Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Roguekiller MBR Check result - signs of infection?


  • This topic is locked This topic is locked
3 replies to this topic

#1 - Cadence

- Cadence

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 08 January 2014 - 06:10 PM

Hi there Bleepingcomputer,

 

Using RogueKiller (v8.8.0) the result of the MBR check seemed to be (a bit) off. Results of other tools/checks in RogueKiller were - as far as I could tell - not worrisome. Does the MBR result show signs of infection, or are other factors at play? Is it harmful? How do I fix it? These three questions came to mind. As my knowledge of MBR is limited, some advice on the matter would be appreciated. My laptop operates on Windows 7 Home Premium. 

 

Thanks,

 

- Cadence

 

 

RogueKiller v8.8.0:

 

¤¤¤ MBR Check: ¤¤¤

 
+++++ PhysicalDrive0: TOSHIBA MK3261GSY +++++
--- User ---
[MBR] 23ba349322ca4617e8bd883de228346d
[BSP] 2a0f0945c55488122ab84b66004042ff : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
 
33  c0  8e  d0  bc  00  7c  8e  c0  8e  d8  be  00  7c  bf  00  06  
b9  00  02  fc  f3  a4  50  68  1c  06  cb  fb  b9  04  00  bd  be  
07  80  7e  00  00  7c  0b  0f  85  10  01  83  c5  10  e2  f1  cd  
18  88  56  00  55  c6  46  11  05  c6  46  10  00  b4  41  bb  aa  
55  cd  13  5d  72  0f  81  fb  55  aa  75  09  f7  c1  01  00  74  
03  fe  46  10  66  60  80  7e  10  00  74  26  66  68  00  00  00  
00  66  ff  76  08  68  00  00  68  00  7c  68  01  00  68  10  00  
b4  42  8a  56  00  8b  f4  cd  13  9f  83  c4  10  9e  eb  14  b8  
01  02  bb  00  7c  8a  56  00  8a  76  01  8a  4e  02  8a  6e  03  
cd  13  66  61  73  1e  fe  4e  11  0f  85  0c  00  80  7e  00  80  
0f  84  8a  00  b2  80  eb  82  55  32  e4  8a  56  00  cd  13  5d  
eb  9c  81  3e  fe  7d  55  aa  75  6e  ff  76  00  e8  8a  00  0f  
85  15  00  b0  d1  e6  64  e8  7f  00  b0  df  e6  60  e8  78  00  
b0  ff  e6  64  e8  71  00  b8  00  bb  cd  1a  66  23  c0  75  3b  
66  81  fb  54  43  50  41  75  32  81  f9  02  01  72  2c  66  68  
07  bb  00  00  66  68  00  02  00  00  66  68  08  00  00  00  66  
53  66  53  66  55  66  68  00  00  00  00  66  68  00  7c  00  00  
66  61  68  00  00  07  cd  1a  5a  32  f6  ea  00  7c  00  00  cd  
18  a0  b7  07  eb  08  a0  b6  07  eb  03  a0  b5  07  32  e4  05  
00  07  8b  f0  ac  3c  00  74  fc  bb  07  00  b4  0e  cd  10  eb  
f2  2b  c9  e4  64  eb  00  24  02  e0  f8  24  02  c3  49  6e  76  
61  6c  69  64  20  70  61  72  74  69  74  69  6f  6e  20  74  61  
62  6c  65  00  45  72  72  6f  72  20  6c  6f  61  64  69  6e  67  
20  6f  70  65  72  61  74  69  6e  67  20  73  79  73  74  65  6d  
00  4d  69  73  73  69  6e  67  20  6f  70  65  72  61  74  69  6e  
67  20  73  79  73  74  65  6d  00  00  00  00  62  7a  99  2f  58  
fb  9f  00  00  
 
3.....|......|.........Ph...........~..|.............V.U.F...F...A..U..]r...U.u.....t..F.f`.~..t&fh....f.v.h..h.|h..h...B.V.................|.V..v..N..n...fas..N......~..........U2..V...]...>.}U.un.v...........d.....`.x....d.q......f#.u;f..TCPAu2....r,fh....fh....fh....fSfSfUfh....fh.|..fah.....Z2...|.................2.......<.t..........+..d..$...$..Invalid partition table.Error loading operating system.Missing operating system....bz./X....
 
User = LL1 ... OK!
User = LL2 ... OK!


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:31 PM

Posted 10 January 2014 - 02:06 PM

Hello please repost this log with a DDS log (from this guide) in a new topic.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 - Cadence

- Cadence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 11 January 2014 - 01:50 PM

Thank you for the reply. All went well. I have started a new topic. 



#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,868 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:31 AM

Posted 11 January 2014 - 02:54 PM

Reference:  http://www.bleepingcomputer.com/forums/t/520468/damaged-master-boot-record/

 

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users