Avast WEBforum

Other => Viruses and worms => Topic started by: willo.c on March 29, 2012, 07:04:46 PM

Title: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on March 29, 2012, 07:04:46 PM

Avast continues to say that I have a virus: MBR Alureon-k in MBR physicaldrive0 Partition2
I'll send the log both from OTL, but aswMBR doesn't work on my PC.

Hope you can help me.
Thanks in advance,

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on March 30, 2012, 07:41:55 PM

Hi, 

Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

• Double click the aswMBR icon to run it.
• Click the Scan button to start scan.
  
• When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

(http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png) (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png)
Click the image to enlarge it
----------

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on March 31, 2012, 11:31:17 AM

Jeff,

Thanks for consideration, but it simply doesn't work..
I tried to run it.. But it doesn't start..

I also take a look in the processes: for few seconds the aswMBR process is present and then it simply disappears without any view of the tool Windows in which we have the scan button..

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on March 31, 2012, 03:32:19 PM

Hi willo.c,

Let's try this...move aswMBR to your C:\ folder so that it will look like this when there >>  C:\aswMBR.exe  Try to run it from there.  If it still doesn't work boot to Safe Mode and try to run it from there. 

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 01, 2012, 11:34:54 AM

Same problem even in C, even in Safe mode!!

Is it possibile the rootkit block aswMBR?

Helppp mee!! :((

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 01, 2012, 11:58:19 AM

If renamed in explorer.exe it showed:

The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 01, 2012, 12:07:37 PM

Already tried TDSSKiller, but it doesn't start, exactly as aswMBR...

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 01, 2012, 12:15:06 PM

Ok, I'm doing the quick scan with Malwarebytes..

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: CraigB on April 01, 2012, 12:15:48 PM

adotd does not have permission to provide help in this section so has been deleted.

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 01, 2012, 12:56:12 PM

Ok, i will wait for Jeff!!

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 01, 2012, 06:24:44 PM

Hi,

Let's go about this another way.  Underneath my name over to the left...you will see a "Globe" icon.  Press that and go to my page.  Once there, select the file named svchost and download that file directly to your C:\ folder and then run the program.  If a log is produced post that to your next reply.  :)

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 01, 2012, 08:27:06 PM

Jeff,

always the same problem.. Nothing happens..
Is it the aswMBR renamed?

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 01, 2012, 09:14:54 PM

Let's take a look and see what we have

In the run box type the following

diskmgmt.msc

When disc management opens expand it so that all drives are visible
Take a screenshot and post it here

Are you able to burn a CD on another computer ?

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 01, 2012, 09:35:17 PM

Attached the screenshot..

Of course, i can burn a CD/DVD on another pc..

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 01, 2012, 11:50:14 PM

Hi,

I need you to download:
gparted-live-0.10.0-3.iso (http://sourceforge.net/projects/gparted/files/latest/download?source=files) (115.1 MB) 

Create a bootable CD, for Gparted from the ISO image.

You can use ImgBurn (http://download.imgburn.com/SetupImgBurn_2.5.6.0.exe) do this.

Now boot off of the newly created Gparted CD. 

(http://img829.imageshack.us/img829/5772/gpartedsplash.th.png)

You should be here... Press ENTER

(http://img5.imageshack.us/img5/7286/gpartedkeymaps.th.png)

By default, "do not touch keymap" is highlighted.
Leave this setting alone and just press ENTER. 

(http://img404.imageshack.us/img404/9840/gpartedlanguage.th.png)

Choose your language and press ENTER. English is default [33]

(http://img140.imageshack.us/img140/7958/gpartedgui.th.png)

Once again, at this prompt, press ENTER 
You will now be taken to the main GUI screen below

(http://img32.imageshack.us/img32/1122/gpartedo.th.png)

According to your logs, the partition that you want to delete is 10mb

Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions: 

(http://img233.imageshack.us/img233/1533/gpartedsteps.th.png) 

Now you should be here:

(http://img696.imageshack.us/img696/8471/gpartedsuccessclose.th.png) 

(http://img194.imageshack.us/img194/7753/gpartedboot.th.png)

Is "boot" next to your OS drive? 
If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags 

In the menu that pops up, place a checkmark in boot like the picture below:

(http://img196.imageshack.us/img196/3483/gpartedmanageflagsboot.th.png) 


Now double-click the (http://img822.imageshack.us/img822/641/gpartedexit.png) button. 

You should receive a small pop up like this:

(http://img88.imageshack.us/img88/8986/gpartedexitreboot.png)

Choose reboot and then press OK.

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 02, 2012, 06:33:31 PM

Jeff,

i deleted the small partition... Now everything is OK!!! :))
Avast don't find anything.. Even Malwarebytes don't find anything..

Thanks a lot!! ;) ;) ;)

Is there something i can do to prevent any other rootkit?

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 02, 2012, 06:37:02 PM

Oh now stay with me...there was more on your system than just that.

Were you able to get aswMBR to run?  If so please post that log.  I want to make sure your system is on the up-and-up.  :)

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 02, 2012, 08:14:51 PM

 :( :( :(

You were right..

