Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

aswMBR found IRP_MJ_CREATE


  • Please log in to reply
3 replies to this topic

#1 whatisavailable

whatisavailable

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:26 PM

Posted 18 February 2013 - 05:22 PM

I ran aswMBR and it found the following:

 

\driver\nvstore64/0xfffffa8002b7fe70] -> IRP_MJ_CREATE -> 0xfffffa8002abc2c0

 

It was highlighted in red.  Should I be concerned?

 

Thanks

Jim

 

Windows 7, btw

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:26 AM

Posted 18 February 2013 - 09:18 PM

Was there also an option to click FixMBR or FIX?

 

Posting the complete log would be better for us.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:26 PM

Posted 25 February 2013 - 09:35 AM

Thanks.

Here is the log:

 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2013-02-24 08:39:05
-----------------------------
08:39:05.822    OS Version: Windows x64 6.1.7601 Service Pack 1
08:39:05.822    Number of processors: 2 586 0x602
08:39:05.822    ComputerName: JIM-PC7  UserName: Jim
08:39:08.567    Initialize success
08:39:58.802    AVAST engine defs: 13022400
08:40:59.848    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
08:40:59.848    Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
08:41:00.020    Disk 0 MBR read error 0
08:41:00.035    Disk 0 MBR scan
08:41:00.035    Disk 0 unknown MBR code
08:41:00.035    MBR BIOS signature not found 0
08:41:00.066    Disk 0 scanning C:\Windows\system32\drivers
08:41:30.503    Service scanning
08:42:11.219    Modules scanning
08:42:11.235    Disk 0 trace - called modules:
08:42:11.281    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8002ab52c0]<<sptd.sys storport.sys hal.dll nvstor64.sys
08:42:11.297    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800332e790]
08:42:11.297    3 CLASSPNP.SYS[fffff88001b9543f] -> nt!IofCallDriver -> [0xfffffa8002b76d30]
08:42:11.313    5 ACPI.sys[fffff880011a97a1] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa8002bf85d0]
08:42:11.313    \Driver\nvstor64[0xfffffa8002ba5ac0] -> IRP_MJ_CREATE -> 0xfffffa8002ab52c0
08:42:15.478    AVAST engine scan C:\Windows
08:42:24.120    AVAST engine scan C:\Windows\system32
08:51:29.350    AVAST engine scan C:\Windows\system32\drivers
08:51:56.385    AVAST engine scan C:\Users\Jim
11:59:42.857    AVAST engine scan C:\ProgramData
12:07:45.881    Scan finished successfully
08:24:15.330    Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
08:24:15.408    The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR-2-25-13.txt"

 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:26 AM

Posted 25 February 2013 - 02:44 PM

This does look like a rootkit infecton. Please repost that aswMBR log with a DDS ;log from this guide. Do steps 6,7 and 8.

 

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users