Rootkit - XP and Vista dual boot

Hi guys,

I have a laptop that is now dual booting XP SP2 (with McAfee Enterprise) and Vista (with Avast). Starting this weekend, Internet Explorer 6 on XP SP2 crashes on opening (roughly 95% of the times; the other 5% it works OK for about 5 minutes and then crashes) without even accessing my homepage. The internet connection is OK (all other web applications work just fine and Firefox accesses the web with no problems). On Vista, everything is fine, including Internet Explorer 7.

On XP SP2, I’ve tried installing IE 7, IE 8 beta2, IE 6 standalone, but the result is always the same: IE crashes on opening.

On XP, McAfee never showed up anything suspicious, nor MalwareBytes. Nevertheless, Avast on Vista tells me I have some rootkit virus on the MBR (and apparently hiberfil.sys is infected).

Any clues?.. Reinstalling the OS would be troublesome… :frowning:

Thanks in advance!

I suggest:

  1. Clean your temporary files. Also, disable the hibernation for a while and delete the file if it was not deleted automatically by Windows.
  2. From Vista, schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Disable System Restore and then reenable it again.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

the rootkit it was :slight_smile: MBR did the trick.

thanks