Avast WEBforum

Business Products => Archive (Legacy) => Avast Business => Avast Endpoint Protection => Topic started by: patrickoscar on June 16, 2011, 11:43:40 PM

Title: malware
Post by: patrickoscar on June 16, 2011, 11:43:40 PM
am a newcomer, so first hello to all! now my question - running avast I detect a malware called whistler but cannot delete it. appreciate any advice on whether it is serious and on how to get rid of it.
patrickoscar
Title: Re: malware
Post by: DavidR on June 16, 2011, 11:51:26 PM
Whistler is if I recall an MBR Rootkit, so you will ned a specialist tool.

You can check if you have an MBR rootkit using this tool:
Quote from: essexboy
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 568KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
(http://public.avast.com/~gmerek/aswMBR1.png)
 
On completion of the scan click save log, save it to your desktop and post in your next reply
(http://public.avast.com/~gmerek/aswMBR2.png)

Title: Re: malware
Post by: patrickoscar on June 17, 2011, 08:00:39 AM
thanka for this David.
It is indeed te rootkit whistler.mbr
I used this and attach logs of scan. what should I do to get rid of it?
Thx again,
PatrickOscar
Title: Re: malware
Post by: claudiuc on June 17, 2011, 09:22:29 AM
You can use FixMBR button.
Title: Re: malware
Post by: DavidR on June 17, 2011, 01:45:51 PM
thanka for this David.
It is indeed te rootkit whistler.mbr
I used this and attach logs of scan. what should I do to get rid of it?
Thx again,
PatrickOscar

Strange as the aswMBR log you posted doesn't show any MBR rootkit.
Quote
07:18:40.156    Disk 0 MBR scan
07:18:40.171    Disk 0 Windows XP default MBR code
Plus no unknown elements and the avast scan of system32 and sub-folders also came up clean.

Quote
07:19:09.015    AVAST engine scan C:\WINDOWS\system32
07:22:57.390    Scan finished successfully
No sign of rootkit whistler.mbr in this scan either.

So was this a second scan after taking action (FixMBR and reboot) ?