Like the other thread addressing this problem,Avast is showing I have sinowal@mbr[rtk] infecting my system… Rather than mess around, yesterday I formatted my c: drive and did a clean install of Windows XP. After I was finished I ran a full system scan with Avast with no infections found. Today I did another full system scan being cautious To find that is back.I would really appreciate if someone could talk me through how to get rid of it.
Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
(post the logs here in this topic and not in the guide)
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt. / Extras.Txt / Malwarebytes scan log )
Essexboy will be notified when the logs are posted…
You will find him here 8:00pm - 11:59pm UK time
Thanks Pondus & Essexboy. I hope this is what u need
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5658
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2/02/2011 11:19:14 PM
mbam-log-2011-02-02 (23-19-14).txt
Scan type: Quick scan
Objects scanned: 126193
Time elapsed: 1 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here’s the OTL reports…
Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.
Run ComboFix.
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Post log reports ( ComboFix.txt) back to topic.
Heres the combo fix log:
Just suggestion.Try to use F-secure blacklight.http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/blacklight/.Temporarily disable your antivirus or antimalware,third party firewall…to avoid possible conflicts
Note:Only available for Windows 2000,2003 server,XP and Vista.
How to use F-secure blacklight.http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/blacklight/help.html
F-secure blacklight is still in BETA release,Use at your own risk
Please download MBRCheck.exe to your desktop.
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
.
@Left123
Let's make it easier and see if it worksArgus already work on easiest way...
Download this and run it.GMER's mbr.exe is integrated and part of ComboFix. ;)
I don't underestimate Argus skills etc but they can affect otl logs or whatever.OTL can not detect/remove this rootkit. ;)
.
Hello all
I’ve ran tdsskiller & it seems to have solved the problem…
Ive pasted & attached logs again for mbam & OTL …
I didnt get an extras.txt file this time however for OTL
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5662
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/02/2011 4:13:12 PM
mbam-log-2011-02-04 (16-13-12).txt
Scan type: Quick scan
Objects scanned: 125480
Time elapsed: 1 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Now you have a problem with computers?
What U mean?
Do you have a problem now?
I guess not … Thanks for all your help…
Take a look here.http://forum.avast.com/index.php?topic=70615.msg591787#msg591787Avast can detect most of the MBR rootkits.Besides,you can check with this:http://public.avast.com/~gmerek/aswMBR.htm
It is necessary to uninstall Combofix
Start >> Run
Copy
Combofix /Uninstall
Enter
Thanks for letting me know about uninstalling combofix.
What problems may occur from leaving it installed?
I ask because im having a problem detecting my dvd drive and a second sata hd ive installed.
The problem is not from Combofix