Avast shield keeps finding MBR: \.\PHYSICALDRIVE (Edit: actually I now see it ends in O). on the fly and asking me to delete or sometimes move to chest. I do so and have let it run boottime scans multiple times. Keeps happening. Scans with Avast always find a rootkit but never seems to repair or quarantine it. The computer went through a time where wouldn’t boot properly or at all. I’ve tried many things to fix.
Now I’ve found this forum and hope I’ve done what’s necessary to obtain help. I’ve run the OTL and aswMBR.exe as mentioned in the suggestions here. Will try to post those logs below.
Here’s my computer basics:
Sharp Actius AL-27 5 year old notebook.
AMD Athlon 64 processor 2700+
Memory: 1280 DDR SDRAM
Hard Drive 60GB
Reformatted 2 years ago from FAT32 to NTFS
WindowsXP sp3
By the way, when I ran aswMBR.exe I clicked repair or fix whichever it was and got notice that this may ruin the MBR or make it unstable so I did NOT proceed beyond that.
Thanks David R and essexboy! I clicked fixMBR, it said fix was successful and things seem to be ok. Avast quickscan no longer detects the rootkit and there have not been any shield detections. I’m about to run aswMBR.exe scan again and will post results shortly.
Attatched is the aswMBR.exe log after fixing MBR and restart.
As I said, things seem better now. Will update if needed. I will say that my Avast free edition caught this intruder when it entered my computer and notified me it was attempting to block it. I think this could have been much worse if it had not done so. You think?
All fixed in one afternoon – that’s pretty good! Wish I’d come here first. . .