MBR TDL4

Recently my computer has been infect with a virus and rootkit.

I’ve run Malwarebytes, AdAware, SuperAntiSpyware and recently downloaded the free avast Antivirus.

It seems to have gotten rid of the virus. I can now go on the internet and there are no more redirect links or false anti-virus pop-ups. But I constantly get this warning from Avast that there’s a rootkit. I delete it and then reboot but it appears again.

I downloaded aswMBR and here’s the log,

12:31:22.359 OS Version: Windows 5.1.2600 Service Pack 3
12:31:22.359 Number of processors: 1 586 0x401
12:31:22.359 ComputerName:— UserName: —
12:31:22.656 Initialize success
12:31:36.125 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP1T0L0-e
12:31:36.125 Disk 0 Vendor: SAMSUNG_HD040GJ WY100-33 Size: 38146MB BusType: 3
12:31:38.156 Disk 0 MBR read successfully
12:31:38.156 Disk 0 MBR scan
12:31:38.156 Disk 0 TDL4@MBR code has been found
12:31:38.156 Disk 0 MBR [TDL4] ROOTKIT
12:31:38.156 Disk 0 scanning C:\WINDOWS\system32\drivers
12:31:41.765 Service scanning
12:31:43.125 Disk 0 trace - called modules:
12:31:43.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
12:31:43.156 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x86737030]
12:31:43.156 3 CLASSPNP.SYS[f7652fd7] → nt!IofCallDriver → \Device\Ide\IdeDeviceP1T0L0-e[0x86793b00]
12:31:43.156 Scan finished successfully
12:33:02.218 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\lore\My Documents\MBR.dat”
12:33:02.218 The log file has been saved successfully to “C:\Documents and Settings\lore\My Documents\aswMBR.txt”

For some reason the “Fix” button is grey and I can’t click on it. What should I do?

Hi

[*] Double click the aswMBR icon to run it. Vista and Windows 7 users right click the icon and choose “Run as administrator”.
[*] Click the Scan button to start scan.
[*] When scan finishes, press the Fix Button.
[*] Once the Fix is done, press the Save Log button and save the log to your desktop.
[*] You need to reboot your computer when its done before you do anything else, then post the log that will be on your desktop.

edit:

I just now read this ;D

For some reason the "Fix" button is grey and I can't click on it. What should I do?

Delete old tool and download fresh aswMBR from here
http://public.avast.com/~gmerek/aswMBR.exe

just downloaded the fresh version, scanned and the fix button is still greyed out ???

Ok…

Download TDSSKiller to your Desktop.
Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don’t Change These Settings:
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now
To view the report:
Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

Reboot Windows then again run aswMBR ( Scan >> Save log ) paste here TDSSKiller & aswMBR logs

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:
     1. DDS.txt
     2. Attach.txt

Save both reports to your desktop. Attach DDS.txt back to topic.