cant run mbrcheck.exe

hi all have had a serious of blue screen recently but this seems to be OK now after uninstalling last version of avast clean tool etc , now using ver 60 1125,also rootrepare makes system crash as well for you info can run mbrcheck in safe mode and if i use msconfig in minimall driver set etc, i don’t know if I’m being picky but i have enclosed mbam log and ots log and mbrcheck log safe mode one and one that hung. hope some one can help regards bazer

It appears that you may have some malware. I am going to refer you to our Certified Malware expert, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily.

Please do not make any further changes to your machine after you have provided the logs.

IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless Essexboy instructs you do to malware removal instructions; use a different machine to check email, sync your phone, etc. if possible.

Let me know if you have any questions. Thank you.

Edit: Essexboy has been notified.

Hi.

I reviewed the OTS log.
Shows no traces of active infection than possible infections that came via USB portable devices. We will check this later…

MBRCheck shows some irregularities. (read this as “possible rootkit” ) :slight_smile:

[*]Download TDSSKiller and save it to your Desktop.
[*]Unxip the folder (Right Click > Extract to your Desktop).
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
[*]If an infected file is detected, the default action will be Cure, click on
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the [b]C:[/b] directory.

Then download aswMBR to your desktop.

[*] Double click the aswMBR icon to run it.
[*] Vista and Windows 7 users right click the icon and choose “Run as administrator”.
[*] Click the Scan button to start scan.
[*] When it finishes, press the Save log button, save the logfile to your desktop and post its contents in your next reply.

Olso you may try to repare your system with SFC command:

  • Locate your Windows XP installation CD
  • Go to Start, then to Run, and type in “SFC.EXE /SCANNOW” (without the quotes - and with a space between the SFC.EXE and the /SCANNOW).
  • Press Enter.
  • The program may (or it may not) ask you for your Windows XP installation CD - please insert it at the prompt. If it doesn’t ask you for the CD this means that it wasn’t necessary to replace any files.
  • In the event the the system asks you for the CD, you must visit Windows Update immediately after the scan is completed (Please note that there won’t be any confirmation dialog - the program will just exit without telling you anything).

Info:
http://www.updatexp.com/scannow-sfc.html

Paste here TDSSKiller & aswMBR logs.

thanks for the reply here are tdds and aswmbr logs

Find TDSSKiller log on root C: and copy - paste log on forum.
Or…save your log in the ANSI format and then attach here log.

http://i1224.photobucket.com/albums/ee362/Essexboy3/Untitled.gif

Please re-run MBRCheck and attach here fresh log.

Also tell me did you run “sfc / scannow” ?

Tell me how is your computer running now?

did run sfc scanow and did reboot tried to run mbrcheck as before screen freezes mouse freezes so have to reboot i attach log of last attempted mbrcheck also attach otl log and tdds log , i have in the past ran combofix which found nothing , thanks again baz

Hi.

hi all have had a serious of blue screen recently but this seems to be OK now after uninstalling last version of avast clean tool etc

Do you still appears BSOD ?
BSOD can occur only because of faulty hardware or the driver.
Ordinary programs are not cause a BSODs.
You say you removed ( re-install ) the antivirus and the BSOD disappeared?

Then BSOD cause faulty hardware or that I was some malware installed a rootkit on the system (which again is one of the drivers). As I have recently seen not just as badly written malware that causes BSOD’s, I’d started from the fact that your hardware is defective.

Now…abaut your MBR. No traces of TDSS or MBR rootkit.
But you have non-standard MBR on other drive.
We can solve this ( replase standard Windows MBR ) but I doubt that this will solve your problem.

I recommend to you to test your machine,reset BIOS & CMOS.
Re-install Windows…or go to some Hardware Forum to Fix Windows & Computer.

This is a virus - related forum.

Fix MBR
If you deside to fixmbr then before you contionue I recommend to you to do backup.

Run MBRCheck.exe again in safe mode by double-clicking on it.

[*]Wait until you see the following line: Enter ‘Y’ and hit ENTER for more options, or ‘N’ to exit:
[*]Enter ‘Y’ and then press Enter.
[*]When asked: ‘Enter your choice:’, select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
[*]Now the program will ask: ‘Enter the physical disk number to fix (0-99, -1 to cancel)
[*]Enter 1 and press the Enter key.
[*]The program will show Available MBR codes followed by a list of operating systems as shown below:

Available MBR codes: [ 0] Default (Windows XP) [ 1] Windows XP [ 2] Windows Server 2003 [ 3] Windows Vista [ 4] Windows 2008 [ 5] Windows 7 [-1] Cancel Please select the MBR code to write to this drive:

