MBR Rootkit found

Welcome to Major Geeks!

If you are saying you ran the below procedure


READ & RUN ME FIRST. Malware Removal Guide

Then you need to finish 100% of what we asked for and attach the logs from the below:

• SUPERAntiSpyware
• Malwarebytes
• ComboFix
• MGtools

In addition to the above, please also download MBRCheck to your desktop

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

 

I don't think the MBR for this drive is actually infected. It is just not a standard Windows MBR. Likely because of how it was setup/partitioned. For example, below I will show you a log from my system where I just installed a new 2T byte USB external had drive from Verbatim. Notice what it says for the MBR.

Code:

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version:                Windows XP Professional
Windows Information:            Service Pack 2 (build 2600)
Logical Drives Mask:            0x000000fd
[URL="file://\\.\C"]\\.\C[/URL]: --> [URL="file://\\.\PhysicalDrive0"]\\.\PhysicalDrive0[/URL] at offset 0x00000000`01f60800  (NTFS)
[URL="file://\\.\G"]\\.\G[/URL]: --> [URL="file://\\.\PhysicalDrive2"]\\.\PhysicalDrive2[/URL] at offset 0x00000000`00007e00  (FAT32)
[URL="file://\\.\H"]\\.\H[/URL]: --> [URL="file://\\.\PhysicalDrive1"]\\.\PhysicalDrive1[/URL] at offset 0x00000000`00007e00  (NTFS)
      Size  Device Name          MBR Status
  --------------------------------------------
    111 GB  [URL="file://\\.\PhysicalDrive0"]\\.\PhysicalDrive0[/URL]   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
   1863 GB  [URL="file://\\.\PhysicalDrive2"]\\.\PhysicalDrive2[/URL]   RE: Unknown MBR code
            SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
    189 GB  [URL="file://\\.\PhysicalDrive1"]\\.\PhysicalDrive1[/URL]   Legit MBR code detected
            SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
 
Found non-standard or infected MBR.

Just an unknown form that likely allows use with multiple operating systems ( like Windows and MAC OS ).

If you are not having malware problems, I would leave it alone.