detected MBR:\\.\PHYSICALDRIVE1 Threat Rootkit: hidden boot-sector

avast has detected this rootkit: MBR:\.\PHYSICALDRIVE1 Threat Rootkit: hidden boot-sector, I’ve tried to fix it vira aswMBR, but it doesn’t work and it’s still there also after reboot.
Edit: It shows after clean install of Windows 7 Ultimate, when I installed avast!

Try Kaspersky TDSSKiller You may have to download it to another PC and rename it, then run it on the infected box from a USB drive. If it’s blocked or gets deleted when you open the drive or try to run it, you’ll have to either connect the infected drive to a clean PC or boot the infected PC from another drive.

I keep a bare bones second install of Windows on another drive just for such cases. I had to use it to run TDSSKiller to remove a rootkit I got hit with in a drive-by.

Rootkit.win32.tdss.tdl4 found, what I have to select to remove it, skip, copy to quarantine, cure or restore?

Did you press the fix button on ASWMbr ?

With TDSSKiller select cure

No, there was only fixMBR possible to press.

Problem fixed with TDSSKiller, thanks very much for very fast response! 8)

On your computer should be a file called C:\Users\Luke\Documents\MBR.dat could you locate this with the virus chest and upload to Avast please

Open the Avast GUI
Select Maintenance
Select Virus chest
Right click anywhere in the white space
Click add
Navigate to C:\Users\Luke\Documents\MBR.dat
Select that file and add to the chest
From the chest right click the file and select send to virus labs
Fill in the short form and next time you update it will go to Avast for further analysis

Yeah for sure, sent :slight_smile:

Thankee it will allow GMER to update the programme