Black Internet Virus - Help Required

Please download MBRCheck to your desktop

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some data on it
• Right click on the screen and select > Select All
• Press Control+C
• Open a notepad and press Control+V
• now please ATTACH that report to this thread

Also I need to ask some questions:

1. Do you have any drives that has a non-windows installation on them
2. Are all drives NTFS formatted
3. Do you have any non-standard or special MBRs which can occur from companies like Dell or HP who frequently install additional partitions used for recovery partitions in lieu of giving CD/DVDs.
4. Is any program like Grub ( see:http://www.gnu.org/software/grub/ ) being used
5. Is drive-encryption being used?
6. Are any drives external USB pen drives or external hard drives being used?
7. VERY IMPORTANT: Do you have all important data backed up? You really should do this before continuing since we will need to rewrite your MBR to fix this and while most times this can be done without any problem, these infections can react badly and that could result in a PC not being bootable. You really don't have much choice though since these infections are too dangerous to your security to leave on a PC.

Now follow these instructions for running MGTools Using MGTools and then once finished attach the C:\MGlogs.zip

 

Don't forget the log from MGTools

 

Now if you wish to continue and fix the malware - please do the following:

• Run MBRCheck.exe
• Wait until you see the following lines:
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.
    Enter your choice:

• Please push the 'Y' key and then press Enter
• When the program asks you to Enter your choice: enter 2 to Rstore the MBR and press the Enter key
• Now the program will ask you to "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
• The program will show Available MBR codes as below

• You need to select your version of Windows frrom the list. For example, enter 0 or 1 for XP or enter 3 for Vista.....etc. and then press Enter.
• The program will prompt for confirmation. Type 'YES' and hit Enter.
• Left click on the title bar (where program name and path is written). From menu chose Edit -> Select All
• You will see all the text in the window get highlighted.
• Hit the Enter key on your keyboard to copy all of the text into the clipboard.
• Paste that text into Notepad, save it to your desktop as MBRfix.txt
• Restart your PC.
• Attach the MBRfix.txt file to your next message..

Also tell me how things are working.

 

Okay. I'll be here waiting.

 

Run MBRCheck.exe again


Now download The Avenger by Swandog469, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Also delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day).

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this. Also attach the new log from MBRCheck.

 

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Use windows explorer to find and delete the below folders if they exist:

Do not forget to attach the new log from MBRCheck!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

 

That just means you are trying to attach the old log, please attach the new log from running MBRCheck.exe again .

 

I just want you to do this:

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some data on it
• Right click on the screen and select > Select All
• Press Control+C
• Open a notepad and press Control+V
• now please ATTACH that report to this thread

 

You will need to boot to the Recovery Console to remove this infection.

Now boot to the Recovery Console and run the fixmbr to clear a Master Boot Record infection that you have.

You can read the below to help you do this:

http://support.microsoft.com/kb/307654


Then boot back into normal mode.

Then re-run MBRCheck again and attach the new log.

 

That should have taken care of any malware issues you were having. Tell me how things are running.

 

You are most welcome. Safe surfing.