Author Topic: aswMBR Rootkit Removal tool  (Read 27435 times)

0 Members and 1 Guest are viewing this topic.

ragweed

  • Guest
aswMBR Rootkit Removal tool
« on: November 22, 2011, 05:44:23 PM »
I downloaded the tool from here aswMBR public.Avast.com~gmerek/aswMBR.html .. My question is this an official download site? Thanks!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: aswMBR Rootkit Removal tool
« Reply #1 on: November 22, 2011, 05:58:42 PM »
That`s where we dowload it   ;)

-http://public.avast.com/~gmerek/aswMBR.htm

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: aswMBR Rootkit Removal tool
« Reply #2 on: November 22, 2011, 06:13:16 PM »
It is being downloaded from the avast site, that is the public space for the designer of the GMER anti-rootkit, who works for avast now and is the developer/designer of aswMBR.exe. So the -http://public.avast.com/~gmerek/aswMBR.exe is the correct download location.

I have answered your question, now I have one, what was your reason to download aswMBR.exe ?

It isn't the sort of tool you should be running as a routine measure but for a reason and generally only when it is suggested as part of a malware analysis/removal process.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ragweed

  • Guest
Re: aswMBR Rootkit Removal tool
« Reply #3 on: November 22, 2011, 06:20:50 PM »
This might sound crazy but, I just wanted to try it out to see if it found anything! It only found disk 0 unknown MBR code.I didn't fix it though.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: aswMBR Rootkit Removal tool
« Reply #4 on: November 22, 2011, 07:07:07 PM »
This is general advice and not specifically for you:
That is why it shouldn't be used unless recommended and then only under advice from someone experienced in its use and the information it produces.

It could seriously impact on your system should you chose options were you don't know what the impact might be.

The unknown MBR could mean more than one thing and not always malicious. It could be an indication that malware has modified the MBR code, but you would likely be experiencing other symptoms. Perhaps more commonly this could be because of the system that you have, Dell, Acer, etc. where they have got a manufacturers recovery console and recovery partition.

To achieve that they have to customise the MBR record, if anyone chose Fix in this instance they would be wiping that custom MBR code and would lose access to that recovery console.

So care has to be exercised when using tools such as these as that may return information which could be incorrectly acted on.
« Last Edit: November 22, 2011, 07:08:56 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security