Now the process Services.exe is running on my CPU over 90%..

But i'm able to run aswMBR.. I'm going to post the log when it finishes the scan..

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 02, 2012, 08:35:48 PM

Here the log of aswMBR..

I run it on Safe mode..

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 02, 2012, 08:47:17 PM

Hi,

Please download TDSSKiller.zip (http://"http://support.kaspersky.com/downloads/utils/tdsskiller.zip")

• Extract it to your desktop
• Double click TDSSKiller.exe
  
• when the window opens, click on Change Parameters
  
• under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  
• click OK
  
• Press Start Scan
  
  • Only if Malicious objects are found then ensure Cure is selected
    
  • Then click Continue > Reboot now
    
• Copy and paste the log in your next reply
• A copy of the log will be saved automatically to the root of the drive (typically C:\)
  

----------

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://"http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html")
  
  
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

(http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

(http://img.photobucket.com/albums/v706/ried7/RC2-1.png)

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Notes:

1.[color="red"]Do not mouse-click Combofix's window while it is running. That may cause it to stall.[/color]
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------

In your next reply please post the logs made by TDSSKiller and ComboFix.  :)

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 02, 2012, 11:40:23 PM

Jeff,

again done them in Safe Mode..

Attached the logs..

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 03, 2012, 02:36:25 AM

Hi willo.c,

I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis

To submit a file to virustotal, please click  VirusTotal (http://www.virustotal.com)

copy and paste the following into the upload a file box  (one at a time if more than one file is listed)

c:\windows\system32\Smab0.dll
c:\windows\system32\VistaUltm.dll


scroll down a bit and click "send file", wait for the results and attach them in your next reply.

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
----------

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 03, 2012, 04:47:25 PM

Jeff,

i'm going to do the next step in 40 minutes..

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 03, 2012, 05:02:15 PM

That is fine.  No hurry.

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 03, 2012, 05:53:41 PM

I analysed the files, but i did not find the button -send file-, so..

SHA256:    d4ceed9eeecab9ec14b0bbe3bff53285719295d2c6ba235496c7526890b0a6d2
File name:    Smab0.dll
Detection ratio:    2 / 42
Analysis date:    2012-03-27 13:21:35 UTC ( 1 settimana ago )
0
0
Antivirus    Result    Update
AhnLab-V3    -    20120326
AntiVir    -    20120327
Antiy-AVL    -    20120327
Avast    -    20120327
AVG    -    20120327
BitDefender    -    20120327
ByteHero    -    20120327
CAT-QuickHeal    -    20120327
ClamAV    PUA.Packed.PECompact-1    20120327
Commtouch    -    20120327
Comodo    -    20120327
DrWeb    -    20120327
Emsisoft    -    20120327
eSafe    Suspicious File    20120326
eTrust-Vet    -    20120327
F-Prot    -    20120327
F-Secure    -    20120327
Fortinet    -    20120327
GData    -    20120327
Ikarus    -    20120327
Jiangmin    -    20120326
K7AntiVirus    -    20120326
Kaspersky    -    20120327
McAfee    -    20120327
McAfee-GW-Edition    -    20120327
Microsoft    -    20120327
NOD32    -    20120327
Norman    -    20120327
nProtect    -    20120327
Panda    -    20120327
PCTools    -    20120326
Rising    -    20120327
Sophos    -    20120327
SUPERAntiSpyware    -    20120323
Symantec    -    20120327
TheHacker    -    20120326
TrendMicro    -    20120327
TrendMicro-HouseCall    -    20120327
VBA32    -    20120327
VIPRE    -    20120327
ViRobot    -    20120327
VirusBuster    -    20120323




SHA256:    87f87804767a255f95873b59f5a841e47dc749d84679b018328eb86109b85715
File name:    vistaultm.dll
Detection ratio:    3 / 43
Analysis date:    2012-03-25 10:02:11 UTC ( 1 settimana, 2 giorni ago )
0
0
Antivirus    Result    Update
AhnLab-V3    -    20120324
AntiVir    -    20120323
Antiy-AVL    -    20120325
Avast    -    20120325
AVG    -    20120325
BitDefender    -    20120325
ByteHero    -    20120319
CAT-QuickHeal    -    20120324
ClamAV    PUA.Packed.PECompact-1    20120325
Commtouch    -    20120325
Comodo    -    20120325
DrWeb    -    20120325
Emsisoft    -    20120325
eSafe    Suspicious File    20120322
eTrust-Vet    -    20120323
F-Prot    -    20120325
F-Secure    -    20120325
Fortinet    -    20120324
GData    -    20120325
Ikarus    -    20120325
Jiangmin    -    20120324
K7AntiVirus    -    20120323
Kaspersky    -    20120325
McAfee    -    20120325
McAfee-GW-Edition    -    20120324
Microsoft    -    20120325
NOD32    -    20120325
Norman    -    20120324
nProtect    -    20120325
Panda    -    20120325
PCTools    -    20120323
Prevx    -    20120325
Rising    -    20120323
Sophos    -    20120325
SUPERAntiSpyware    Trojan.Agent/Gen-StartPage    20120323
Symantec    -    20120325
TheHacker    -    20120324
TrendMicro    -    20120325
TrendMicro-HouseCall    -    20120325
VBA32    -    20120323
VIPRE    -    20120325
ViRobot    -    20120324
VirusBuster    -    20120323

Tell me if it is enought..

