Hi guys the fix button is for TDL4 infections only and the fixmbr is for mebroot and sinowal infections, they both take different routines to to run. So if the fix button is available then there is a TDL4 infection. If only the fixmbr button is available and it is showing mebroot/sinowal then run fixmbr - unless the system is a dell (they have a special MBR to account for the recovery partition)
Tell me the computer state.
Hello.
EDIT: I’ve stopped getting the pop-up and a restart didn’t change that, so maybe it was just Windows or one of my programs goofing around. I’ll post again if anything should happen.
I recently upgraded my computer and got a new operating system to go with it. One of the first things I did after getting it all set up was to install Avast! and it picked up MBR: \.\PHYSICALDRIVE1 pretty much right off the bat. So after having Avast remove it and do a boot time scan and that not fixing it, I googled it and found this thread. I have followed the instructions posted with the exception of running DDS.scr and I ran awsMBR AFTER using TDSSKiller.
I ran TDSSKiller again after rebooting and it found nothing. Avast has also not popped up saying it found anything but now every couple of seconds I’m getting a pop-up from Windows that says “You are about to view pages over a secure connection. Any information you exchange with this site cannot be viewed by anyone else on the web.”. Clicking More Info reveals that this is coming from Internet Explorer which I am not trying to use. IE doesn’t start up when I click OK and it doesn’t appear to be running in the background.
I’ll attach awsMBR.txt, ComboFix.txt and the first TDSSKiller log.
Remember, awsMBR.txt is newer than ComboFix and TDSSKiller.
Hi Guys,
I’ve been away for a bit hence the delay. Thanks for your help so far.
I’ve read the latest replies and I’m a little confused.
The issue I had to start with and the reason I adopted Avast and the reason I posted my initial query doesn’t occur any more. I was getting a request for credit card data when logging into Paypal but no more.
I got confused when asked to run aswMBR and the fix button wasn’t available. The Fix MBR is available but I wasn’t asked to press that one. I did press it but the confirmation box said some scary things so I didn’t go ahead and wouldn’t have without direction from here.
If you guys think I should run something to confirm Sinowal is gone, then I’m up for that.
thanks and regards,
Stephen