Got my fiances laptop pc back from my Mom and wow she loaded it with viruses!!! I ran it and found
Sinowal-IK trojans along with a bunch of others. All deleted successfully.

Then went on to do a boot scan and found 2 MBRoot-J trojans found.

Now I went to try to delete them but there was a sharing conflict on each attempt. Sames goes with trying to send them to the virus box. So went ahead and select do nothing.

After booting up I went to the log file and and two threats found on the boot up.
File location: Disk 0 Master Boot Record Threat: Win32:MBRoot-J [trj]
File location: C:\hiberfil.sys Threat: Win32:MBRoot-J [trj]

I found it weird that Avast only allowed me to select the second threat to be deleted and I could do nothing to the first. I went ahead and selected delete and listed the action to be postponed till next reboot. I did another boot scan and this time only the first threat was listed with the second being gone. Computer boots up 100 times faster now though!

What I’m wondering is in the boot scan log file it still lists the Disk 0 Master Boot as being infected but there’s no option to do anything with it still. It seems it can’t be touched.
The one that was deleted was in C:\hiberfil.sys
So it is still there or not? Seeems to have been removed judging by the drastic change in boot performance now. Thanks for any help!

wecome to the forum. i suggest you do a scan with malwarebytes antimalware as a second opition.

http://www.filehippo.com/download_malwarebytes_anti_malware/

download install update and do a scan. don’t forget to hit remove. a sysytem reboot migh be needed.

good luck

I do already have Malware as well…I’ll run the scanner on it again and post back. Thanks!

Ok ran Malware and it did find one more thing. Here’s the scan log

Malwarebytes’ Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7786

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/30/2011 2:21:04 AM
mbam-log-2011-09-30 (02-21-04).txt

Scan type: Full scan (C:|D:|)
Objects scanned: 264827
Time elapsed: 33 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\offline web pages\1.40_testddos (Malware.Trace) → Quarantined and deleted successfully.

This must have been the virus responsible for redirecting my google results. I’d click on a result and get taken to some sort of random ad site. Very annoying.

Overall though after removing 13 viruses via Avast, then the MBRoot-J via Avast’s boot scan and now this malware with Malwarebytes…the machine is as fast as it used to be. Boots way more quick and you actually browse the web. lol

So still wondering about MBRoot-J and if it’s gone.

Ugh still getting redirected on google results. Clicked a link to a website I know and malware blocked it being another random ad site.

02:44:51 Rahne IP-BLOCK 67.29.139.153 (Type: outgoing)
02:44:54 Rahne IP-BLOCK 67.29.139.153 (Type: outgoing)
02:45:00 Rahne IP-BLOCK 67.29.139.153 (Type: outgoing)
02:45:12 Rahne IP-BLOCK 67.29.139.153 (Type: outgoing)
02:45:15 Rahne IP-BLOCK 67.29.139.153 (Type: outgoing)
02:45:21 Rahne IP-BLOCK 67.29.139.153 (Type: outgoing)

:

So as of now I still have the MBRoot-J listed in avast as a threat located Disk 0 Primary Boot Record and also having the redirect problem still.
I’m reading the sticky at the top and doing different scans. I’ll post back my logs to give you all more info.
Man oh man where did my mom pick this crap up from?! lol

Ok ran OTL…didn’t tell ME anything useful but sure the logs are useful for you guru’s. And man if I didn’t know any better I swear someones trying to prevent me from getting to this site. All teh link to it via google brought me to ad sites. I had to copy paste the link to get here again. Maybe I’m being paranoid. lol
AswMBR logs will be next as per the sticky above directs.

AswMBR log here. I also had a MBR.dat file saved. Should I post this as well?

And after some more browsing this machine definitely is infected with something still. Getting redirected and browsing seems hit and miss…very sluggish more often than not.

Essexboy the forum malware removal expert, and also the one that is best to read these logs are on vacation. should be back at oktober.6

so i recomend using Geeks to Go forum. This is a site dedicted to malware removal and where essexboy also works
http://www.geekstogo.com/forum/topic/2852-malware-and-spyware-cleaning-guide/

Yeah I saw he was on vacation…just my luck! lol I guess I’ll check that out and hang back until the 6th and give this thread a bump.

Well essexboy is a trainer and moderator on the GeeksToGo malwareUni, so he wouldn’t have suggested this lightly.

These are the instructions he gave:
In the meantime, you could go to Geekstogo. Before posting read this topic, http://www.geekstogo.com/forum/topic/2852-malware-and-spyware-cleaning-guide/, include in the first post a description of the problem, the OTL scan logs and the aswMBR log. That should get a quick response.

For information on and a download location for aswMBR.exe read this topic, http://forum.avast.com/index.php?topic=53253.0.

Ok well I did post over on geeks 2 go with my scan files etc attached. Have yet to recieve any response…although now I did post in their waiting room.
For now I’ve kept the computer off and haven’t used it since I fear this is a bad virus. Hopefully essexboy will respond here tomorrow sometime or geeks 2 go will respond soon.

Thanks everyone for the help so far

That is unusual as the geeks to go forum is usually prompt, but I guess they are busy too and with essexboy being away does hit them also.

Hopefully he will be back on-line soon.

Yeah I’m hoping so too! I got back from work today and have yet to even recieve a response in the “waiting” forum.
So hopefully I get some kind of help today.

The PC has been shut off as I think this virus is a serious security threat…