I am having a frustrating time trying to remove a rootkit. it is a MBR:physicaldrive0\partition4
I have run several programs ony two have found it avg2013 and Avast. both try to remove but are unable. I also get a “URL blocked” message popping up from avast approx every 3-5min I also get redirected in internet explorer and google. I have attached a jpg message that i get from avast. it all started from a fake windows program that said “my computer is infected click here” unfortunatly my wife did
please help.
Hi and welcome to the Forum.
Let’s ask Essexboy, our Malware Expert to have a look inside.
Please follow this guide and attach (not copy and paste ) the requested logs. http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR
Because of the time zone difference please be patient until morning.
Thank you
I have follows this guide in the link I will attach the logs. the only one I cant run is aswMBR i am able to download it but when I try to run the program it does nothing i have even tried renaming it
I can not attach my OTL log, it is to large it is 225kb and the max individual log size is 200kb
I am able to attach the extras log
I have seperated my OTL file in 2, I have attached it as OTLpart1, I will have to post again with OTLpart2
now part 2
I do understand I will have to wait because of the time difference, I will be very happy tho once my computer is cleaned.
I have always been able to delete any virus or malware I have gotten or that my freinds have gotten (which is few), this one has me aggitated because I cannot remove it. by all means I am not a computer expert.
I am unable to run aswMBR, I have tried safe mode and also tried running rkill before aswMBR with no luck. I have downloaded the program but when I run it nothing happens
If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software or deliver malware. For an example of these types of pop-ups, or Foistware, you should read this article: http://www.bleepingcomputer.com/forums/topic31797.html
If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.ignore it .....when it happens every 3-5 minutes ::)
there is a rootkit infection here…
The popup is from avast! (See the screenshot)
The popups happen even when Internet explore or Google Chrome are closed
Please ignore true indian’s advice.
Malware removers are notified: it may take hours before on arrive so be patient…
I will thanks it is 12:00am here I will be heading to bed I have to get up at 5:00am, but will check in a little later
Hi there do you have a spare USB drive ?
Download the following three programmes to your desktop :
Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot
http://dl.dropbox.com/u/73555776/wintoboot.JPG
Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It
You will see it progressing
http://dl.dropbox.com/u/73555776/usb%20progress.JPG
It will let you know when it is done
Then copy Listparts64 to the same USB
http://dl.dropbox.com/u/73555776/frstwintoboot.JPG
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here
When you reboot you will see this, although yours will state windows 7.
Click repair my computer
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg
Select your operating system
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg
Select Command prompt
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\listparts64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (result.txt) on the flash drive. Please copy and paste it to your reply.
Thank you for helping
you mention I need to download LISTPARt64 but your screen shows FRST64 please confirm
I have followed the directions up to restating the computer with a usb drive. It will not let me continue. I will attach pics of the screens
I do not get to the windows screen that you show. I have tried the different options it gives me but with no luck of finding the file I need. If. Have tried both listparts64 and frst64
Yes it is listparts that we require, FRST is a similar programme but mainly for none booting computers
On the second screenshot select the recovery tools option at the top then click next
When I click next, attached image is what I get