Avast found something called "whistler@mbr [Rtk]
Google search says it is “Black Internet” and causes pop ups and sound to turn off and junk like that, though I never had any of those things happen.

Anyway, Avast didn’t say it could deleted it or anything(Action and Result were blank), but when I did a second boot-time scan it didn’t pick it up. So is it gone?

PS: Saw this when turning my puter’ off and, maybe its nothing but. I can’t read Chinese so?

http://i201.photobucket.com/albums/aa52/lolercoptor/wat-3.png

Anyway, Avast didn't say it could deleted it or anything(Action and Result were blank), but when I did a second boot-time scan it didn't pick it up. So is it gone?

No, where would I find that?

open avast > maintenance (lower left )> virus chest

There is “A0048368.exe” and “WDUMP.exe” in there.

does the time and date match the incident you mentioned above ?

Nope.

i will ask Essexboy to have a look when he arrives

check your computer for malware with this
run a quick scan and post the log

Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
always update the program so you have lates database before you scan
click the remove selected button to quarantine any infections found

Hi lets get rid of it for you

Please download MBRCheck.exe to your desktop.

[]Be sure to disable your security programs
[]Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
[*]A window similar to this should open on your desktop:

http://i677.photobucket.com/albums/vv132/RPMcMurphy_album_photos/mbrcheck.png

[*]If you are prompted with options, enter N at the prompt and press [i]Enter[/i]
[*]Press [i]Enter[/i] again
[*]A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

.

THEN

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in

[b]netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT

[/b]

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach all logs to your next reply

Ok, if you see “******” I was just covering up my name.

Could I have the mbrcheck log as that is the most important one

Added.

Confirmed whistler

[*]Run MBRCheck.exe
[*]Wait until you see the following line: Enter ‘Y’ and hit ENTER for more options, or ‘N’ to exit:
[*]Please push the ‘Y’ key and then press Enter
[*]When program ask you Enter your choice: enter 2 and press the Enter key
[*]Now the program will ask you “Enter the physical disk number to fix (0-99, -1 to cancel):”
[*]Enter 0 and press the Enter key.
[*]The program will show Available MBR codes:, followed by a list of operating systems. Please enter [ 1] Windows XP, and then press Enter.
[*]The program will prompt for confirmation. Type YES and press Enter (Must type the full word, YES). You will be informed if successfully wrote a new MBR code!
[]A text file will be saved to your desktop
[]Paste that report into your next post
[*]Restart your PC.

Here you go.

What problems now remain ?

Well MBRchecker still says I have it so I dunno.

If I backup my stuff to a second partition, and format the windows installed one?
Will it like copy itself to my other partition too?

MBRCheck fixed the MBR - see the bolded part at the bottom. If you want confirmation then re-run MBRcheck as per the initial run

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

\.\C: → \.\PhysicalDrive0 at offset 0x0000000000007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002e031b3200 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500KS-00MJB0, Rev: 02.01C03

  Size  Device Name          MBR Status

232 GB  \\.\PhysicalDrive0   Known-bad MBR code detected (Whistler / Black Internet)!
        SHA1: 55D22FACFA0250F2B3D94EC565072522D6388C82

Found non-standard or infected MBR.
Enter ‘Y’ and hit ENTER for more options, or ‘N’ to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type ‘YES’ and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix
Done!.

Yeah I rebooted but when I run MBRchecker it still says it found bad MBR/black internet.

OK new tool time, I gues it was only time before they circumvented that programme

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

http://i1224.photobucket.com/albums/ee362/Essexboy3/avpfront.jpg

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users[i]your name[/i]\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

http://i1224.photobucket.com/albums/ee362/Essexboy3/avpmanual.jpg

Here it is, only took 3 hours.