Did you also do drive 6 with MBRcheck ? as that may be what ASWMbr is picking up
No, should I?
I also just did a rootkit scan with Avast & it still says the threat is on physical drive 1!?
And there is stilll no fix button ?
On your desktop should be an MBR.dat file could you scan that with Avast via the right click function
If it does not alert then could you add it to the virus chest and then upload to the virus labs
You can put my name in if you wish - I will ask GMER to look at this thread
If there is no mbr.dat on the desktop could you run ASWMbr again please and save the log. As GMER would like to look at it
Then do you know how to upload it to Avasts FTP incoming ?
http://www.mediafire.com/?o403x8vsnko345j
Here is the link for the .dat file. Still no ‘fix’ available.Uploaded it to virus labs after putting it into Avast chest.
Cheers
Thanks I have also sent GMER a copy to look at
Thanks for all your help and patience with this dude, much appreciated. 
Please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.
In Account Related Settings select Hide email address from public? to prevent scammers and spammers harvesting your gmail.com email address.
Thank you for the file.
Here is the VT report, so the MBR is definitely infected.
This variant doesn’t hide the MBR so the simple fix doesn’t work.
I’ll check the code and improve the tool. The other way for cleanup is fixmbr from Recovery Console.
Thanks
Cheers GMER ;D
OK with windows 7 it is a slightly different procedure where we need to use bootrec
There are full instructions here from MS http://support.microsoft.com/kb/927392
But the basic command from the c prompt is
bootrec /FixMbr
Got as far as doing the command prompt, it said operation was succesfull but I didn’t know where to go from there and microsofts instructions don’t say?
Reboot and see if it has gone
You did use this command at the c prompt bootrec /FixMbr
I did it after you do system recovery options, command prompt & bootres.exe and it comes up with a few options. Then rebooted. It’s still showing in aswMBR & Avast?
What sort of damage is this rootkit doing to my pc out of interest?
As it appears to be on the unused XP partition then at the moment none. Your active 7 partition is OK
How often do you use XP now ?
Not at all really anymore, my only worry is that I think that drive is where the start of the boot process begins as I seem to remember taking it out once and windows 7 wouldn’t boot from just the solo drive?
You can do that but would need to run BCDEdit to remove the XP reference
I will get that sorted in my own mind and have a fix for you tomorrow
GMER has now updated ASWMbr to combat this - so could you download a fresh copy and run… This time use the fixmbr button as the fix one will be inactive for this variant ;D
What version is the new one-just to be on the safe side!?
I think it is 0.94 also could you run it from the infected partition