Win32:Bamital-X and Whistler-B@mbr (Rtk)

Hi can someone please help me with the following.

When I run a fuill system scan with Avast it says that I have the following viruses Win32:Bamital-X and Whistler-B@mbr (Rtk)yet I cannot remove them using avast, I have also downloaded Malwear Bytes Anti Malware software and updated it but this has failed to detect anything, I have atttached the log below.

If anyone can help with this it would be greatly appreciated.

Download and save to dektop http://public.avast.com/~gmerek/aswMBR.exe

  • Double click the aswMBR.exe to run it
  • Click the “Scan” button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Here’s the additional logs, thanks for the help so far :slight_smile:

That log looks clean ???

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
(post the logs here in this topic and not in the guide)

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTS log )

It says that the OTS file is too large to attach, is this normally a problem and how can I fix it?

Oh and I just reran my avast scan and the Whistler-B@mbr (RTK) is still there :frowning: Do you think I should uninstall and reinstall avast, as the OTS thing didnt seem to come up with anything.

OTS is an analysis tool - that will enable me to find and then remove any malware

Could you attach the log please

If the log is to big for one attachment, split it and use two post`s…or more

First part of the OTS scan

Second part

Could you re-save the OTS as an ANSI as opposed to Unicode - it will then attach in one go

http://i1224.photobucket.com/albums/ee362/Essexboy3/Untitled.gif

Here you are, and thank you both for your time and effort:)

just wait until we send the bill ;D $$$$

OK I have confirmed that explorer is infected and probably hiding the MBR

So as you have win 7 64 bit, lets get windows on the job first

Go to start > All Programs > Accessories
Right Click Command Prompt and select run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[
]Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

ok thank you very much, ill have to do all that tommorow as im going to bed now but thanks for you help and im sure there will be a pot of gold in it somewhere for Pondus, or possibly a bag of potatoes.

Lets go for the tatties ;D

Heya, here is the combofix file.

Looking at that it may be that SFC cleared it. One of the joys of a 64bit windows 7

What are your current problems ?

Just ran a full system scan and Avast says its still there. In Disk 0 Master Boot Record thats the Whistler-B@mbr (Rtk) is there any way that I can include a log of the Avast scan to be looked through?

OK could you re-run aswMBR please - are you getting the bamital alert ?