Hi Folks!
I’m grateful this forum exists, and hopeful that help is just around the corner from one of the many knowledgeable people here.
I’m running a Dell, oldie but goodie; XP OS and Internet Explorer 8.0. She’s been a good machine but I’m afraid I put her in harm’s way.
On Friday, 04/29 I used Avast Free to identify a high threat item on my computer: Sinowal@mbr[Rtk]
Over the weekend I’m meticulously prepared redundant backups of all my data in preparation for a hard drive reformat.
On Sunday, 05/01 I ran aswMBR from safe mode and it highlighted two lines in red. I then clicked on MBR Fix and received the message "Disk 0 Windows 501 MBR
fixed successfully".
After reading several posts on this forum I rebooted immediately and then ran and subsequent scans using Avast Free and MBam. The scans came up mostly
clean; but certainly free of Sinowal@mbr[Rtk].
Next I ran aswMBR, and it showed the same two red lines. I then ran MBR Fix several times and kept getting the same red lines showing up with slight
variations.
Here it is Tuesday, 05/03 and I’m still getting clean virus scans using the two programs mentioned above. But I am still getting the same two red lines when
I run aswMBR, and the same fixed successfully message.
What prompted all this was my computer was running super slow, and whenever I went to the eBay or Amazon.com I would get a Phish pop up that would not even
let me enter the site unless I provided credit card, Social Security, security code, ATM pin number etc.
Well, again, here I am, and I have been able to successfully visit eBay and Amazon.com without the Phish screen and I’m getting clean virus scans. I just
don’t trust that my issue has been resolved.
I’ve included two aswMBR logs. The first log reflects my 04/30 scan & fix; while the second log reflects my most recent aswMBR (05/03) scan. I’ve placed
asterisks on the two lines that show up in red. There are obvious differences in those lines between the earlier scan/fix in today’s scan/fix. I don’t know
if my computer is safe enough to go online or not. I don’t know if Sinowal@mbr[Rtk] has been removed or if it’s just sleeping. I do know Sinowal@mbr[Rtk]
is not showing up on my MBam scans or my Avast Free scans.
I’m sure tired of dealing with this but I’m prepared to reformat and reinstall if necessary. I’ve only been activating my Internet connection for short
periods of time for specific purposes; i.e. posting this and returning a few quick e-mails.
I sure appreciate any light you can shed on my problem.
Thanks
Matt
LOGS
aswMBR version 0.9.5 Copyright(c) 2011 AVAST Software
Run date: 2011-04-30 21:44:48
21:44:48.015 OS Version: Windows 5.1.2600 Service Pack 3
21:44:48.015 Number of processors: 2 586 0x403
21:44:48.015 ComputerName: MDE UserName:
21:44:48.718 Initialize success
21:44:58.375 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-0
21:44:58.390 Disk 0 Vendor: Maxtor_6 YAR5 Size: 152587MB BusType: 3
21:44:58.406 Disk 1 \Device\Harddisk1\DR1 → \Device\Ide\IAAStorageDevice-1
21:44:58.421 Disk 1 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
21:45:00.437 Disk 0 MBR read successfully
21:45:00.453 Disk 0 MBR scan
21:45:02.468 Disk 0 scanning sectors +312496380
21:45:02.500 Disk 0 scanning C:\WINDOWS\system32\drivers
21:45:16.546 Service scanning
21:45:18.031 Disk 0 trace - called modules:
21:45:18.046* ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x866b2aee]<<
21:45:18.062 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x872fdab8]
21:45:18.078 3 CLASSPNP.SYS[f7824fd7] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-0[0x86dfc030]
21:45:18.093* \Driver\iastor[0x8730b988] → IRP_MJ_CREATE → 0x873661d8
21:45:18.125 Scan finished successfully
10:23:10.078 Disk 0 Windows 501 MBR fixed successfully
10:23:37.281 Disk 0 Windows 501 MBR fixed successfully
10:24:10.046 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Administrator\My Documents\MBR.dat”
10:24:10.062 The log file has been saved successfully to “C:\Documents and Settings\Administrator\My Documents\aswMBR.txt”
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
aswMBR version 0.9.5 Copyright(c) 2011 AVAST Software
Run date: 2011-05-03 10:51:28
10:51:28.296 OS Version: Windows 5.1.2600 Service Pack 3
10:51:28.296 Number of processors: 2 586 0x403
10:51:28.296 ComputerName: MDE UserName:
10:51:29.296 Initialize success
10:51:40.125 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-0
10:51:40.125 Disk 0 Vendor: Maxtor_6 YAR5 Size: 152587MB BusType: 3
10:51:40.140 Disk 1 \Device\Harddisk1\DR1 → \Device\Ide\IAAStorageDevice-1
10:51:40.140 Disk 1 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
10:51:42.156 Disk 0 MBR read successfully
10:51:42.156 Disk 0 MBR scan
10:51:44.171 Disk 0 scanning sectors +312496380
10:51:44.203 Disk 0 scanning C:\WINDOWS\system32\drivers
10:51:59.718 Service scanning
10:52:01.015 Disk 0 trace - called modules:
10:52:01.015* ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85e76aee]<<
10:52:01.015 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x87139ab8]
10:52:01.031 3 CLASSPNP.SYS[f75d2fd7] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-0[0x86c05030]
10:52:01.031* \Driver\iastor[0x8710aa08] → IRP_MJ_CREATE → 0x871d01d8
10:52:01.031 Scan finished successfully
10:55:23.765 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Administrator\My Documents\MBR.dat”
10:55:23.765 The log file has been saved successfully to “C:\Documents and Settings\Administrator\My Documents\aswMBR009.txt”
10:55:37.390 Disk 0 Windows 501 MBR fixed successfully
10:56:04.843 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Administrator\My Documents\MBR.dat”
10:56:04.843 The log file has been saved successfully to “C:\Documents and Settings\Administrator\My Documents\aswMBR010.txt”