Avast WEBforum
Other => Viruses and worms => Topic started by: Chrissiee on March 18, 2011, 11:35:41 PM
-
Every time I log on Avast scans and finds 2 Rootkit attacks which are impossible to remove: C:\\Windows\System32\sychost.exe and MBR:\\...PHYSICALDRIVE0. The PC is very slow, quickly heats up, and CPU usage almost always 100%. I need my PC for work. I would appreciate if anyone out there could help. Thanks.
-
Hi...
Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr
Double click dds.scr to run the tool.
* When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
# Save both reports to your desktop. Attach DDS.txt back to topic.
-
the problem is your master boot record. You should boot from the windows 7 Cd and choose "Repair your computer" option. Then, "System Recovery Options" window appears, click "next" and choose "Command Prompt".
A black window appears, type bootrec /fixboot
Then enter
That is complete
-
@ANHTHU5991
Again. Such things cannot be fixed very easily with windows rescue disc. Because the user should first of all use windows 7(As you have stated - but does he use windows 7?), even after fixing the the mbr, there might still be a infection lurking and hence advanced removal is required. Probably redirecting the user to a malware helper like essexboy (http://forum.avast.com/index.php?action=profile;u=11091) would help, I have done that.
-
i have problem with my computer when my antivirus software detects virus in mbr. I tried fixmbr, and it works. If people don't use win 7, they can try fixing mbr with windows xp. Antivirus software is not always detects a real virus
-
Probably redirecting the user to a malware helper like would help, I have done that.
No need, imo.
The OP didn't answer at all. ;)
-
No need, imo.
The OP didn't answer at all. ;)
yeah, you're right :). But I wanted ANHTHU5991 to know that redirecting to a expert would be a better option in case of rootkit infections. ;)
-
But I wanted ANHTHU5991 to know that redirecting to a expert would be a better option in case of rootkit infections. ;)
Ah, ok. :)
-
ok. Thanks for you opinion, anyway :)
-
i have problem with my computer when my antivirus software detects virus in mbr. I tried fixmbr, and it works. If people don't use win 7, they can try fixing mbr with windows xp. Antivirus software is not always detects a real virus
First,You must remove the bootkit/rootkit and then try to fix your MBR.Otherwise the virus will continue infect the mbr in every restart.
-
If you have a TDL4 infection and run fixmbr - you may not be able to boot again
-
If you have a TDL4 infection and run fixmbr - you may not be able to boot again
Ye agree,i've seen that happenning couple of times.