Hi
I am new to this forum. I have experienced a smilar infection to the one described at the post:
http://forum.avast.com/index.php?topic=78458.0
Avast detects the malware specified in the subject, but I cannot get rid of it even with the scan at boot-time (it detects the infection, but does not fix the problem).
I have followed the first steps as described in the recommendations to follow, without success yet. Here are the logs:
Malwarebytes’ Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6821
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/06/2011 23:39:13
mbam-log-2011-06-10 (23-39-13).txt
Scan type: Quick scan
Objects scanned: 195101
Time elapsed: 6 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTS (attached)
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-09 21:55:44
21:55:44.359 OS Version: Windows 5.1.2600 Service Pack 3
21:55:44.359 Number of processors: 2 586 0xE08
21:55:44.359 ComputerName: MGA_PORTABLE UserName: mga
21:55:44.906 Initialize success
21:55:53.796 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-3
21:55:53.812 Disk 0 Vendor: FUJITSU_MHV2100BH_PL 00000029 Size: 95396MB BusType: 3
21:55:55.843 Disk 0 MBR read successfully
21:55:55.843 Disk 0 MBR scan
21:55:55.843 Disk 0 unknown MBR code
21:55:57.843 Disk 0 scanning sectors +195366465
21:55:57.890 Disk 0 scanning C:\WINDOWS\system32\drivers
21:56:04.140 Service scanning
21:56:05.328 Disk 0 trace - called modules:
21:56:05.359 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:56:05.359 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x8a6dfab8]
21:56:05.359 3 CLASSPNP.SYS[f7657fd7] → nt!IofCallDriver → \Device\00000083[0x8a69d9e8]
21:56:05.359 5 ACPI.sys[f75ae620] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-3[0x8a668940]
21:56:05.375 Scan finished successfully
21:59:20.781 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\mga\Desktop\MBR.dat”
21:59:20.796 The log file has been saved successfully to “C:\Documents and Settings\mga\Desktop\aswMBR.txt”
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-10 21:38:28
21:38:28.312 OS Version: Windows 5.1.2600 Service Pack 3
21:38:28.312 Number of processors: 2 586 0xE08
21:38:28.312 ComputerName: MGA_PORTABLE UserName: mga
21:38:28.734 Initialize success
21:38:42.187 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-3
21:38:42.187 Disk 0 Vendor: FUJITSU_MHV2100BH_PL 00000029 Size: 95396MB BusType: 3
21:38:44.265 Disk 0 MBR read successfully
21:38:44.281 Disk 0 MBR scan
21:38:44.281 Disk 0 unknown MBR code
21:38:46.281 Disk 0 scanning sectors +195366465
21:38:46.500 Disk 0 scanning C:\WINDOWS\system32\drivers
21:38:52.468 Service scanning
21:38:53.640 Disk 0 trace - called modules:
21:38:53.671 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:38:53.671 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x8a71c428]
21:38:53.687 3 CLASSPNP.SYS[f7657fd7] → nt!IofCallDriver → \Device\00000084[0x8a6a0338]
21:38:53.687 5 ACPI.sys[f75ae620] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-3[0x8a6c0940]
21:38:53.687 Scan finished successfully
21:39:10.640 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\mga\Desktop\MBR.dat”
21:39:10.640 The log file has been saved successfully to “C:\Documents and Settings\mga\Desktop\aswMBR.txt”
MBR.dat was also detected as infected when rebooting in the scan at boot time.
I use a laptop where I share two partitions one for Linux and one for Windows, booting via the Grub engine. Never experienced problems before for two years.
Can anybody help fixing the malware? Thanks in advance.
atis