aswMBR says 'unknown MBR code' should I worry ?

Is this a problem ? I have attached the log.

Thanks

UPDATE by the way all scans (Avast and MBAM) are all clean

No.

Is it a bug, making it display that message?

Just a guess, possibly a non windows boot manager.
I have grub4dos as a boot manager and I get that “unknown mbr code” message.

Probably modified master boot record code.

Whist it could be related to a different boot manager, I don’t know if that would also change the MBR.

However, your aswMBR.txt content is almost identical to another were the Aluron rootkit has been confirmed and if correct you are going to need investigate further and if confirmed help to remove it.

See this topic, the one starting on page 2 for drankinboy http://forum.avast.com/index.php?topic=77998.msg645836#msg645836.

Whilst essexboy won’t be back on the forums until this evening (UK time), you could run the OTS tool and post the log so he has something else to work with.

Why was it that you ran aswMBR in the first place ?

A while back I had several viruses including rootkit. Essexboy helped me through those issues. Lately my pc just seemed to be very slow from time to time and aswMBR seemed a simple non-invasive way to check my MBR. Last time I used a varitey of tools including ComboFix under direction of EB.

I see a few posts with the same ‘unknown MBR code’ message so I suspect I am OK.

Thanks

Is your system a Dell ?

Yes

OK Dell have a unique MBR that allows you to access the recovery partition, if the MBR is replaced by a standard file then you will lose access to the recovery partition and it is a pain to restore it ;D

Thanks! one of these days i might have to breakdown and get a new laptop anyway. For now all is well and i will save me pennies.

That is very interesting.

I guess if a DELL gets an MBR Rootkit they are stuffed for doing a factory restore, as they won’t be able to get the custom MBR back (or can they). So no access to the modified/unique MBR if a fixMBR replaces it with a clean standard MBR ?

Correct we give them the option of no access to the recovery partition for a while - or continued MBR infection - that does focus their mind somewhat

So presumably this is a fix the problem first, e.g. remove the MBR rootkit setting a standard MBR and at a later point try to change the MBR to the Dell unique one if possible.

Aye - it is possible to revert but it does require some fiddling with the system to download and install the MBR. The only other alternative is a full factory restore

I also get that “unknown MBR code”, when i scan with MBRCheck.exe. I have Windows 7 and HP desktop PC. Can that be i.e. when making changes to msconfig boot options, like disabling GUI boot?

HP still have a bespoke MBR even for windows 7 - so 'tis not a problem

Ok. Thanks! I think 64bit systems are pretty safe from rootkits?

64 bit is less prone but not immune ;D