Spybot Search and Destroy is reporting an unknown MBR called PhysicalDrive2 with a rootkit scan. Is this a rootkit?
Type: Posts; User: DarkWolff; Keyword(s):
Spybot Search and Destroy is reporting an unknown MBR called PhysicalDrive2 with a rootkit scan. Is this a rootkit?
Thanks for all your help! I'll be sure to follow these steps immediately.
I originally was very lax with security on that laptop as I didn't do much surfing on it, and didn't surf on it. Now I see...
Oh no, they are all gone! :)
None yet. Is there something I should be looking for?
ComboFix 08-12-30.02 - Lord Kandar 2008-12-31 14:16:28.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1647 [GMT -5:00]
Running from: c:\documents and settings\Lord...
ComboFix 08-12-30.02 - Lord Kandar 2008-12-31 13:48:20.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1596 [GMT -5:00]
Running from: c:\documents and settings\Lord...
ComboFix 08-12-30.02 - Lord Kandar 2008-12-31 12:07:17.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1632 [GMT -5:00]
Running from: c:\documents and settings\Lord...
No, I'm not sure. I'll do it again.
ComboFix 08-12-30.02 - Lord Kandar 2008-12-31 11:52:50.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1647 [GMT -5:00]
Running from: c:\documents and settings\Lord...
Just as an aside, there is some (gaming based) data that I'd want to save on the laptop, which is also part of why I'd like to try to clean it.
Hello,
If possible, I'd like to try to remove the Trojan. I don't use the laptop for sensitive info and only use it for gaming, so I think I'll be ok for now.
I will reformat the laptop soon...
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 30, 2008
Operating System: Microsoft Windows XP Professional...
Update: Scan is still running (55%).
Will do.
Here's the link if you want a more readable version: http://www.virustotal.com/analisis/239f9c6c69a3d0503ca1d50e58cea855
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:15 PM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
...
ComboFix 08-12-29.02 - Lord Kandar 2008-12-30 14:37:37.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1619 [GMT -5:00]
Running from: c:\documents and settings\Lord...
Ok will do.
I can't seem to start the computer in safe mode. I press f8, choose safe mode, then windows (not the recovery), but it stays after trying to load...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:35 PM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
...
ComboFix 08-12-29.02 - Lord Kandar 2008-12-30 14:00:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1578 [GMT -5:00]
Running from: c:\documents and settings\Lord...
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
AOL Instant Messenger
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver...
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
AOL Instant Messenger
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver...
ComboFix 08-12-29.02 - Lord Kandar 2008-12-30 13:24:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1592 [GMT -5:00]
Running from: c:\documents and settings\Lord...
Ok ComboFix managed to install the recovery console, and it's scanning now. I'll post the log when finished.
BTW, The computer's performance has increased dramatically and we're not even done. ...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:54 PM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
...
Ok it's all down. I noticed the fake Windows Security Center is gone now. Spybot will run now, but I didn't do a scan yet so these logs will be accurate.
ComboFix 08-12-29.02 - Lord Kandar...
Thanks. ComboFix is running now. I'll post a scan when it's done.
Note: ComboFix couldn't download the Windows Recovery Tool. Is this ok?
Ok, I unloaded TeaTimer from the taskmanager. I tried to run ComboFix, but the same thing that happens to Spybot S&D happens to it; it doesn't run. If I leave the process window from the task manager...
Ok I downloaded the tool, but I can't start Spybot to turn off TeaTimer. Should I just end the process for TeaTimer?
I forgot to mention; I tried running spybot after the scan to see if it would run, but it still wouldn't.
Here's the log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:18 PM, on 12/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)...
Thanks, that's exactly what I did. :) I'm waiting for the scan to complete now.
I'm having problems getting on the internet on the infected laptop (I'm on another atm). I can't seem to view most webpages. I'll keep trying.
Ok since everyone seems to be doing this, I've posted HijackThis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:37 PM, on 12/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)...
Hello,
My laptop is currently infected with Malware/Spyware. I got infected last night; about 20 IE windows popped up at once and my system slowed down to a crawl. Ad-aware failed to remove...
Sorry, I think I posted this in the wrong forum. I reposted it in the Malware forum. If a mod can remove this, I'd appreciate it.
Spybot-SD Resident is running now (and is blocking malicious processes), but I still can't get the normal scan to start.
Hello,
Yesterday my system got infected by Spyware. I've downloaded and install Spyboy S&D (from this site), as well as the definition files.
Won't start. I've installed and updated the files,...