Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do I still have some malware?


  • This topic is locked This topic is locked
2 replies to this topic

#1 pech212

pech212

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 16 January 2016 - 05:27 PM

Hello, a few days ago I got infected by a rootkit (tr/rootkit.gen2) so I decided that the best option for me is to reinstall Windows. After that I scanned the computer with AVG and Malwarebytes Anti-Malware and nothing was found. But since I've read that some rootkits could also infect the Master boot record, I've also performed a scan with aswMBR by Avast. I think there wasn't anything suspicious, but I could be wrong so that's why I'm posting the log from it here:

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software

Run date: 2016-01-16 23:31:56

-----------------------------

23:31:56.987    OS Version: Windows x64 6.1.7601 Service Pack 1

23:31:56.987    Number of processors: 2 586 0x3A09

23:31:56.987    ComputerName: STEFAN-PC  UserName: Stefan

23:32:09.233    Initialize success

23:32:09.358    VM: initialized successfully

23:32:09.373    VM: Intel CPU supported

23:32:32.992    VM: supported disk I/O ataport.SYS

23:36:51.299    AVAST engine defs: 16011603

23:37:04.590    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

23:37:04.590    Disk 0 Vendor: TOSHIBA_MQ01ABD100 AX003J Size: 953869MB BusType: 11

23:37:07.696    VM: Disk 0 MBR read successfully

23:37:07.711    Disk 0 MBR scan

23:37:07.711    Disk 0 Windows 7 default MBR code

23:37:07.711    Disk 0 Partition 1 00     07      HPFS/NTFS NTFS       697093 MB offset 63

23:37:07.727    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS       256765 MB offset 1427664417

23:37:07.727    Disk 0 default boot code

23:37:11.003    Disk 0 scanning C:\Windows\system32\drivers

23:37:35.682    Service scanning

23:38:59.844    Modules scanning

23:38:59.844    Disk 0 trace - called modules:

23:39:00.063    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS

23:39:00.063    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800824a060]

23:39:00.078    3 CLASSPNP.SYS[fffff8800193f43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007e15680]

23:39:02.824    AVAST engine scan C:\Windows

23:39:05.850    AVAST engine scan C:\Windows\system32

23:45:36.196    AVAST engine scan C:\Windows\system32\drivers

23:45:56.898    AVAST engine scan C:\Users\Stefan

23:56:54.580    AVAST engine scan C:\ProgramData

23:58:07.682    Disk 0 statistics 4757276/0/18 @ 2,74 MB/s

23:58:07.682    Scan finished successfully

23:58:48.133    Disk 0 MBR has been saved successfully to "C:\MBR.dat"

23:58:48.133    The log file has been saved successfully to "C:\aswMBR.txt"

Is there still some infection or everything is clean? Could you answer me please?


Edited by Queen-Evie, 18 January 2016 - 10:10 AM.
moved from Am I Infected to Malware Removal Logs. aswMBR logs are allowed only in MRL forum


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:27 AM

Posted 18 January 2016 - 11:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The log is clean. If you want to check further please post these logs for my review.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Wait for further instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:27 AM

Posted 23 January 2016 - 09:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users