Malware removal steps complete, still have problems

No.

Yes.

I am not sure what you mean by "mutating" rootkits. So I cannot answer this question.
The type of software I think you are referring to is mostly used when a person(s) wants to permanently remove ALL information on a hard disk. This includes the Master Boot Record and any existing and formerly created partitions. For example: Darik's Boot And Nuke.
Even though it technically could be used for malware removal, it is typically used for privacy reasons.

 

OK, A bit of an update while I have some renewed enthusiasm. :major

I have been running various killer programs and fixing the registry when needed after killing off recurring viruses. A quick recap:
Downloaded and ran Roguekiller. Seems to have found a few prickly issues that Malwarebytes, Superantispyware, Spybot and Security Essentials all failed to find. But in removal, the registry was corrupted. So I downloaded AVG Recovery as suggested here: Linky. Ran every possible test and fix the program offered. After the MBR fix portion the CPU would not boot, it only cycled on and off just before the MS start screen. So I rebooted from the Dell/OEM Vista disc and went through the Start-up repair in System Recovery.

All seems well except MBRCheck still reports a Faked MBR.

At this moment I am confident that there are no active viruses on the machine. If there are, WOW. More power to them I guess. I have run and checked a huge number of diagnostic, fix, kill programs over the past few days.

I have attached the MBRCheck log. Is there anyone out there that can read the log to see if it is a true Rootkit problem or just a false negative? (see next post)

And if it is an isssue, should I do something like this? Linky

At this point I have enough enthusiasm to try to be successful. Rather than just formatting and starting over!

 

Log attached

 

Maybe it was a fluke with MBRCheck. We have another tool to get a second opinion now.

Please download aswMBR to your desktop.

• Double-click aswMBR.exe to run (Vista/7 right-click and select Run as Administrator)
• Select No when asked "Would you like to download latest Avast! virus definitions?"
• Click the [Scan] button.
• On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach)

The last MGlogs.zip you attached show no indication of a hidden partition, plus these types of infections didn't start surfacing until late November 2011.

 

Log Attached

Unknown MBR code reported

 

I do not think this is a problem. Especially if you are saying you are not experiencing any problems. Normally with an infected MBR, you'll notice it pretty much right away and in most cases it will prevent you from being able to run tools like ComboFix / TDSSKiller / aswMBR. Anything that checks the MBR basically.

I do not think you have anything to worry about.

 

Can I run ComboFix? I have a 64bit OS. I was under the impression it would only work for 32b systems?

Is there a similar program that will work on 64b OS's?

My only issue with the MBR code is the recurring frequency of viruses even with Malwarebytes and Security Essentials running. I'm curious if it is opening the door?

 

You were able to run ComboFix before. Very first page of this thread you were on a x64 system and successfully ran ComboFix.

All the programs I mentioned earlier are x64 compatible.

If you suspect you have more viruses, create a new thread with all brand new logs from the Read and Run Me First thread.

 

Thanks Thisisu, All of your help is much appreciated!

Pazz

 

You're welcome