Fake anti-spyware blocked my PC! Help!

Every time I log on Avast scans and finds 2 Rootkit attacks which are impossible to remove: C:\Windows\System32\sychost.exe and MBR:\…PHYSICALDRIVE0. The PC is very slow, quickly heats up, and CPU usage almost always 100%. I need my PC for work. I would appreciate if anyone out there could help. Thanks.

Hi…

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:
     1. DDS.txt
     2. Attach.txt

Save both reports to your desktop. Attach DDS.txt back to topic.

the problem is your master boot record. You should boot from the windows 7 Cd and choose “Repair your computer” option. Then, “System Recovery Options” window appears, click “next” and choose “Command Prompt”.
A black window appears, type bootrec /fixboot
Then enter
That is complete

@ANHTHU5991
Again. Such things cannot be fixed very easily with windows rescue disc. Because the user should first of all use windows 7(As you have stated - but does he use windows 7?), even after fixing the the mbr, there might still be a infection lurking and hence advanced removal is required. Probably redirecting the user to a malware helper like essexboy would help, I have done that.

i have problem with my computer when my antivirus software detects virus in mbr. I tried fixmbr, and it works. If people don’t use win 7, they can try fixing mbr with windows xp. Antivirus software is not always detects a real virus

No need, imo.
The OP didn’t answer at all. :wink:

yeah, you’re right :). But I wanted ANHTHU5991 to know that redirecting to a expert would be a better option in case of rootkit infections. :wink:

Ah, ok. :slight_smile:

ok. Thanks for you opinion, anyway :slight_smile:

First,You must remove the bootkit/rootkit and then try to fix your MBR.Otherwise the virus will continue infect the mbr in every restart.

If you have a TDL4 infection and run fixmbr - you may not be able to boot again

Ye agree,i’ve seen that happenning couple of times.