoot\system32\drivers\mssmbios.sys
0x04400000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120802.001\IDSvia64.sys
0x046CE000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04748000 \SystemRoot\System32\drivers\discache.sys
0x04757000 \SystemRoot\System32\Drivers\dfsc.sys
0x04775000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x048DA000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
0x04800000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04826000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04C79000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05687000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0577B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x057C1000 \SystemRoot\system32\drivers\HDAudBus.sys
0x057E5000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04C00000 \SystemRoot\system32\drivers\usbehci.sys
0x04C11000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04877000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04C67000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04786000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04C6E000 \SystemRoot\system32\DRIVERS\serscan.sys
0x057F6000 \SystemRoot\system32\drivers\ksthunk.sys
0x0479C000 \SystemRoot\system32\drivers\ks.sys
0x047DF000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04600000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04616000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x048CE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0463A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04669000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04684000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x046A5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x046BF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x047EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x057FC000 \SystemRoot\system32\drivers\swenum.sys
0x045A2000 \SystemRoot\system32\DRIVERS\sxuptp.sys
0x045EC000 \SystemRoot\system32\drivers\umbus.sys
0x05E21000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05E7B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E90000 \SystemRoot\system32\drivers\AtihdW76.sys
0x05EB1000 \SystemRoot\system32\drivers\portcls.sys
0x05EEE000 \SystemRoot\system32\drivers\drmk.sys
0x05F10000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x05F95000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03089000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05FA3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x05FB6000 \SystemRoot\System32\drivers\Dxapi.sys
0x05FC2000 \SystemRoot\System32\Drivers\usbaapl64.sys
0x05FD4000 \SystemRoot\System32\Drivers\USBD.SYS
0x05FD6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05FF1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05E00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x031DD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x017D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x01D9A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x017EF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x016AF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x007D0000 \SystemRoot\System32\cdd.dll
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x013BC000 \SystemRoot\system32\drivers\luafv.sys
0x013DF000 \SystemRoot\system32\drivers\WudfPf.sys
0x01400000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x00E00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x01200000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x011AF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x011C7000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04AE4000 \SystemRoot\system32\drivers\HTTP.sys
0x04BAD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04BCB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04A2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04A7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0662F000 \??\C:\Windows\system32\Drivers\rikvm_C6F09094.sys
0x08813000 \SystemRoot\system32\drivers\peauth.sys
0x088B9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x088C4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x088F5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08907000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09A42000 \SystemRoot\System32\DRIVERS\srv.sys
0x09ADA000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x09B0B000 \SystemRoot\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
0x0BA01000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120802.032\EX64.SYS
0x09BCA000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120802.032\ENG64.SYS
0x09A00000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys
0x09A26000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
0x089E1000 \SystemRoot\System32\drivers\SMR310.SYS
0x08970000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x08CAB000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77110000 \Windows\System32\ntdll.dll
0x477B0000 \Windows\System32\smss.exe
0xFF430000 \Windows\System32\apisetschema.dll
0xFF810000 \Windows\System32\autochk.exe
0xFF380000 \Windows\System32\msvcrt.dll
0xFF270000 \Windows\System32\msctf.dll
0xFF1D0000 \Windows\System32\clbcatq.dll
0xFF1A0000 \Windows\System32\imm32.dll
0x772E0000 \Windows\System32\psapi.dll
0xFF070000 \Windows\System32\rpcrt4.dll
0xFF050000 \Windows\System32\sechost.dll
0xFF030000 \Windows\System32\imagehlp.dll
0xFEFB0000 \Windows\System32\shlwapi.dll
0xFEFA0000 \Windows\System32\nsi.dll
0xFEF20000 \Windows\System32\difxapi.dll
0x76F00000 \Windows\System32\iertutil.dll
0xFEF10000 \Windows\System32\lpk.dll
0xFEE40000 \Windows\System32\usp10.dll
0xFED60000 \Windows\System32\advapi32.dll
0xFED00000 \Windows\System32\Wldap32.dll
0xFEC60000 \Windows\System32\comdlg32.dll
0xFEC10000 \Windows\System32\ws2_32.dll
0xFEA00000 \Windows\System32\ole32.dll
0xFE990000 \Windows\System32\gdi32.dll
0xFE7B0000 \Windows\System32\setupapi.dll
0xFE6D0000 \Windows\System32\oleaut32.dll
0x772D0000 \Windows\System32\normaliz.dll
0x76DB0000 \Windows\System32\urlmon.dll
0x76C90000 \Windows\System32\kernel32.dll
0x76B30000 \Windows\System32\wininet.dll
0xFD940000 \Windows\System32\shell32.dll
0x76A30000 \Windows\System32\user32.dll
0xFD900000 \Windows\System32\wintrust.dll
0xFD860000 \Windows\System32\comctl32.dll
0xFD6F0000 \Windows\System32\crypt32.dll
0xFD6D0000 \Windows\System32\devobj.dll
0xFD690000 \Windows\System32\cfgmgr32.dll
0xFD620000 \Windows\System32\KernelBase.dll
0xFD610000 \Windows\System32\msasn1.dll
0x772C0000 \Windows\SysWOW64\normaliz.dll

