Avast WEBforum

Other => Viruses and worms => Topic started by: ragweed on November 22, 2011, 05:44:23 PM

Title: aswMBR Rootkit Removal tool
Post by: ragweed on November 22, 2011, 05:44:23 PM
I downloaded the tool from here aswMBR public.Avast.com~gmerek/aswMBR.html .. My question is this an official download site? Thanks!
Title: Re: aswMBR Rootkit Removal tool
Post by: Pondus on November 22, 2011, 05:58:42 PM
That`s where we dowload it   ;)

-http://public.avast.com/~gmerek/aswMBR.htm
Title: Re: aswMBR Rootkit Removal tool
Post by: DavidR on November 22, 2011, 06:13:16 PM
It is being downloaded from the avast site, that is the public space for the designer of the GMER anti-rootkit, who works for avast now and is the developer/designer of aswMBR.exe. So the -http://public.avast.com/~gmerek/aswMBR.exe is the correct download location.

I have answered your question, now I have one, what was your reason to download aswMBR.exe ?

It isn't the sort of tool you should be running as a routine measure but for a reason and generally only when it is suggested as part of a malware analysis/removal process.
Title: Re: aswMBR Rootkit Removal tool
Post by: ragweed on November 22, 2011, 06:20:50 PM
This might sound crazy but, I just wanted to try it out to see if it found anything! It only found disk 0 unknown MBR code.I didn't fix it though.
Title: Re: aswMBR Rootkit Removal tool
Post by: DavidR on November 22, 2011, 07:07:07 PM
This is general advice and not specifically for you:
That is why it shouldn't be used unless recommended and then only under advice from someone experienced in its use and the information it produces.

It could seriously impact on your system should you chose options were you don't know what the impact might be.

The unknown MBR could mean more than one thing and not always malicious. It could be an indication that malware has modified the MBR code, but you would likely be experiencing other symptoms. Perhaps more commonly this could be because of the system that you have, Dell, Acer, etc. where they have got a manufacturers recovery console and recovery partition.

To achieve that they have to customise the MBR record, if anyone chose Fix in this instance they would be wiping that custom MBR code and would lose access to that recovery console.

So care has to be exercised when using tools such as these as that may return information which could be incorrectly acted on.