One more: Whistler@MBR RTK

system · January 31, 2011, 6:49am

I have seen 2 threads with this very same problem, but I don’t seem to get this fixed.

I add the MBR Check also, I followed essexboy’s guide and started the MBRCheck 5 minutes or so after reboot and I still got the message "Known bad MBR Core detected (whistler / Black Internet)

Pondus · January 31, 2011, 6:50am

Essexboy is notified

He is usually in here from 8:00pm - 11:59pm UK time

system · January 31, 2011, 6:57am

Damn that was fast! I’m here is the OTL report as well.

system · January 31, 2011, 7:00am

I have two more physical discs with same error, but I unplugged them and tried to fix on the OS disc first.

system · January 31, 2011, 7:19am

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:
     1. DDS.txt
     2. Attach.txt

Save both reports to your desktop. Post DDS.txt back to topic.

system · January 31, 2011, 9:29am

@ brutti,

I see that you posted your OTL Txt. but not the Extras Txt (the second part of OTL) - there are 2 attachments to the OTL log. Can you post the second part if you have it?

Also, do not run DDS as posted in the last post. Essexboy was already notified to assist you and he is a Certified Malware Removal Expert. He is using other tools to assist others in the removal of this malware. Please wait for his assistance to help you. He comes on the forum late UK time zone.

Essexboy will be the person helping you will your malware removal while the Avast Evangelists answer questions for you while he is away from the forum at this point. Thank you.

essexboy · January 31, 2011, 6:10pm

Hi I see you have run combofix - could you post the log please. Also are the other drives bootable ?

Finally could you give me a fresh run with MBRCheck ;D

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-4188548508-1775785014-1112427951-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\/files/openindex.exe index.hta [2010.03.03 11:02:12 | 000,004,865 | -H-- | C] () -- C:\ProgramData\bltofzsb.qlf [2010.03.02 15:46:32 | 000,004,985 | -H-- | C] () -- C:\ProgramData\ojvzdisj.xda
:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

system · January 31, 2011, 11:11pm

Ok, when I run MBRCheck.exe now my C:\ is clean. I kinda had to format and do some cleanup anyway so I figured this was a goodtime. However I still got the whistler virus on my other 2 physical discs. I have formmated them in Windows but still the Whistler virus is there, thats very wierd.

system · January 31, 2011, 11:17pm

One of this discs is totally empty, and I tried to boot on windows 7 CD and just format it. When I ran MBRCheck.exe its still there.

system · January 31, 2011, 11:29pm

Here is the last MBRCHeck as an attachment.

I didnt get anything about whistler MBR lasttime I ran Avast AntiVirus either. Which I did just now.

essexboy · February 1, 2011, 7:27pm

It is not on your main drive but the two subsidiary ones

The only way I can see of repairing it is to make the other drives primary and then run fixmbr on that drive, but if there is no OS I can’t see how to do it

system · February 1, 2011, 8:51pm

Install OS and scratch it afterwards?

essexboy · February 1, 2011, 9:03pm

'Tis an option well worth looking at - if you have the time

system · February 1, 2011, 9:14pm

Im not working tomorrow so I’m going to do it tonight.

essexboy · February 1, 2011, 9:42pm

OK Avast has released a MBR cleaner - fancy trying it out ?

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR1.png

Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2.png

Click the “Fix” in case of infection

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR3.png

Save the aswASW.log to the desktop

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR4.png

system · February 1, 2011, 10:08pm

Was just going to start to re-install but going to try it first. It doesnt fuck with my windows? I have like a perfect clean installation and dont want anything messed up.

essexboy · February 1, 2011, 10:10pm

No it won’t as I am interested to see whether it detects the two slave drives - just run the initial scan part

I have just run it on a 32 bit xp system (scan only ) and there was no problem

system · February 1, 2011, 10:14pm

See attachment

essexboy · February 1, 2011, 10:34pm

Same problem as me it does not appear to work with 64 bit systems, works on 32 bit though. Thank you for running that for me though ;D

system · February 1, 2011, 10:49pm

I should thank you.

One more: Whistler@MBR RTK

Announcements