MBR TDL4

[mico1234567]

Recently my computer has been infect with a virus and rootkit.

I've run Malwarebytes, AdAware, SuperAntiSpyware and recently downloaded the free avast Antivirus.

It seems to have gotten rid of the virus. I can now go on the internet and there are no more redirect links or false anti-virus pop-ups. But I constantly get this warning from Avast that there's a rootkit. I delete it and then reboot but it appears again.

I downloaded aswMBR and here's the log,

12:31:22.359    OS Version: Windows 5.1.2600 Service Pack 3
12:31:22.359    Number of processors: 1 586 0x401
12:31:22.359    ComputerName:---  UserName: ---
12:31:22.656    Initialize success
12:31:36.125    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
12:31:36.125    Disk 0 Vendor: SAMSUNG_HD040GJ WY100-33 Size: 38146MB BusType: 3
12:31:38.156    Disk 0 MBR read successfully
12:31:38.156    Disk 0 MBR scan
12:31:38.156    Disk 0 TDL4@MBR code has been found
12:31:38.156    Disk 0 MBR [TDL4]  **ROOTKIT**
12:31:38.156    Disk 0 scanning C:\WINDOWS\system32\drivers
12:31:41.765    Service scanning
12:31:43.125    Disk 0 trace - called modules:
12:31:43.156    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
12:31:43.156    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86737030]
12:31:43.156    3 CLASSPNP.SYS[f7652fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86793b00]
12:31:43.156    Scan finished successfully
12:33:02.218    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\lore\My Documents\MBR.dat"
12:33:02.218    The log file has been saved successfully to "C:\Documents and Settings\lore\My Documents\aswMBR.txt"

For some reason the "Fix" button is grey and I can't click on it. What should I do?

[magna86]

Hi

• Double click the aswMBR icon to run it. Vista and Windows 7 users right click the icon and choose "Run as administrator".
  
• Click the Scan button to start scan.
  
• When scan finishes, press the Fix Button.
  
• Once the Fix is done, press the Save Log button and save the log to your desktop.
  
• You need to reboot your computer when its done before you do anything else, then post the log that will be on your desktop.

edit:

I just now read this  

For some reason the "Fix" button is grey and I can't click on it. What should I do?

Delete old tool and download fresh aswMBR from here
http://public.avast.com/~gmerek/aswMBR.exe

[mico1234567]

just downloaded the fresh version, scanned and the fix button is still greyed out 

[magna86]

Ok...


Download TDSSKiller to your Desktop.
Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now
To view the report:
Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.



..........................

Reboot Windows then again run aswMBR ( Scan >> Save log ) paste here TDSSKiller & aswMBR logs


..........................


Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs:
         1. DDS.txt
         2. Attach.txt

Save both reports to your desktop. Attach DDS.txt back to topic.