Hi, I’ve got a message from avast saying that it has detected a rootkit with a heuristic method, saying “\.\physicaldrive0 MBR:Win32:MBRoot”.
The delete option doesn’t seem to work, nor does the boot time scan. I’ve also ran a Malwarebytes’ anti-malware, which didn’t find anything relevant (I attached the log anyway).
So I ran the OTL tool from this thread. I’ve attached the log. I had to run it more than once, because the first time I realised my comps date setting was wrong, and the extras file said it couldn’t access several databases, but now I have no extras file. I hope that’s not essential, don’t know why it’s stopped appearing.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
Well, I’ve rebooted and the message hasn’t popped up, so it seems to have been cleared. Thanks very much! I assume changing all my passwords now would be a good idea.
I just installed Commodo Time Machine and my Avast is reporting it like Win32:MBRroot u think is a false positive message? I deleted with ur instructions but i really want to keep that program in my system.
More interesting is that on my laptop Avast is not notofing me about this MBRoot and i have same aplication installed there !!!