Hi, I’m new user of avast. Once i perform my full scan, 1 virus detected its rootkit ‘hidden boot sector’. I’ve tried to delete it, but its still not deleted. That virus already boot my system a lot of times. I really need your on how to remove it.
I hope someone can help me by giving full instruction on how to remove it, because i’m not really expert in computer.
Lastly, I hope someone can help me now, because this Feb 6 i’m going to go to one place that have very poor internet connection.
Sorry for my English. Thank you.
Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
(post the logs here in this topic and not in the guide)
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt. / Extras.Txt / Malwarebytes scan log )
Essexboy will be notified when you have posted the log`s here…
He is usually in here 8:00pm - 11:59pm uk time
Hi there lets cut straight to the chase, two programmes for you to run. Could you run in the order posted please, as we are working on an Avast tool to clean this and any data we can gain would be usefull
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it, place a tick in the Trace disc IO calls box
http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture.jpg
Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2.png
Click the “Fix” in case of infection
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR3.png
Save the aswMBR.log to the desktop
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR4.png
THEN
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
Hi! I am also new user of avast and i had exactly the same problem with
‘hidden boot sector’. I did what you said. Downloaded aswMBR and everything.
Virus detected and fixed.
Then TDSSkiller, but with that was no virus detected.
Then i run a scan with avast and the hidden boot sector was vanished!!!
Thank you very very much. This had caused problems at my computer!
I ve not understood exactly what i should copy paste and were. If it will help
tell me what i should send you. thanks again!!!
Thank you for this. MBR infections have grown so much in recent weeks (or are you just finding them better?)
They have been around for a while, but it appears that they are now getting cheaper to buy
i found this what mean
Looks like the TDL3 variant
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
Hi Folks, Seems I have a similar problem, please find the logs attached. I tried tdsskiller but it didn’t work. aswMBR only comes up with the option to fixMBR which is followed by a warning that it could alter my system so not sure what to do now? Any help greatly appreciated.
Could you download the lates version of aswMBR please and scan - this time the fix button should be available, if so press that one and not Fixmbr
Also could you zip the file called mbr.dat on your desktop and e-mail it to me please
If for some reason aswMBR does not offer the fix option
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
Hi Essexboy, thanks for the reply. Bit of confusion, aswMBR does have just a fix button but it is greyed out even after the scan (version0.9.3) Have tried using tdsskiller bit the rootkit is still showing, even after reboot.Your e-mail address is hidden so not sure where to send DAT file? Cheers.Adam
Could you attach the TDSSKiller log please so that I can see what variant it is, also the ASWMbr log
Right click the dat file and scan with Avast - which should add it to the chest. Then from within the virus chest right click and select upload to virus labs
Here you go dude. Will follow your other instructions.
Could you rerun ASWmbr please and - not press any buttons just post the log generated
This ok?
OK it is reporting TDL4 which is the version which can be cure by pressing the fix button, remember not to press the fixmbr this time
Once done could you then post the resultant log plus
Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - NetSvcs
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
File - Purity Scan
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.
Sorry it won’t let me just press just fix as it is greyed out and nothing happens when I press it!!??
OK that is intriguing lets use a diiferent tool. On your desktop you should have an MBR.dat file - could you right click and scan that with Avast. It should put it in the chest. Once done go to the chest right click the file and select send to virus labs
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
Tds log is back a couple of posts, would you like me to do it again?
Yes please - this may be a new variant requiring a different method of attack