MBR Rootkit / Win XP Freezes on Startup

Discussion in 'Malware Help (A Specialist Will Reply)' started by Crunchie, Dec 23, 2009.

  1. Crunchie

    Crunchie Private E-2

    OS: Win XP SP 3

    Initial symptoms: About a week ago, I noticed that after a Google Search, any click would take me to some fishy pages rather than following the link I clicked. "What a pain, I'll have to fix that when I have more time" I said. Next time, my computer froze on startup (After the progress bar animation, at the "Welcome" screen). It's hanging after loading mup.sys, showing lots and lots of failed driver load attempts in the bootlog.

    Status: The machine will only boot in safemode. I used MSCONFIG to disable everything (startup items, services, win.ini, system.ini) and it still won't start up unless I enable /SAFEBOOT for boot.ini.

    I ran the parts of the malware removal read/run first process that I could do in safemode and found an MBR Rootkit. I'm hoping that killing this will fix my problems. I'm attaching the MBAM and RR malware removal reports. Please advise on my next step (i.e. how to remove the rootkit - can I just use RootRepeal for that?)

    Thanks very much!

    - Crunchie
     

    Attached Files:

    Crunchie, Dec 23, 2009
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please also then attach the logs from running:

    • SUPERantispyware
    • Combofix
    • MGTools

    Do you have your windows CD handy?
     
    Kestrel13!, Dec 25, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds