Infected with possible Rootkit.MBR

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by PC-Retreat, Dec 15, 2009.

  1. PC-Retreat

    PC-Retreat Private E-2

    Hi Everyone,

    I need someone help badly. Yesterday, I went to a site I normally go to often and my computer froze. I was unable to close the window using ctl/alt/delete. I therefore had to shut down m laptop to get the window to close. Upon start up my computer went to a blue screen and my laptop loads very slowly.

    I scanned my pc with malwarebyte it detected the following Rootkit.MBR and deleted it.

    It runs a little faster now ...

    However my computer is still infected. When I search in google every site I click on I am taken to random sites.

    But I searched my laptop with the following virus software:

    AVG 8 --- Nothing Found
    Ad-Adware --- Nothing Found
    SuperAnti --- Nothing Found
    Panda Online --- Nothing Found
    GMER --- Rootkit Activity, but I don't know how to read the log file -- So I will attach it for you to read.

    I also downloaded MBR.exe from GMER website and here's the results from that scan:


    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    malicious code @ sector 0x0950E4C4 !
    PE file found in sector at 0x0950E4DA !
     

    Attached Files:

  2. PC-Retreat

    PC-Retreat Private E-2

    Oh my goodness... I think I fixed it with the help of 10 hours of google research on my other computer.

    My laptop is running much faster and none of my google search is being redirected to another site.

    I went to the recovery console upon startup.

    entered "fixmbr" in the command line and hit enter... now everything seems to be ok.

    IF YOU THINK I SHOULD CHECK ANYTHING ELSE PLEASE REPLY. I WOULD STILL LIKE YOUR HELP TO ENSURE IT'S 100% CLEAN ..
     
  3. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, PC-Retreat


    Please follow the instructions in the below link to provide me with some logs to view:

    READ & RUN ME FIRST. Malware Removal Guide


    and attach the requested logs when you finish these instructions.
    • **** If something does not run, write down the info to explain to us later but keep on going. ****
    • Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds