Help interpret Rootkit logs

system · July 10, 2012, 4:35pm

I have run various AV and rootkit scans using tools I found on BleepingComputer.com

A number of rootkits have already automatically been removed but it appears that some still remain, for example, the GMER log suggests that I am infected with “malicious Win32:MBRoot”, etc…

Your assistance in interpreting the logs and fixing the rootkits is greatly appreciated!

Regards

Ray

-edit-
The characters in the above logs don’t display properly when uploaded for some reason so I’ve added them to a RAR archive (some logs are too large to attach):
http://www.joeygalaxy.com/avlogs/logs.rar

essexboy · July 10, 2012, 5:20pm

Did you run GMER before or after TDSSKiller ?

system · July 10, 2012, 6:08pm

Tools already used (in order from first to last):
tdsskiller
AVG AV scan
prevx webroot secureanywhere (Didn’t save log)
rootkitrevealer
MBAM
unhackme regrun (Removed a lot of infections with this)
icesword120
SpyBHORemover (Didn’t save log, recall removing a couple of BHOs)
OTL
FSS
RogueKiller
GMER
RootRepeal
AVG rootkit scan

New tools used since last post:
SpyDLLRemover log: http://www.joeygalaxy.com/avlogs/SpyDllRemover.html
aswMBR => Scan just finished, log is attached

Tools yet to be used:
Sophos Virus Removal Tool
Dr.Web CureIt!
ComboFix

Awaiting your instruction before I proceed further

Massive thanks for your precious time!

essexboy · July 10, 2012, 6:22pm

Disk 0 malicious Win32:MBRoot code @ sector 625121283 !

With the old sinowal bootkits they left a copy of the files on a high sector of the disc. They are totally inert there and are of no consequence.. However, the only way to remove it is to format the drive. Which is not really needed

system · July 10, 2012, 6:30pm

Great So is it safe to assume I am clean or not yet?

essexboy · July 10, 2012, 6:33pm

Well the only thing left to throw at it is the kitchen sink ;D ;D

Help interpret Rootkit logs

Announcements