file name :disk 0 Master Boot Record . status : Threat:Whistler

Hello.
My name is alexandros and here are the avast informations threat.
when i do the full scan it says:

file name :disk 0 Master Boot Record .
Severity: high
status : Threat:Whistler-B@mbr [Rtk]

  and one time find:

file name MRB:\.\PHYSICALDRIVE0
saverity high
status threat:Rootkit:hidden boot-sector

my PC does not have (almost) any problem… exept some erros like that:

to window defender command line ulitity has a problem and need to get close
more informations szAppName:MpCmdRun.exe szAppVer:1.1.1593.0 szModName: ntdll.dll
SzModVer:5.1.2600.2180 offset:00018fea
morew informations c:\DOCUME~1/alekos\LOCALS~1\Temp\WER8088.dir00\MpCRun.exe.mdmp
C:\DOCUME~1/alekos\LOCALS~1\Temp\WER8088.dir00\appcpmpat.tx
but this erros my pc saws only 2-3 times!

the main problem is that , i conect my PC on the internet but
after a few minutes i am disconected! if i restart my PC i can be
conected to the internet again… but after a few minutes is disconected again.
how can fix it…? in a full scan i can not apply any action.
and in a boot time it just say that mbr 0 is infected.
can i fixed that without a format?
have XP windows. i really don’t have a lot of excepirience with PC because
i did not really need to do something like that again.
( i am new here. i use 3 years the avast and i did not even know that
this forum exist i hope that when some one respond i 'll be informed
via e-mail. PLEASE try to help my with as easy english as possible,
as you can see my english are not very good. you can also find me in fb as : alex antono .)
thanks for your time!

welcome to the forum.

i think there is no problem with your english.

i suggest you do a boot scan with avast. and if avast finds any threats during the scan get avast the order to send them to the chest.

http://www.schmahl.net/avastbootscan.php - link to instruction how to make a boot scan.

second download, install, scan with malwarebyte antimalware, don’t forget to update its database before you do a scan.

http://filehippo.com/download_malwarebytes_anti_malware/ - link to malwarebytes.

if you still having problem after this two scans, i suggest you do a scan with hijack this and post the result here.

http://filehippo.com/download_hijackthis/- link to hijack this.

good luck and let us know on the progress or if you need more support.

I would also recommend a run with ASWMbr

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

http://i1224.photobucket.com/albums/ee362/Essexboy3/ASWMbr1.gif

Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/ASWMbr2.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

i did the boot scan , i scan with malwarebyte , and there was no result!
With the hijacks i dodn’t know what i must “fix” :S
i aslo try and tehe aswMBR . i scan my pc and the picture below shows
the results!

http://file:///C:/Documents%20and%20Settings/alekos/%CE%95%CF%80%CE%B9%CF%86%CE%AC%CE%BD%CE%B5%CE%B9%CE%B1%20%CE%B5%CF%81%CE%B3%CE%B1%CF%83%CE%AF%CE%B1%CF%82/scan.JPG

shit :slight_smile: i don’t know how to input an image! hahahaha :S

How to post an image:
How to attach a Picture or File on the forum:
http://forum.avast.com/index.php?topic=8982.0

New piccies I have just revamped the instruction to take account of additional options

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrscan.gif

Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrsavelog.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

Geia sou file,o whistler einai ena bootkit mpwreis na matheis perissotera edw : http://blog.novirusthanks.org/2010/02/whistler-bootkit-a-new-powerful-windows-bootkit/
Efoson o essexboy einai edw min anisixeis ;D.
He is from greece so i gave him some info about whistler+that he doesn’t need to worry since essexboy has joined the topic.
Regards

euxaristw gia thn pliforia filos! :wink:
here is the result in the aswMBR

Mpwreis na me kaneis add facebook kai na mou les ta problimata sou opote 8es add : MeKakao Filippao

euxaristw filos alla den se vriskei!

That shows no indication of whistler

Please read carefully and follow these steps.

[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

i download it and i did step step what you say… after the scan didn’t say about the rebut
it was a message which i include as the first picture with… i pick the “no” option
an then it saws the mesagge about rebut which is in the second picture! now i am going to
reboot! i don’t know what to expect! :S i am p…ssy :stuck_out_tongue:

after the reboot i run again the tdds and i did not pick the start scan but the report
an txt open with this infos :

2011/03/17 03:36:31.0000 0748 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/17 03:36:31.0468 0748 ================================================================================
2011/03/17 03:36:31.0468 0748 SystemInfo:
2011/03/17 03:36:31.0468 0748
2011/03/17 03:36:31.0468 0748 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/17 03:36:31.0468 0748 Product type: Workstation
2011/03/17 03:36:31.0468 0748 ComputerName: USER-BBC07F4DC3
2011/03/17 03:36:31.0468 0748 UserName: alekos
2011/03/17 03:36:31.0468 0748 Windows directory: C:\WINDOWS
2011/03/17 03:36:31.0468 0748 System windows directory: C:\WINDOWS
2011/03/17 03:36:31.0468 0748 Processor architecture: Intel x86
2011/03/17 03:36:31.0468 0748 Number of processors: 2
2011/03/17 03:36:31.0468 0748 Page size: 0x1000
2011/03/17 03:36:31.0468 0748 Boot type: Normal boot
2011/03/17 03:36:31.0468 0748 ================================================================================
2011/03/17 03:36:35.0906 0748 Initialize success

On your desktop will be a file called MBR.dat could you add that to the virus chest and then upload to the virus lab - for comments put in undetected MBR infection

To add to the virus chest :

Open Avast and select Maintenance > Virus chest
Right click in the white area to the right and select Add
Browse to MBR.dat and select
Once it is in the chest right click the file and select Send to Virus labs

Is Avast still alerting ?

after the last action wih was the tdds i did a full scan and there was no virus!
also there is no MBR.dat in the whole pc :confused: and in the virus chest there is no virus. :slight_smile:
i am doing now an new scan with the avast an until now there is no infected files
:slight_smile: :S what happend? i couldn’t delete or fix the infected file and there isn’t
either to the chest :S and avast didn’t find any infected file… is this good…
i suppose yes but… i will scan my pc in a boottime and i will inform you!
thanx for your time!

this is the avast scan logs

Intriguing as when you ran aswMBR and saved the log it should have dumped a copy on your desktop

But is all good now ?

:S i don’t know why this is not… maybe there is no copy because when i run the tdds
i was already erase the aswMBR.exe . you have told me to download te aswMBR but because
i didn’t see any progress with hijacks , malwarebyte etc i erase the aswMBR.exe…
i really don’t want to have programms i don’t use and i thought that it is not usefull anymore :S
do you want to donwload it again and run it? it’s easy, do you want to copy paste the
results? but as you can see in the avaste image wich i have already cpoy paste
the avast did find an threat :S

No if no threat is found it is not a problem