Whistler/Black internet

mensaap · Jan 31, 2011

Hello,

I ran avast today and it detected the Whistler@mbr virus.
Now, I've been searching on google and your forums and so far I've done the following:

-I've run mbrcheck.exe multiple times, didn't work
-I tried using the windows 7 bootdisk

The weird thing is that it's not my main drive that's infected (my w7 drive) but another drive which is used for my steam games.

I haven't had any problems with popup ads or iexplorer.exe running in the background.

Should I be worried, and how can I fix this problem?

MBRCheck log:

Kestrel13! · Jan 31, 2011

Download bootkit_remover.rar

Click the underlined DOWNLOAD text to download the file and save it to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use7-Zip

After extracing remover.exe to your Desktop, double click the remover.exe file to run the program.

Attach or post inline here, the output from remover.exe

mensaap · Jan 31, 2011

Attached the file

PS. Should I be worried about personal data, recently used paypal, etc...

Kestrel13! · Jan 31, 2011

That is not the correct output. I should be seeing something like this for example:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: b19ee33a0168d5f0bb9afbe12e2bc035

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code
Click to expand...

If you do online banking and you are infected with this then you will need to change your online passwords from another clean computer.

mensaap · Jan 31, 2011

Kestrel13! said: ↑

That is not the correct output. I should be seeing something like this for example:

If you do online banking and you are infected with this then you will need to change your online passwords from another clean computer.
Click to expand...

Yeah, how do I get the correct output?

As I've said in my OP, the virus isn't on my w7 drive but on a different drive

Kestrel13! · Jan 31, 2011

So just run the program again and take a screenshot of the results, which should be something like my example previously given. I realise it's not being detected on your main drive, I just wanted more information.

mensaap · Jan 31, 2011

Kestrel13! said: ↑

So just run the program again and take a screenshot of the results, which should be something like my example previously given. I realise it's not being detected on your main drive, I just wanted more information.
Click to expand...

sorry, I forgot to unpack the readme, got it

Kestrel13! · Jan 31, 2011

Can you run MGTools as per the instructions and attach the log it produces @ C:\MGLogs.zip, please?

Using MGtools

mensaap · Jan 31, 2011

Kestrel13! said: ↑

Can you run MGTools as per the instructions and attach the log it produces @ C:\MGLogs.zip, please?

Using MGtools

Click to expand...

Here you go

TimW · Jan 31, 2011

What drive is this:
931 GB \\.\PhysicalDrive0

Re-run MBRCheck and attach the new log.

mensaap · Jan 31, 2011

TimW said: ↑

What drive is this:
931 GB \\.\PhysicalDrive0

Re-run MBRCheck and attach the new log.
Click to expand...

It's the drive I use for all my steamgames, I never copy anything on there myself, nor do I ever install something other then steam on that drive

Here's the log

TimW · Jan 31, 2011

So this is only a storage drive? It is partitioned into E: and F:. Do you have your Win7 disc? If so, reboot into the bios and change your boot order to have the CD Drive as your first boot device. Put in your Win7 disc and reboot.

To run the Bootrec.exe tool, you must start Windows RE. To do this, follow these steps:

1. Put the Windows Vista or Windows 7 installation disc in the disc drive, and then start the computer.
2. Press a key when you are prompted.
3. Select a language, a time, a currency, a keyboard or an input method, and then click Next.
4. Click Repair your computer.
5. Click the operating system that you want to repair, and then click Next. Choose the Physical drive 0 ( the E: drive that is 931 GB)
6. In the System Recovery Options dialog box, click Command Prompt.
7. Type Bootrec.exe /fixmbr, and then press ENTER.
Click to expand...

Remove the disc and reboot into normal mode and re-run MBRCheck and attach that log.

Log in or Sign up

Whistler/Black internet

mensaap Private E-2

Attached Files:

mbr check.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

mensaap Private E-2

Attached Files:

bootkit_remover_debug_log.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

mensaap Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

mensaap Private E-2

Attached Files:

log.png

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

mensaap Private E-2

Attached Files:

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

mensaap Private E-2

Attached Files:

MBRCheck_01.31.11_23.30.19.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Log in or Sign up

Whistler/Black internet

mensaap Private E-2

Attached Files:

mbr check.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

mensaap Private E-2

Attached Files:

bootkit_remover_debug_log.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

mensaap Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

mensaap Private E-2

Attached Files:

log.png

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

mensaap Private E-2

Attached Files:

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

mensaap Private E-2

Attached Files:

MBRCheck_01.31.11_23.30.19.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Useful Searches