Processes (total 94):
0 System Idle Process
4 System
344 C:\Windows\System32\smss.exe
448 csrss.exe
528 csrss.exe
536 C:\Windows\System32\wininit.exe
576 C:\Windows\System32\winlogon.exe
632 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
648 C:\Windows\System32\lsm.exe
744 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\atiesrxx.exe
956 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
152 C:\Program Files\IDT\WDM\stacsv64.exe
1160 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\svchost.exe
1432 C:\Windows\System32\atieclxx.exe
1548 C:\Windows\System32\spoolsv.exe
1580 C:\Windows\System32\svchost.exe
1680 C:\Program Files\IDT\WDM\AESTSr64.exe
1712 C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
1824 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1904 C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
1928 C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
1964 C:\Program Files\Bonjour\mDNSResponder.exe
2024 C:\Windows\System32\svchost.exe
1060 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
1412 C:\Windows\System32\taskhost.exe
1236 C:\Windows\System32\taskeng.exe
1280 C:\Windows\System32\dwm.exe
2012 C:\Windows\explorer.exe
2100 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2144 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2240 C:\Program Files (x86)\Norton 360\Engine\\ccSvcHst.exe
2288 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
2368 C:\Program Files (x86)\Norton Online\Engine\\ccSvcHst.exe
2384 C:\Program Files (x86)\Norton 360\Engine\\ccSvcHst.exe
2436 C:\Program Files (x86)\PDF Complete\pdfsvc.exe
2492 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
2556 C:\Windows\System32\svchost.exe
2612 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2712 C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
2800 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2932 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
2956 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2992 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
2596 C:\Program Files\IDT\WDM\sttray64.exe
3124 C:\Windows\System32\svchost.exe
3188 C:\Program Files (x86)\Steam\Steam.exe
3292 C:\Program Files\Windows Sidebar\sidebar.exe
3300 WUDFHost.exe
3344 unsecapp.exe
3480 C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
3556 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
3752 C:\Program Files (x86)\Ask.com\Updater\Updater.exe
3780 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
3788 C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
3856 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3868 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3992 C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
4032 C:\Program Files\iPod\bin\iPodService.exe
2480 C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
2312 C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
2704 C:\Windows\System32\SearchIndexer.exe
4100 C:\Program Files\Windows Media Player\wmpnetwk.exe
4636 C:\Windows\System32\svchost.exe
4112 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
5784 dllhost.exe
2060 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3032 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4480 C:\Windows\System32\taskeng.exe
4728 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
5356 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
3080 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2608 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
1912 C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
3036 C:\Windows\System32\audiodg.exe
1708 C:\Windows\servicing\TrustedInstaller.exe
804 C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
3432 C:\Windows\System32\SearchProtocolHost.exe
4968 C:\Windows\System32\SearchFilterHost.exe
3696 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
4060 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5724 C:\Program Files (x86)\Internet Explorer\iexplore.exe
460 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
5512 C:\Windows\System32\SearchProtocolHost.exe
5052 C:\Program Files (x86)\Internet Explorer\iexplore.exe
6260 dllhost.exe
6296 dllhost.exe
6336 C:\Users\Dad\Downloads\MBRCheck.exe
6364 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`065f9a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000001ce`69700000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDS722020ALA330, Rev: JKAOA3GB
PhysicalDrive1 Model Number: SAMSUNGSP2504C, Rev: VT100-52

Size Device Name MBR Status
1863 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 62212FC622CEEF3B7153D2D97F06C31109550962
232 GB \\.\PhysicalDrive1 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


If Needed... Run a Command as Administrator Windows 7

Press Y


To remove the infection, run the command mbr.exe -f (note the space between the e and -f) from a command prompt. Have the user reboot the machine, otherwise the next report may still show (false) infection. Then run mbr.exe again to confirm the removal.

Open Windows Explorer and rename the C:\mbr.log to C:\mbr.old
Go to Start > Run and type: cmd
press Ok.
At the command prompt, type: cd \
press Enter.
At the command prompt, type: mbr.exe -f
(make sure you have a space before the e and the -f)
press Enter.
At the command prompt, type: exit
press Enter.

It will produce a new report at C:\mbr.log. Please copy/paste the results in your next reply.


I tried to do what you recommended but ran into several problems.

1. There is no c:/mbr.log so I did a search and found no mbr.log anywhere.

2. at the command prompt the is no mbr.exe and when typing in mbr.exe -f all I recieved was an error saying the file was not there.

am I missing a program?


Ughh ,,We will need to move and start a new topic so we can safely remove what's on here.

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip GMER,instead post the MBR log from above..

Title new post MBR rookit.

Let me know if that went well.


BC AdBot (Login to Remove)


#2 HelpBot


    Bleepin' Binary Bot

  • Bots
  • 12,633 posts
  • Gender:Male
  • Local time:10:46 PM

Posted 08 August 2012 - 03:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:


Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463743 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.


Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.


We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot


    Bleepin' Binary Bot

  • Bots
  • 12,633 posts
  • Gender:Male
  • Local time:10:46 PM

Posted 13 August 2012 - 03:45 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users