Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a MBR root kit infection in windows 8.1 Pro w media center


  • This topic is locked This topic is locked
6 replies to this topic

#1 ihopesomeonecanhelp

ihopesomeonecanhelp

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 07 December 2016 - 10:28 PM

I ran Avast aswMBR, GMER and MBRcheck. They indicate a root kit infection

I am not expert enough to lick this one on my own

I spent 4 days and one night trying. Then gave up and reinstalled the operating system thinking I was finally free of it

Instead I find it's here again. Can someone help me?

I have 5 computers in a home network. 2 run unix: a website server and an old computer set up as a firewall. Two computers are brand new windows ten computers.

One of the windows ten computers crashed. Root file corruption after being hooked up one day. I plan to restore it from an image The other new windows 10 computer I'm not sure about. I posted a couple photos of scans

The computer I am positive is still infected is a windows 8.1 Pro with media center

Can a knowledgeable person(s) please help me recover?

I'm in NYC time in Maryland

Thank you

Ed

Here are photos of my scans tonight

 

Mod Edit

Topic moved from Windows 8 to Malware logs as I feel this member needs more help than the Am I Infected section can provide.

 

NickAu

Attached Files


Edited by NickAu, 07 December 2016 - 11:22 PM.
Add Mod edit


BC AdBot (Login to Remove)

 


#2 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 07 December 2016 - 10:53 PM

And you formated your HDD how ?



#3 ihopesomeonecanhelp

ihopesomeonecanhelp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 07 December 2016 - 11:33 PM

I did not format it.

#4 ihopesomeonecanhelp

ihopesomeonecanhelp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 08 December 2016 - 07:49 AM

Are there any experts who can interpret the scan photos ?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 PM

Posted 08 December 2016 - 11:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
aswMBRScan.gif
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
  • There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Wait for further instructions.

    Let me know what problems you are experiencing with this 8.1 computer.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 PM

Posted 14 December 2016 - 09:58 AM

Are you still with me?

#7 ihopesomeonecanhelp

ihopesomeonecanhelp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 14 December 2016 - 10:17 AM

Hi NASDAQ !

I just saw this. Thanks for your reply . I bit the bullet, and re-installed Windows from scratch. I think I'm free of it now. Hope so anyway!

Thank you for offering to help!

All the best of the holidays to you and all the really amazingly skilled and helpful people at Bleeping Computer !

Ed

Edited by ihopesomeonecanhelp, 14 December 2016 - 10:19 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users