Help, Will DOS Solve My Problem, And How?

I hope you ran the MS MSRT on your Windows installation, I'm confident it will not have found a rootkit - because you do not have one.

The 'rootkit battle' link is irrelevant as well as somewhat dated.

I often install 7-zip for zip and other compressed file handling.

The entries in your hosts file are all put there by Spybot and are used to block known bad stes. If you want your PC to interract freely with those sites, keep deleting the entries.

Just in case you missed it earlier - you do not have a rootkit.

 

Then WHY does RootRepeal keep finding files that keep changing, but stay encrypted?

If I defrag my external drive, the folder will show up as "Path: E:\Bm
Status: Invisible to the Windows API!" with no "Sector mismatch",
and the next time it will change to "E:\ÿÿÿÿMy.*ss
Status: Invisible to the Windows API!" and then I get the "Sector 62 Status: Sector mismatch", along with all the encrypted files under both folders.
Why did my internet service suddenly quit working and the "IP Address" disappear, not once, but twice in 24 hours?
Why did, after the next reboot, "ÿÿÿÿMy.*ss" disappear and "E:\WD_Windows_Tools\䈀ml
Status: Invisible to the Windows API!" suddenly appear after I run RootRepeal on Feb 28 2010?

This MBR Rootkit has a counter, and changes its name.
I do have a problem.

 

When I check the "HOSTS" file under "Online Armor++", they are "Allowed"
and when I use "Hostsman" to block or remove them, they disappear.
When I use "Online Armor++" to "Block" them, they don't stay "blocked".

 

:cryHelp!

 

You don't have a problem (yet) with your external drive, keep trying to fix something that isn't broken and you will.

Your internet ''problem'' is probably a normal occurrance. It happens to everyone from time to time.

Re. hosts file: Using 3 sets of tools to manage 1 file is a little OTT, don't you think?

 

What exactly do you need help for? You have been given excellent advice in all the previous posts as to your original request. You don't have a rootkit as Tim W explained to you, and the reasons for why you didn't. and he is one of the Malware fighters, so he should know.

Sorry if the above seems rude, but it seems as if you are asking for help and then refusing it or arguing about it. Have you tried attaching your external hard drive to a know virus free computer. well protected, and scanning it?

 

No one has answered the questions in post #52 and post #53.

I found some additional information in Stealth MBR rootkit.

 

<sigh>

Files visible (or not) to Windows (#52) - ANSWER:- because of the installed WD software.

Read the pages and explore the sites I linked to in #33.

Hosts file (#53) - ANSWER:- you are using conflicting software (3+ Applications) to manage the file without understanding the workings of them and differences between them.

There's a difference between blocking a website using an entry in the host file and blocking an entry in the hosts file ...

Please read that page and prove how it could possibly effect your external drive?

 

While I fall extremely below Tim W's knowledge of malware, it would seem that you are erring on the extreme side of caution as to your perceived rootkit infection.

Is your external hard drive bootable? Can you choose this device in BIOS as the boot from drive and start the computer? Is there more than one partition on your external hard drive? If you can answer yes to any of these, then there is the possibility that your external hard drive does have a MBR.

Have you tried detaching your removable hard drive and running everything suggested in the Malware Removal section?

I have no knowledge of what the software for your external hard drive may write to any sector on it, but it seems that it could be the cause for your concern.

 

To TimW and Novice,

I finally solved the problem. I took my laptop to a repair shop, who found C drive with no problems, but the external drive had to be wiped and reformatted, and files reloaded. They also replaced the CD/DVD drive, due to intermittent problems of not recognizing that drive. After I got it home, it still had problems. I called the repair shop and explained the problems, and they showed me how to use "add hardware" to clear up the "loading windows xp" lockup.

I bought "Online Armor++", asked them for help, and they sent me to "SpywareHammer.Com". They helped me thru SuperAntiSpyware and Malwarebytes Anti-Malware to get rid of the MBR, with RootRepeal tools to force wipe and delete files not found by windows on C drive, but brought to light by AVIRA Rescue Disk (it looks for foreign language or encrypted type on your computer).

I had to make a manual backup of most of my files on C drive to my external drive. Then I had to use my Original Toshiba Disk to take my computer back to Factory Standards, and did updates by MS update/windows. I then slowly rebuilt my files by manual mode, it took three days, wiped out all my Norton Ghost backups, and reloaded Norton Ghost and made a new backup.

I run all the checks but found the system clean. The problem was finally solved.