MBR:Cidox-E [rtk] - Avast can not remove

[essexboy]

Is Avast still alerting ?

[REDACTED]

Unfortunately, yes

[essexboy]

Could you run AswMBR once again please and we will see if that can fix it

[REDACTED]

It is still crashing at atapi.sys during the services scan.

[essexboy]

That is Avast anti rootkit and has not been updated for at least a year

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan




On completion of the scan click save log, save it to your desktop and post in your next reply

[REDACTED]

The log I attached may not be the most recent, in fact it may have been create during a scan in safe mode. But that is the same version I have been running. It crashes at atapi.sys every time.

[essexboy]

Hmm this is weird as none of the other tools are even hinting at cidox

So lets run a scan with windows and the MBR inactive

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop

• Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
• Launch drwebliveusb.exe.
• The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).

• To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
• Files will be copied automatically.
• Once the copying process is completed, press the Exit button to close the application.
• Reboot the infected computer with the USB in the drive
• Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  
• As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

• Use arrow keys to select  DrWeb-LiveCD (Default)

• Press select objects for scanning

• When the system is loaded, check the disks or folders you want to scan, and click on Start.
• The programme will now scan for and cure/delete any malware that it finds.  Allow it to do so 

• When it has completed

• Select Open Report and copy to the USB
• Once completed reboot to normal windows, and attach the report here

[REDACTED]

I ran the scanner a few times and it found around 50 or so items to fix and fixed them. I never did see the option to "open report" but I found the name of the log file in the help section and did a search for it. It's too big so I split it up into 3 parts. There are 2 - 4 items that it repeatedly finds in between scans and booting into windows. Something about UserInit if I remember correctly.

[REDACTED]

Part 2 of 3

[REDACTED]

Part 3 of 3

[essexboy]

Is Avast still alerting ?

[REDACTED]

Yes, Avast is still alerting

[essexboy]

Could you do the following :

Go to > Control panel > administrative tools > computer management > storage > disc management
Then take a screen shot and post it here

 

[REDACTED]

Screenshot

[essexboy]

Have you tried the Delete now option ? 

It looks as though it may be alerting on the 10Gb EISA partition which is a restore partition