Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: zpupster on April 05, 2012, 12:38:56 AM
-
hello support,
SOS!!
MBR rootkit
Alureon-M[rtk]
I need instructions on how to remove
thanks,
craig
-
we do that in the virus and worms forum section ;) http://forum.avast.com/index.php?board=4.0
Follow this guide and attach logs from malwarebytes quick scan / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0
it may take several hours before any of the removal specialists arrive....so be patient
-
thanks for the reply and direction.
craig
-
hello support,
i am trying to run in safe mode but aswMBR keeps crashing.
i shows the Alureon-M in the boot record but when scanning further it stops.
thanks,
craig
-
just attach the logs you are able to and Essexboy will help you when he arrive
-
Try running aswMBR again but Select 'None' in the AV Scan: drop down list.
-
Hi there are two things you could try for me
First :
Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
(http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg)
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
(http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg)
- Click the Start Scan button.
(http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg)
- If a suspicious object is detected, the default action will be Skip, click on Continue.
(http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg)
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
(http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg)
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Then :
Go start > Run
Type diskmgmt.msc
The disc management console will open
Ensure that all drives are visible by expanding the view
Take a screenshot and attach to your next post
-
@ essexboy
We are getting some duplication of effort here (by essexboy and others) as zpupster has two topics on the go, this one and one in the viruses and worms forum, http://forum.avast.com/index.php?topic=96755.0 (http://forum.avast.com/index.php?topic=96755.0) with all of the logs.
-
Ah did not check the names - unsubscribing from this ;D