Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR Modification: does it mean am I infected?


  • Please log in to reply
5 replies to this topic

#1 Tim Rogers

Tim Rogers

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 18 July 2013 - 04:08 PM

Hi,
 
I have just finished running a full scan with Comodo Cleaning Essentials. And I had the following checked in Options:
 
Scan for Suspicious MBR modifications
 
Report all MBR modifications
 
The scan took over an hour to complete, and in the results it showed an MBR Modification ( MBR[at]Disk 0).
 
But, since I did not know whether this was a false positive, to be on the safer side I did not clean or remove but instead chose ignore.
 
So now, can someone offer any advice on what I should do regarding the MBR modification - is it unsafe? should i remove it?
 
Thanks.

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:28 AM

Posted 18 July 2013 - 07:35 PM

Lets get a second opinion. You may need to temporarily disable Comodo.
 
 
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Tim Rogers

Tim Rogers
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 18 July 2013 - 10:30 PM

First off, thanks for your response. 

 

I ran aswMBR, but was not asked to update.

 

And here is the log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-19 08:43:20
-----------------------------
08:43:20.178    OS Version: Windows x64 6.1.7601 Service Pack 1
08:43:20.178    Number of processors: 8 586 0x3A09
08:43:20.179    ComputerName: ----  UserName: ----
08:43:21.523    Initialize success
08:43:21.592    AVAST engine defs: 13071803
08:43:49.940    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:43:49.944    Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
08:43:50.102    Disk 0 MBR read successfully
08:43:50.107    Disk 0 MBR scan
08:43:50.112    Disk 0 Windows VISTA default MBR code
08:43:50.117    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
08:43:50.128    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        14444 MB offset 81920
08:43:50.148    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       472523 MB offset 29663232
08:43:50.152    Disk 0 Partition - 00     0F Extended LBA            466861 MB offset 997390336
08:43:50.180    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       466860 MB offset 997392384
08:43:50.315    Disk 0 scanning C:\Windows\system32\drivers
08:43:58.273    Service scanning
08:44:32.546    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
08:44:38.739    Modules scanning
08:44:38.739    Disk 0 trace - called modules:
08:44:38.770    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys sptd.sys hal.dll 
08:44:38.770    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a5d3790]
08:44:38.786    3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80082688d0]
08:44:38.786    5 stdcfltn.sys[fffff88001ad5d12] -> nt!IofCallDriver -> [0xfffffa8008152550]
08:44:38.801    7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008156050]
08:44:39.457    AVAST engine scan C:\Windows
08:44:41.578    AVAST engine scan C:\Windows\system32
08:46:22.542    AVAST engine scan C:\Windows\system32\drivers
08:46:30.669    AVAST engine scan C:\Users\----
08:47:53.552    AVAST engine scan C:\ProgramData
08:48:44.346    Scan finished successfully
08:50:10.342    Disk 0 MBR has been saved successfully to "C:\Users\----\Desktop\MBR.dat"
08:50:10.347    The log file has been saved successfully to "C:\Users\----\Desktop\aswMBR.txt"
 

 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:28 AM

Posted 19 July 2013 - 10:53 AM

Looks good to me , leave it alone.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Tim Rogers

Tim Rogers
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 19 July 2013 - 01:54 PM

Looks good to me , leave it alone.

Thanks. Nice to hear that. I really appreciate your help. :thumbup2:



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:28 AM

Posted 19 July 2013 - 02:07 PM

You're welcome!


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users