the system had some Backdoor.Win32.Sinowal.knf

the system was fixed via the TDSSkiller and then fixMBR in aswMBR

yet result is

aswMBR

13:01:11.921 Disk 0 scanning sectors +976768065 13:01:11.953 Disk 0 PE file @ sector 976768090 !

GMER’s MBR

device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 976768065

when the drive is checked in other system it appears clean too

is the baddie still there or not ?

attached are logs just rename to .zip


so the questions are :

what else use to check if it’s clean
if it’s not clean how to clean :slight_smile:

These are signs of old/inactive infection.