TDL4@MBR code has been found
Started by
mike@webacts
, Jun 23 2011 11:16 AM
#1
Posted 23 June 2011 - 11:16 AM
#2
Posted 23 June 2011 - 02:45 PM
Hi there download and extract the following zip file
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
#3
Posted 26 June 2011 - 11:23 AM
aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-25 22:55:00
-----------------------------
22:55:00.687 OS Version: Windows 5.1.2600 Service Pack 3
22:55:00.687 Number of processors: 1 586 0x204
22:55:00.687 ComputerName: BILLING UserName:
22:55:01.328 Initialize success
22:57:33.937 AVAST engine defs: 11062501
23:34:26.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:34:26.328 Disk 0 Vendor: WDC_WD200BB-75DEA0 05.03E05 Size: 19073MB BusType: 3
23:34:28.343 Disk 0 MBR read successfully
23:34:28.343 Disk 0 MBR scan
23:34:28.343 Disk 0 Windows XP default MBR code
23:34:30.343 Disk 0 scanning sectors +39054015
23:34:30.375 Disk 0 scanning C:\WINDOWS\system32\drivers
23:34:58.078 Service scanning
23:34:59.187 Disk 0 trace - called modules:
23:34:59.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:34:59.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f81ab8]
23:34:59.203 3 CLASSPNP.SYS[f7523fd7] -> nt!IofCallDriver -> \Device\0000005a[0x86f2f130]
23:34:59.203 5 ACPI.sys[f749a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86fc7d98]
23:34:59.406 AVAST engine scan C:\WINDOWS
00:57:04.625 AVAST engine scan C:\Documents and Settings\Billing coordinator
01:08:54.625 AVAST engine scan C:\Documents and Settings\All Users
01:14:08.796 Scan finished successfully
01:14:16.859 Disk 0 MBR has been saved successfully to "Z:\ACTS\Malware Tools\MBR.dat"
01:14:16.953 The log file has been saved successfully to "Z:\ACTS\Malware Tools\aswMBR.txt"
Run date: 2011-06-25 22:55:00
-----------------------------
22:55:00.687 OS Version: Windows 5.1.2600 Service Pack 3
22:55:00.687 Number of processors: 1 586 0x204
22:55:00.687 ComputerName: BILLING UserName:
22:55:01.328 Initialize success
22:57:33.937 AVAST engine defs: 11062501
23:34:26.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:34:26.328 Disk 0 Vendor: WDC_WD200BB-75DEA0 05.03E05 Size: 19073MB BusType: 3
23:34:28.343 Disk 0 MBR read successfully
23:34:28.343 Disk 0 MBR scan
23:34:28.343 Disk 0 Windows XP default MBR code
23:34:30.343 Disk 0 scanning sectors +39054015
23:34:30.375 Disk 0 scanning C:\WINDOWS\system32\drivers
23:34:58.078 Service scanning
23:34:59.187 Disk 0 trace - called modules:
23:34:59.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:34:59.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f81ab8]
23:34:59.203 3 CLASSPNP.SYS[f7523fd7] -> nt!IofCallDriver -> \Device\0000005a[0x86f2f130]
23:34:59.203 5 ACPI.sys[f749a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86fc7d98]
23:34:59.406 AVAST engine scan C:\WINDOWS
00:57:04.625 AVAST engine scan C:\Documents and Settings\Billing coordinator
01:08:54.625 AVAST engine scan C:\Documents and Settings\All Users
01:14:08.796 Scan finished successfully
01:14:16.859 Disk 0 MBR has been saved successfully to "Z:\ACTS\Malware Tools\MBR.dat"
01:14:16.953 The log file has been saved successfully to "Z:\ACTS\Malware Tools\aswMBR.txt"
Attached Files
#4
Posted 26 June 2011 - 11:27 AM
What error did tou get with OTL - could you download and run this different version
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.
Download OTS to your Desktop
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.
Download OTS to your Desktop
- Close ALL OTHER PROGRAMS.
- Double-click on OTS.exe to start the program.
- Check the box that says Scan All Users
- Under Additional Scans check the following:
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Under the Custom Scan box paste this in
%USERPROFILE%\..|smtmp;true;true;true /FP
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Now click the Run Scan button on the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
#5
Posted 26 June 2011 - 12:30 PM
Upon executing OTL.exe I get the following error dialog box: "OTL has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. For more information about this error, click here."
I attempted to run OTS from the desktop and got the same error dialog.
I attempted to run OTS from the desktop and got the same error dialog.
#6
Posted 26 June 2011 - 02:18 PM
Could you try from safe mode please
#7
Posted 26 June 2011 - 02:57 PM
Same error whether in Safe Mode or normal Windows startup.
#8
Posted 26 June 2011 - 03:05 PM
OK I do not like working blind like this - but there is no other option I feel
Download Dr Web from here Fill in the small form and download
It will download as an 8 digit file save it to your desktop
Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
Download Dr Web from here Fill in the small form and download
It will download as an 8 digit file save it to your desktop
Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
#9
Posted 26 June 2011 - 07:53 PM
During the wait I ran MSERT and it cleaned off 3 infections. Then, after I saw your reply I ran DrWeb and it found no infections. OTR or OTS still generate the same error but I'm going to consider this resolved for now. Thanks for your help.
#10
Posted 27 June 2011 - 10:12 AM
If you are sure, I will leave this thread open for a few days just in case
#11
Posted 29 June 2011 - 03:06 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users