I use Avast MBR version 1.0.1.2290 to run regular scans once in 2 weeks. The latest scan had a red item in it. But when i searched for that particular system file in the drive that was mentioned, i could not find it.
What should i do?
Is that something related to malware?
I have pasted the log file below.
Can someone please kindly help me? Thank you
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-04-16 23:01:42
23:01:42.335 OS Version: Windows x64 6.2.9200
23:01:42.335 Number of processors: 8 586 0x5E03
23:01:42.350 ComputerName: REBECCA-VALENTI UserName:
23:01:42.754 Initialize success
23:01:42.769 VM: initialized successfully
23:01:42.769 VM: Intel CPU supported
23:01:44.482 VM: not used
23:06:21.041 AVAST engine defs: 17030301
02:19:57.536 Disk 0 \Device\Harddisk0\DR0 → \Device\0000003c
02:19:57.541 Disk 0 Vendor: HGST_HTS721010A9E630 JB0OA3J0 Size: 953869MB BusType: 11
02:19:57.545 Disk 1 (boot) \Device\Harddisk1\DR1 → \Device\0000003e
02:19:57.548 Disk 1 Vendor: SanDisk_SD8SNAT128G1002 Z2317002 Size: 122104MB BusType: 11
02:19:57.558 Disk 1 MBR read successfully
02:19:57.561 Disk 1 MBR scan
02:19:57.585 Disk 1 unknown MBR code
02:19:57.589 Disk 1 Partition 1 00 EE GPT 2097151 MB offset 1
02:19:57.618 Disk 1 scanning C:\WINDOWS\system32\drivers 02:19:59.445 File: C:\WINDOWS\system32\drivers\04589159.sys HIDDEN
02:19:59.778 Service scanning
02:20:11.573 Modules scanning
02:20:11.583 Disk 1 trace - called modules:
02:20:11.595 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
02:20:11.604 1 nt!IofCallDriver → \Device\Harddisk1\DR1[0xffff90019abbd060]
02:20:11.610 3 CLASSPNP.SYS[fffff8044f275efb] → nt!IofCallDriver → [0xffff900198055300]
02:20:11.615 5 ACPI.sys[fffff8044eeb4571] → nt!IofCallDriver → [0xffff900198055700]
02:20:11.621 7 ACPI.sys[fffff8044eeb4571] → nt!IofCallDriver → \Device\0000003e[0xffff900198047060]
02:20:11.763 AVAST engine scan C:
02:26:04.975 Disk 1 MBR has been saved successfully to “C:\Users\Rebecca Valentine\Downloads\MBR.dat”
02:26:04.977 The log file has been saved successfully to “C:\Users\Rebecca Valentine\Downloads\aswMBR.txt”
You can’t find it because its HIDDEN, the fact that it is hidden doesn’t necessarily mean it is malicious. Though the fine name isn’t very helpful as it appears to be randomly created, no hits on a search on the file name.
I wouldn’t run aswmbr unless there was something that made me consider there might be wrong in the Master Boot Record. Or a possible rootkit, in which case I would probably run the anit-rootkit or boot-time scan. But all of this would only be triggered if my system was running strangely and or getting avast alerts.
Sorry fr that
I had got my system infected a week back, all thanks to a friend handling my system. So have been using all the removal tools possible.
& someone suggested me that avast mbr detects most of the rootkits. So tried using it after a long time.
Yeah. My system had been infected so badly a week back, all thanks to a friend of mine. Now although it seems okay. i am still doubtful whether every piece of malware has been removed or whether some had just stayed back in my system.
Had you said that you had recently had a system infection that would certainly have been one of the instances that it require further analysis (as Asyn has now pointed you to). But there is a danger in running tools that you aren’t familiar with (not necessarily aswmbr) as they can do harm as well as good.
Once this is resolved lock your system down and only let your friends have access on a Guest account, this may not stop infection (because of their poor security/browsing habits), but it could limit the damage. Personally after this these ‘friends’ would be banned.