system
1
Hi everyone!
Avast detected that I have malware in my laptop.
Since last week my computer shut itself off without warning!
Is it safe to delete MBR:\.\PHSYICALDRIVE0 ?
Thanks,
Jared
Pondus
2
Is it safe to delete MBR:\\.\PHSYICALDRIVE0 ?
nope..... ;D
*Download aswMBR and save it to your desktop http://public.avast.com/~gmerek/aswMBR.exe
*Double click the aswMBR icon to run it
*click the scan button
*click save log and post it here in your next reply
system
3
Here’s the Log. Thanks
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-02 09:03:04
09:03:04.703 OS Version: Windows 5.1.2600 Service Pack 3
09:03:04.703 Number of processors: 2 586 0x170A
09:03:04.703 ComputerName: SHAYNE-5C5D0391 UserName: Administrator
09:03:05.312 Initialize success
09:03:21.031 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP1T0L0-e
09:03:21.031 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 3
09:03:21.031 Disk 0 MBR read error
09:03:21.031 Disk 0 MBR scan
09:03:21.031 MBR BIOS signature not found 0
09:03:21.031 Disk 0 scanning sectors +488376000
09:03:21.046 Disk 0 scanning C:\WINDOWS\system32\drivers
09:03:26.656 Service scanning
09:03:27.937 Disk 0 trace - called modules:
09:03:27.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88255aed]<<
09:03:27.937 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x8abfaab8]
09:03:27.937 3 CLASSPNP.SYS[ba108fd7] → nt!IofCallDriver → \Device\Ide\IdeDeviceP1T0L0-e[0x8acbad98]
09:03:27.937 Scan finished successfully
system
4
Hello Pondus,
I have posted the logs after running aswMBR.
The avast notification keeps on popping up everytime I open my laptop.
What should I do now?
Thanks,
Jared30
system
5
Hello-
I need your help on how to get rid of this MBR:\.\PHSYICALDRIVE0 please… :-\ :-\ :-
Thanks,
Jared30
Download TDSSKiller from here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Run the TDSSKiller.exe file;
Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed.
Post the log please.
system
7
Thanks Left123,
I have downloaded it and I see here
Malicious objects
backdoor.win32.sinowal.knf option Cure
Suspicious objects
locked file option Skip
then click Continue?
system
8
Hi Left123,
After I clicked on “Reboot” the computer didn’t restart and I didn’t see any logs. Will it pop up automatically after disinfection completed? I just clicked on Report,not sure if this is the log you’re looking for
2011/04/09 07:40:11.0390 3352 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/09 07:40:11.0671 3352 ================================================================================
2011/04/09 07:40:11.0671 3352 SystemInfo:
2011/04/09 07:40:11.0671 3352
2011/04/09 07:40:11.0671 3352 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/09 07:40:11.0671 3352 Product type: Workstation
2011/04/09 07:40:11.0671 3352 ComputerName: SHAYNE
2011/04/09 07:40:11.0671 3352 UserName: Administrator
2011/04/09 07:40:11.0671 3352 Windows directory: C:\WINDOWS
2011/04/09 07:40:11.0671 3352 System windows directory: C:\WINDOWS
2011/04/09 07:40:11.0671 3352 Processor architecture: Intel x86
2011/04/09 07:40:11.0671 3352 Number of processors: 2
2011/04/09 07:40:11.0671 3352 Page size: 0x1000
2011/04/09 07:40:11.0671 3352 Boot type: Normal boot
2011/04/09 07:40:11.0671 3352 ================================================================================
2011/04/09 07:40:13.0390 3352 Initialize success
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
If a suspicious file is detected, the default action will be Skip, click on Continue.If an infected file is detected, the default action will be Cure, click on Continue.
system
10
Hi Left 123,
I have posted the report. Please see above log.
Thanks so much for helping. I’m not getting any pop ups that my pc is infected or something.
Thanks again 
system
11
Did u installed previous of the infection some backup programm?
system
12
I’m sorry but I’m can’t understand this. Are you asking me if I install something or if I backup something?
system
13
If u installed some program … like a backup program or something ?
system
14
I only installed TDSSKiller. That’s what Left123 told me to install to get rid of the malware.
system
15
TDSSKiller does not have an installer.