[*]Please select your version of Windows from the list and enter the corresponding number and then press Enter.
( Enter 0 for DefaultMBR or 1 for Windows XP MBR )
[*]When prompted for confirmation: “Do you want to fix the MBR code?”. Type the full word Yes (not Y or the fix will not work) and press Enter.
[*]Left-click on the title bar (where program name and path is written).
[*]From the menu chose EditSelect All.
[*]Press the Enter key to copy selected text.
[*]Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
[*]When complete, you should see Done! Press ENTER to exit…. Press Enter on the keyboard.
[*]Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
[*]If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk
and a a little executable code for the boot start.
While fixing the Master Boot Record (MBR) is generally safe,
there is a small risk of damaging the MBR,
which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:

[]Invalid Partition Table
[
]Missing Operating System
[*]Error loading operating system

If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:
[]How to use the Recovery Console[]How to fix MBR in Windows XP and Vista

thanks for the reply, there has been no bsod for 2 weeks now since i unistalled avast, used clean tool etc and did a fresh install of latest version, in the general forum there has been quite a few threads on bsod with various build of xp and avast ask people to upload there mini dump file when this happens i didn’t i tried different memory reinstalled motherboard drivers etc and diplay driver and repaired windows install , what concerns me is that mbrcheck.exe, rootrepel, and the trend rootscan tool wont run in normal mode, also 2nd hd has no o.s. installed it is a external drive ,i also enclose 2 logs of processor explorer the first one will let mbrcheck run in normal with redused processor’s limited by msconfig by removing startup items intresting you cant stop avast the second 2 is all drivers loaded this then freezes when mbrcheck is run thanks baz

I wase see the process list in OTS logs…
: I dont have idea why some Anti Rootkit tools wont run bat there is no trace of malware.
( except some autorun.inf )
If you want we can do a scan with additional AntiRootkit tools

I doubt that we will find something…

there has been no bsod for 2 weeks now...

If your computer is working well, then why worries … :-\ :slight_smile:


If you wish ARK scan

Download the program [b] GMER from the link below to Desktop :
http://www2.gmer.net/download.php

Double-click run GMER .

[*] Wait until the scan is complete introduction - if you have any inquiry appears, click No ;

[*] Click Scan and wait until the scan is complete;
[*] Click Save … - save the report to Desktop (save as Gmer log1);

[*] Right click in the window GMER and choose Options> Only non MS files - click Scan ;
[*] after the short scan, click Save … - save the report to Desktop (save as Gmer log2);

[*] Click the >>> and choose Autostart tab;
[*] after the short scan, click copy ;

[*] open Notepad and it set the copied text - save the report to the Desktop (save as Gmer log3);[/ list]

Attach all three reports to the message by using the option Attach file .


Download AVZ Antiviral Toolkit from the following link:

http://devbuilds.kaspersky-labs.com/devbuilds/AVZ/avz4.zip

Extract the archive to a folder
[*] Run AVZ (double click on
http://amf.mycity.rs/pg/images/avz.png
icon);
[*] in the menu choose File> Standard Scripts ;
[*] in the window that opens check the 2 and click Execute Selected Scripts;
[*] Click Yes ;
[*] after the scan you will get a notice: Script Executed ;
[*] quit the program.

Upload file virusinfo_syscheck.zip contained in AVZ \ log folder on the forum.

here are gmer logs thanks baz

hi cant attach zip file for avz here is text vers thanks baz

@bazer

You just got full professional malware analysis and support.
With advanced diagnostic & removal tools and Gmer’s best AntiRootkit tools, there is no sign of malware activity.

Your system is clean.
You can remove the tools we use

[]Make sure you have an Internet Connection.
[
]Download OTC to your desktop and run it
[*]A list of tool components used in the Cleanup of malware will be downloaded.
[*]If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
[*]Click Yes to begin the Cleanup process and remove these components, including this application.
[*]You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

It is necessary to uninstall the AVZ Antiviral Toolkit .

[*] Run AVZ (double click on
http://amf.mycity.rs/pg/images/avz.png
icon);
[*] In the menu choose File> Standard Scripts ;
[*] In the window that opens check the 6 and click Execute Selected Scripts;
[*] Click Yes ;
[*] After the procedure you will receive notification: Script Executed ;
[*] Quit the program and delete the folder where the program is extracted.

that’s it …

thanks for your help , i have repaired this installing quite a few times , i have a new itb hd and will back my folders an start with a new system on a new hd a so cheap now from say 10 years ago,is windows 7 worth buying I’m told it inherently a more secure operating system , i was broadcast and switch engineer for 40 years how things have changed , thanks for your excellent help bazer