MBR.Root

Discussion in 'Malware Help (A Specialist Will Reply)' started by alexstjohn, Jan 10, 2013.

  1. alexstjohn

    alexstjohn Private E-2

    I am running Windows 7 Ultimate x64. I started getting spoof returns in my email and knew something was wrong. I downloaded and ran per instructions all of the programs listed. Malwarebytes came up clean, so no log. In MGTools, Steelworx errored and was terminated by the system, but the balance ran as usual with the log attached.

    I noted Root.MBR as an infection and am awaiting further instructions.

    My thanks in advance.
     

    Attached Files:

    alexstjohn, Jan 10, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Only RogueKiller is showing some kind of potential problem with the MBR on your Samsung SSD drive but what it shows is not making too much sense. RogueKiller is showing this drive like it is much larger drive ( 1 Terabyte ) than it really is. So I'm concerned whether it is just having a problem reading the drive properly which could also explain a misreading of the MBR. Can this drive be removed from the system for awhile to see if the problems you are experiencing go away when it is removed?

    Also what is the size of this drive? Is it 128GB like oher reports show?

    Also a side question: Why does someone need 5 separate hardddisks with an approximate total of 3.6 Terabytes in a single PC.
     
    Last edited: Jan 12, 2013
    chaslang, Jan 12, 2013
    #2
  3. alexstjohn

    alexstjohn Private E-2

    First, my apologies for a less than timely response.

    I noted that my BIOS was 3 versions behind, along with a few other updates and wanted the system to not be throwing out erroneous reports while attempting to clean.

    I have attached the most recent runs of the Read and Run first, along with a screen shot of MSE history in the last few days.

    You will note no MBR error since my updates in RogueKiller.

    And to your last question - I have doing forensic file recovery off several drives using File Scavenger and some were the targets and others the collectors.

    As a side note - I saw a reference to a temp file with Kaseya in it. If you don't know, Kaseya is an IT tool I use to monitor a few friends systems for them. Not sure why it shows the way it does.

    Thanks again.

    Thank you in advance for your review of this.
     

    Attached Files:

    alexstjohn, Jan 19, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes but this has nothing to do with the updates. It has to do with the fact that you disconnected the Samsung SSD drive as I suggested. It was showing an infection.

    Are you still having problems with emails with this drive disconnected.
     
    chaslang, Jan 20, 2013
    #4
  5. alexstjohn

    alexstjohn Private E-2

    Nothing else. Thank you for your attention and time to this. Should I be concerned about the other items found in Rogue Killer or MSE?
     
    alexstjohn, Jan 20, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The only thing in RogueKiller was an unknown MBR on one of your drives. This does not always mean it is a problem as many drives do not have standard MBRs. If you are not having problems, I would not touch it.

    You did not show me a log from MSE, so I cannot comment.
     
    chaslang, Jan 20, 2013
    #6
  7. alexstjohn

    alexstjohn Private E-2

    Thank you again for looking this over for me. You all do a great job with this forum and I refer people to it constantly.

    Have a Happy New Year!
     
    alexstjohn, Jan 21, 2013
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome and thanks for the referrals. So I will assume you are not having any problems.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    9. .
    10. After doing the above, you should work thru the below link:
     
    chaslang, Jan 21, 2013
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds