ComboFix detected TDL4 as long as the second run (the reboot to fix TDL4) was in safe mode. It couldn’t finish its second run in nomal mode. But TDSSKiller cannot detect it. Hitman detected MBO.exe trojan, but cannot delete it. I deleted it manually, but another file MBO without .exe came back after reboot.
Somebody asked me to upload master boot file and told me that was normal and combofix misread.
My PC cannot read the volumns of CDs correctly and somebody said the CDs may be culprit.
Why did you ran Combofix? Have you read the warnings that Combofix was pop-up?
You should not run ComboFix unless you are specifically asked to by a helper.
@psw
First aswmbr is only meant for mbr rootkits and not for tdl4 do not throw tools when u dont know their use pls. @ss10000
try removing the tdl4 rootkit via kaspersky tdss killer.
*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
You are claiming that TDL4 doesn’t infect the MBR ? Obviously it does and if you do a simple google search you will come to the same conclusion. It’s time to report you to the mods yet again.
And you should follow that advice yourself, you obviously don’t know wth you are posting. Besides my reply had nothing to do with that statement, i only pointed out that TDL4 does indeed infect the MBR and if you were such an expert as you claim to be you would already know that. It’s quite obvious you don’t know how aswmbr works and for what it is used for. Left123 already informed you that it is indeed used for TDL4 infections and you keep banging on that it is not when you are clearly mistaken. BTW the only mumbo jumbo that is posted here is by YOU, which is why you keep getting reported to the mods. Now please go ahead and report my post, the little good it will do you. :
What are you smoking, must be some strong stuff indeed ? : You are claiming that aswmbr is not used for cleaning TDL4 infections and the rest of us are telling you that it is. And again TDL4 DOES INDEED INFECT the MBR, why can’t you get that through your thick skull ? As i already suggested to you, do a google search on TDL4 and you will come to the same conclusion. Now who needs to pay attention here huh ?
If he is indeed training at bleepingcomputer or geekstogo then he really needs to read their rules because they do not allow their trainees to provide malware removal advice before they’ve completed their training. :
@com155
I warned you to do not use tools if you do not know how to use them.
Know this:
aswMBR is able to detect known TDL4 and known & and unknown sectors infection known us MBR rootkit.
also prease read:
ComboFix detected TDL4
@ss10000
You should follow my instructions. I asked for Combofix reports.
If you ran TDSSKiller you should attach report.
My guess is that you no longer have google redirections…
If you have google redirects follow my instructions:
If you dont have google redirect please remove the malware removal tools!