I was scanning a friend’s computer for possible infection with aswMBR
I’m not always able to complete the scan without a crash of the program, but the mbrScan is always complete
I get a ‘unknown mbr code’, I specify that the computer in question is a HP laptop, originally on windows 7, upgraded to windows 8 and the recovery partition has been deleted from the windows 7 ==> windows 8 upgrade
If someone with ability could check the mbr it would be nice, Avast full scan and MBAM full scan are clean, TDSS scan is also
The MBR.txt is the .dat that I converted, just tell me if you need the original .dat
And I also got a HIDDEN FILE while scanning with aswMBR but it was when I used TDSS killer before, if I rebooted it wouldn’t be tagged, so I guess its because TDSS killer need to monitor activity to scan loaded modules
It also got two PUM in the registry, but that’s all he found
(Looked up for those key, they are harmless and according to other ppl nonsense that they are flagged)
My friend originally send me the laptop because after the HP recovery with the CD, avast flagged a file in a HP program (he had nothing else installed beside avast and the programs that were with HP)
Told him it was probably a FP. He deleted everything to go to windows 8 so I can’t upload the file to virustotal, but everyscan report from many tools comes clean (after windows 8 upgrade) so i guess it’s all good
How can I know if its a BIOS or a UEFI?
The interface looks like a BIOS, and its an old HP Pavilion DV7 3800, how can I be sure? And if its a UEFI, is there an equivalent to MBR viruses?
As of yet there are no in the wild EUFI malware. Generally you will need a system that came with windows 7 or better to have this functionality. So the more modern systems probably less than 2-3 years old