Virus detected, unable to remove?

MBR virus possibly , here is the latest update.

http://img.photobucket.com/albums/v11/wwarriorww/disc0.png

Thanks

http://img.photobucket.com/albums/v11/wwarriorww/virus_detected.png

Welcome to the forum :slight_smile:

aswMBR should work fine on 64 bit. Just scanned here with win7 64 :slight_smile:

Yep fully 64bit compatible ;D

Thanks for the quick replies everyone. I was still unable to get the one in the link listed to work, but found another link here that worked http://public.avast.com/~gmerek/aswMBR.htm

Anyways saving the log was not working when I tried to rename the log.dat to log.txt, it would show corrupted text. Instead here is a screen shot, assuming that carries the same information.

http://img.photobucket.com/albums/v11/wwarriorww/mbr.png

From the initial alert, it seems that avast is reporting the MBR infection on disk 0, yet aswMBR is scanning disk 1, hence the difference in results.

Since this is essexboy’s area, I will defer to him ;D

Are you on a dual boot system ?

I dont believe so, I have a primary disk drive with winOS and everything else. And then I have another HD that I use just to keep simple stuff on such as music. I also have an ex HD plugged in right now if that might be getting picked up.

Could you unplug the other drive and then re-run ASWMbr to see if it detects drive 0

Sure unplugged all other drives so just my primary was in. Here are the results for the primary, or disc0

http://img.photobucket.com/albums/v11/wwarriorww/disc0.png

Sorry for the delay I was working another thread

And yet Avast is still reporting it ?

Please read carefully and follow these steps.

[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

Thanks for the reply. No I have not run avast again since unplugging the other drives, but I will be sure to do so now and see what it reports.

Here is the result, I figure a report is unnecessary since no threats were detected. Should I try plugging in the other drives and see if it reports something on them?

Thanks for helping!

http://img.photobucket.com/albums/v11/wwarriorww/TDSreport.png

Looks like Avast did kill it prior to running ASWMbr

Might be worth trying TDSSKiller on the other drives… Although if they are not bootable it should not find anything

What problems do you have now ?

Is there a way to specify which drive it runs? Because my understanding of bootable would be having an OS installed, and neither the external or my other internal have that.
Also how would Avast kill it, I never was able to apply a fix from after the scan, it wouldnt even let me select the virus.
As far as problems, no symptoms its running fine it seems. But I would rather play it safe and be sure.

Avast will autofix this type of malware if it is able but it must be done during a reboot… Did you run a bootscan after the detection ?

As the other drives are not bootable it is not worth checking them

To double check that there are no other miscreants hiding

Download OTS to your Desktop and double-click on it to run it

[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

[*]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.

Quick update Avast no longer reports the virus from a full system scan, will run the OTS now to confirm.

Here is the finished file
http://dl.dropbox.com/u/25806698/ots_results_cmf0106.txt

Could you just attach the log please as dropbox destroys the formatting