Original Topic - Am I infected? What to do?
I am a PC tech working on a Gateway laptop infected with a MBR Rootkit. Bleeping Computer is a place where one tech helps another, and I could use some help now.
It started out as a computer caught in a loop. I pulled the drive, and scanned it externally with eset online scanner. Eset found 20 threats, one of which was a trojan, Win32/Kryptik.CBJZ.
I reinstalled the drive, and the machine booted right up. I installed CCleaner and removed 7GB of junk. I installed MalwareBytes Pro and Avast. I backed up all of the client's data.
MalwareBytes detects the rootkit as 2 forged physical sectors, and Avast detects it as MBR:Cidox-E[Rtk]. MalwareBytes cannot remove it. Avast is unable to remove it. After the first attempt, I got BSOD Quota_Underflow, and after the 2nd attempt, BSOD Reference_By_Pointer.
I downloaded Aswmbr from Avast, and it reported the default Windows 7 MBR was fine. So I am starting to wonder if it has something to do with the Gateway Recovery Partition. I have FRST64 logs if that would be helpful.
So "am I infected? What do I do next?"
I am thinking, "throw away the hard drive, and put in a new one."
I look at removing bugs as a challenge. I am a warrior, and I hate to give up the fight.
Note: The local Ohio tech force recommended the client buy a new computer. They sent it to me in Florida as I am a trusted family member.
It would be the easiest solution to just replace the drive. However I would like to learn what is necessary to remove this threat.