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: Orkkongen on April 03, 2012, 05:55:19 PM

In the waiting time, you could have a look on my problem... :D ("Having fun with....") It seems like I have quite a lot in common with this thread... (well no more waiting time here... damn...)

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 03, 2012, 06:13:31 PM

Additional info..  :)

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 03, 2012, 07:03:54 PM

Hi,

Thanks for getting those for me.   Are you still using ZoneAlarm as your firewall by chance?
----------

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  

Code: [Select]

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21173:TCP"=-
"21173:UDP"=-
"11578:TCP"=-
"11578:UDP"=-


• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  (http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif)
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
  

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 03, 2012, 09:59:22 PM

Here the new Combofix log.

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 03, 2012, 10:07:04 PM

Hi,

Quote

Are you still using ZoneAlarm as your firewall by chance?

----------

Malwarebytes

I see that you have Malwarebytes already on your computer.  Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.

• Do not use this instance of your browser for anything besides doing this scan
• When the scan is complete and the results saved, close that instance of your browser
• Open a new one the usual way and post the results in this topic.

[list=1]

• Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan (http://eset.com/onlinescan)

• Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
• Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
  

• Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
  
• Click the Start button.
  
• Accept any security warnings from your browser.
• Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
  
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin

scanning your computer. Please be patient as this can take some time.

• When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
  
• Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
  
• Push the Back button.
  
• Push Finish
  

http://www.eset.com/onlinescan/
----------

In your next reply please attach the logs made by Malwarebytes and ESET online scanner.  :)

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 03, 2012, 10:34:41 PM

Jeff,

Remember the process services.exe is still running and it takes almost all my cpu, at least in Normal mode.
In safe mode i cannot disable completly my antivirus.. And it is always difficult to run something..

I try to do the steps you kindly suggest me..
I keep you informed..

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 03, 2012, 11:57:42 PM

Jeff..

Here the log of the last scan..
I have not finished the ESET Online Scan (50%), i will rescan my computer tomorrow..

Anyway i attached the results..

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 04, 2012, 03:10:17 AM

Quote

i will rescan my computer tomorrow..

Ok let me know.  :)

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 04, 2012, 10:00:45 PM

Jeff,

finally we have a Eset log... It is attached..
In the previous post you can find the Malwarebytes log..

Are we close to the solution??  :P :P

Thanks

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 04, 2012, 10:04:08 PM

Hi,

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  

Code: [Select]

File::
C:\Documents and Settings\Willy\My Documents\Download\SoftonicDownloader76569.exe
C:\Documents and Settings\Willy\My Documents\Download\Windows-Media-Player-Firefox-Plugin-1-0-0-8-Italian.exe
C:\Documents and Settings\Willy\My Documents\Programmi LEP\Nero.v.8.1.1.0 .exe


• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  (http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif)
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
  

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

In your next reply please attach the new ComboFix log and let me know how things are running now?  :)

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 04, 2012, 10:33:47 PM

Here the new Combofix log..

There still is the process Services.exe that take the 90% of my CPU.. This is the only problem, i think...

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 05, 2012, 11:28:58 AM

Jeff,

Any other suggestions to stop this process?

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 05, 2012, 01:31:44 PM

Hi,

Let's get a fresh scan and try to see what is using all that...

Run a new scan with OTL
In Custom Scans/Fixes put the following:

netsvcs

Press the Run Scan button and attach the logs created. 

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 05, 2012, 02:29:05 PM

Here the OTL log done in Safe Mode, because i can-t go to an end in Normal mode..

Consider that services.exe take 50-60 % of CPU in Safe Mode, and 85-95% in Normal mode..

In your opinion, do I have to format C?

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 05, 2012, 06:10:41 PM

I am not sure about formatting yet.  :)

You never mentioned whether or not you are still using ZoneAlarm.  In my experience that can be quite a resource hog.

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 05, 2012, 06:14:57 PM

Jeff,

I think this is not Zonealarm.. If I stop it nothing happens..
Could it be avast? And is there a problem to formatting?

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 05, 2012, 07:32:30 PM

Quote

is there a problem to formatting?

No there is not a problem at all.  As a matter of fact I recommend it every so often just to have a clean start and make sure everything is fresh and running right.  With the infection that you had, if it were my computer, I would format...but that is just me. 

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 05, 2012, 08:12:25 PM

Ok, i'm going to do it..

Thanks for all your support.. I will keep you informed if everything is going well..

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 05, 2012, 08:31:07 PM

Ok thanks for letting me know.  :)

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: willo.c on April 06, 2012, 02:39:11 PM

Jeff,

everything is done, my pc is well formatted.. No problems now..

Thank you again for supporting me..

Byee

Title: Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
Post by: jeffce on April 06, 2012, 07:58:19 PM

Ok...thanks for letting us know.   :D