HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0

Viruses and worms
1

Hello. My computer runs on Windows 7 Ultimate 32-bit Operating System. My processor is an AMDA4-4020 with Radeon™HD Graphics. I have 2GB of installed RAM. The Windows 7 Ultimate has been recently installed cleanly and in the process of being updated. When I downloaded Avast! Free Antivirus 2015 and ran a full-system scan, it came up with the result that there was a virus.

http://i61.tinypic.com/2qlgac4.jpg

Once clicked on DETAILED REPORT, it would display this.

http://i61.tinypic.com/10776sj.jpg

I tried the prompts suggested but came up with the message “Error: This function is not supported on this system 120.”

I tried a boot-time scan. And it was able to detect some file corruptions but it didn’t come up with suggestions on how to deal with them. Once my computer has finished the scan ans reverted back to the normal display, a warning from Avast pops up prompting me to delete a suspicious item called MBR: \.\PHYSICALDRIVE0 infected with Hurri as the threat is supposedly HIGH. I repeated the boot-time scan using the prompt from Avast. It was able to detect the MBR but when presented with ten choices on how to deal with it… I tried pressing 5 for delete but it will come up with the reply (NOT COMPLETED) and present me with the same set of options again.
I can neither Move To Chest or choose to IGNORE or choose to FIX AUTOMATICALLY.
Once Windows 7 has loaded completely after the scan the same warning would pop up.
I’ve tried Malwarebytes and Malwarebytes AntiRootkit BETA. Malwarebytes couldn’t find the MBR. Malware AntiRootkit could detect it but after the scan says that I don’t need any CLEANUP. I’ve also tried GMER, and although it detected the MBR, it was not highlighted in RED and when I right click on it it offers no other choices except RESTORE.

My computer is behaving well. There has been no noticeable lag. My Windows Firewall is turned on, My Windows updates are installing well. All my programs load well too. I’m just really annoyed with the constant prompts from Avast ans I have no idea how severe this is.
As i have already invested a lot of time and effort doing the updates, I hope there’s a better solution to this other than a reformatting.

I hope someone can help?

2

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

PS: Your screenshots are unreadable.

3

Attached requested logs.
I’ve tried including a scan for rootkits with MBAM and the result was still 0.
I have tried aswMBR but half-way through the scan the program stopped working.
During the first can it was able to detect MBR infected with Hurri but as it has stopped working halfway through, I have no log.
The aswMBR log I attached here was from my second try and as you can see there are notifications for scan errors.

4

Try run aswMBR from safe mode

5

Was able to do a quick scan using aswMBR after rebooting my computer and here are my log results.
It also created an MBR.dat file.
What should I do next?
Also tried out Kaspersky tdsskiller.
results showed 0 after finishing scan.

6

Succeeded with second try of aswMBR after I restarted my computer.
attached are the log results.
MBR.dat file was also created.
What do I need to do next?

7

OK lets get a second opinion on this :slight_smile:

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

8

As requested, the scan results from TDSSKiller. results say 0 on all categories.
Attached also a NEW aswMBR log after a recent important update for Windows 7 on malicious software removal.
As you can see from the log, it has detected the MBR again.
My computer continues to run smoothly.
Applications react quick and perform well. Firewall is up.
Updates are installed on schedule.

http://i60.tinypic.com/28a55q0.jpg

9

On your desktop should be a file aswmbr.dat could you rename that to asmbr.txt and attach to your next post

10

Here you go.
This was originally the MBR.dat file that was generated after I scanned using aswMBR.
Renamed and attached as requested.

11

I am surprised that TDSSKiller did not remove this as it is an MBR infection
https://www.virustotal.com/en/file/a47702bb1c8bdeafe7c441b3f21bc45af6160b82d13c412cdcbad1e4bcfcbfb2/analysis/1444996676/

Run AswMBR again if the fix option is available then use that, if not let me know

12

Hello. I ran aswMBR again as suggested. Attached a screencap of the actual results on screen.
As you can see, the only option I have available to me is FIX MBR.
Do I go with that or it has to be just the FIX option?

http://i57.tinypic.com/33k3igz.jpg

13

OK we will now replace the MBR

Run AswMBR and press Fixmbr
Accept the warnings
A reboot should be done by AswMBR

When rebooted re-run AswMBR

14

Was finally able to apply the suggested actions. Attached is a screencap of the aswMBR scan and what it said after I clicked the FIX MBR. I received no prompt coming from aswMBR to reboot. So I restarted the computer on my own.

http://i57.tinypic.com/23h7osy.jpg

After the manual reboot, I ran aswMBR again and it detected MBR but this time there was no infection detected. I did a full scan using my Avast also and came up clear.

http://i59.tinypic.com/dzvuyq.jpg

Thank you so very much for the help!

15

An unusual one that as TDSSkiller normally kills them in an instant

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme :wink:

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave: