Author Topic: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0  (Read 8365 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« on: October 14, 2015, 10:19:36 AM »
Hello. My computer runs on Windows 7 Ultimate 32-bit Operating System. My processor is an AMDA4-4020 with Radeon(tm)HD Graphics. I have 2GB of installed RAM. The Windows 7 Ultimate has been recently installed cleanly and in the process of being updated. When I downloaded Avast! Free Antivirus 2015 and ran a full-system scan, it came up with the result that there was a virus.



Once clicked on DETAILED REPORT, it would display this.



I tried the prompts suggested but came up with the message "Error: This function is not supported on this system 120."

I tried a boot-time scan. And it was able to detect some file corruptions but it didn't come up with suggestions on how to deal with them. Once my computer has finished the scan ans reverted back to the normal display, a warning from Avast pops up prompting me to delete a suspicious item called MBR: \\.\PHYSICALDRIVE0 infected with Hurri as the threat is supposedly HIGH. I repeated the boot-time scan using the prompt from Avast. It was able to detect the MBR but when presented with ten choices on how to deal with it... I tried pressing 5 for delete but it will come up with the reply (NOT COMPLETED) and present me with the same set of options again.
I can neither Move To Chest or choose to IGNORE or choose to FIX AUTOMATICALLY.
Once Windows 7 has loaded completely after the scan the same warning would pop up.
I've tried Malwarebytes and Malwarebytes AntiRootkit BETA. Malwarebytes couldn't find the MBR. Malware AntiRootkit could detect it but after the scan says that I don't need any CLEANUP. I've also tried GMER, and although it detected the MBR, it was not highlighted in RED and when I right click on it it offers no other choices except RESTORE.

My computer is behaving well. There has been no noticeable lag. My Windows Firewall is turned on, My Windows updates are installing well. All my programs load well too. I'm just really annoyed with the constant prompts from Avast ans I have no idea how severe this is.
As i have already invested a lot of time and effort doing the updates, I hope there's a better solution to this other than a reformatting.

I hope someone can help?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #1 on: October 14, 2015, 10:37:48 AM »
Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

PS: Your screenshots are unreadable.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

REDACTED

  • Guest
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #2 on: October 14, 2015, 12:07:38 PM »
Attached requested logs.
I've tried including a scan for rootkits with MBAM and the result was still 0.
I have tried aswMBR but half-way through the scan the program stopped working.
During the first can it was able to detect MBR infected with Hurri but as it has stopped working halfway through, I have no log.
The aswMBR log I attached here was from my second try and as you can see there are notifications for scan errors.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #3 on: October 14, 2015, 12:20:24 PM »
Try run aswMBR from safe mode


REDACTED

  • Guest
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #4 on: October 14, 2015, 12:30:49 PM »
Was able to do a quick scan using aswMBR after rebooting my computer and here are my log results.
It also created an MBR.dat file.
What should I do next?
Also tried out Kaspersky  tdsskiller.
results showed 0 after finishing scan.
« Last Edit: October 14, 2015, 02:13:23 PM by jjmeh »

REDACTED

  • Guest
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #5 on: October 14, 2015, 02:11:13 PM »
Succeeded with second try of aswMBR after I restarted my computer.
attached are the log results.
MBR.dat file was also created.
What do I need to do next?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #6 on: October 14, 2015, 04:13:51 PM »
OK lets get a second opinion on this :)

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system  and Use KSN to scan objects , then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

REDACTED

  • Guest
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #7 on: October 15, 2015, 04:15:12 AM »
As requested, the scan results from TDSSKiller. results say 0 on all categories.
Attached also a NEW aswMBR log after a recent important update for Windows 7 on malicious software removal.
As you can see from the log, it has detected the MBR again.
My computer continues to run smoothly.
Applications react quick and perform well. Firewall is up.
Updates are installed on schedule.

« Last Edit: October 15, 2015, 05:35:35 AM by jjmeh »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #8 on: October 15, 2015, 04:03:10 PM »
On your desktop should be a file  aswmbr.dat   could you rename that to asmbr.txt and attach to your next post

REDACTED

  • Guest
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #9 on: October 16, 2015, 12:06:45 AM »
Here you go.
This was originally the MBR.dat file that was generated after I scanned using aswMBR.
Renamed and attached as requested.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #10 on: October 16, 2015, 02:02:49 PM »
I am surprised that TDSSKiller did not remove this as it is an MBR infection
https://www.virustotal.com/en/file/a47702bb1c8bdeafe7c441b3f21bc45af6160b82d13c412cdcbad1e4bcfcbfb2/analysis/1444996676/

Run AswMBR again if the fix option is available then use that, if not let me know 

REDACTED

  • Guest
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #11 on: October 17, 2015, 09:59:12 AM »
Hello. I ran aswMBR again as suggested. Attached a screencap of the actual results on screen.
As you can see, the only option I have available to me is FIX MBR.
Do I go with that or it has to be just the FIX option?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #12 on: October 17, 2015, 11:17:25 AM »
OK we will now replace the MBR

Run AswMBR and press Fixmbr
Accept the warnings
A reboot should be done by AswMBR

When rebooted re-run AswMBR

REDACTED

  • Guest
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #13 on: October 19, 2015, 02:28:39 AM »
Was finally able to apply the suggested actions. Attached is a screencap of the aswMBR scan and what it said after I clicked the FIX MBR. I received no prompt coming from aswMBR to reboot. So I restarted the computer on my own.



After the manual reboot, I ran aswMBR again and it detected MBR but this time there was no infection detected. I did a full scan using my Avast also and came up clear.



Thank you so very much for the help!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: HELP!!! Avast detects MBR:\\.\PHYSICALDRIVE0
« Reply #14 on: October 19, 2015, 04:01:22 PM »
An unusual one that as TDSSkiller normally kills them in an instant

Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Remove tools

Download and run Delfix
Select the options as shown


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme  ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe  :wave: