I did a full scan on my computer and found some threats on it. However, there is a threat that Avast cant remove. It’s named MBR:Backroot-G[RTK] and it seems that it infected my MBR0. How can i remove it and what can I do? I’m scared! Please help! :‘( :’(
I did a full scan on my computerNormal full scan or boot time scan?
What is name of detected file and location path to file?
Screenshots is a big help
Looks like your MBR is infected. It’s really bad. Try following this guide to fix it:
https://neosmart.net/wiki/fix-mbr/#Fix_the_MBR_in_Windows_10
An older issue :
https://www.bleepingcomputer.com/forums/t/689359/infected-with-mbrbackroot-g-rtk-rootkit-infection/
You can try and download TDSSkiller from kaspersky website
Doubleclick on TDSSKiller.exe to run the application.
Then click on Start Scan.
Or run a scan with Malwarebytes free
Here’s the screenshot of the scan result. I’m new to using this forum so I don’t really know how to use the insert image thingy. I decided to put the pic in the attachment section instead. Please help!
This guide “https://neosmart.net/wiki/fix-mbr/#Fix_the_MBR_in_Windows_10” doesn’t help sadly. I think I lost my window installation disk. Is there any other solution to this?
Is the TDSSkiller safe to use? I don’t want to get another malware from trying to remove a malware, please help!
@ LeNoob
I would suggest trying to run an Avast Boot Time Scan as mentioned by Pondus in Reply #1
How do I run a boot time scan?
As suggested by DavidR, Follow the direction posted by Pondus (Reply #1)
Open UI and chose Protection and then Virus Scans.
Select Boot-Time Scan
This is LeNoob after doing a boot time scan 3 times. The results shows that there are no infected files which is good. However, at the same time, the antivirus said that the antivirus can’t scan all of the files and suggest me to scan again. I did boot time scan 3 times and the antivirus still said that the scan was unable to scan all of the files. What now? Please help!
Hi,
For unscanned items, you can find out more with the logs and find out if it is related to your detection or if it is simply protected archives (which often happens with avast boot time scan)
https://forum.avast.com/index.php?topic=256083.msg1594869#msg1594869
Files that can not be scanned see avast blog > https://blog.avast.com/2014/02/28/how-do-i-handle-files-that-avast-cant-scan/
I rerun the boot time scan and finds out the there are some files that avast cannot scan is a decompression bomb and some of them are corrupted. Should I just ignore those? Also, the MBR:Backboot-G[RTK] is still there, what can I do to remove it?
Run a scan with TDSSkiller !
https://support.kaspersky.com/5350
https://usa.kaspersky.com/downloads/tdsskiller
Is tdsskiller safe to use? I’m pretty worried about it.
If you need help from somone that know what they do, i can recomend Malwarebytes forum
https://forums.malwarebytes.com/
Instructions https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/
Yes, it is safe.
Thank you everyone! After running the TDSSkiller and performing some reboots, the virus is gone! Thank you for your help!
Glad you got it sorted.