Author Topic: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME  (Read 3544 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« on: January 13, 2018, 12:53:19 PM »
I've got virus named MBR:\\.\PHYSICALDRIVE0 Name Hurri i'm tried to delete it and it wont work and it says 0xc0000002 not implemented
 
so what i should do i've try to reinstal my windows but still have this virus

same problem like this threat : https://forum.avast.com/index.php?topic=134584.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #1 on: January 13, 2018, 01:09:48 PM »
what tool have you run that detect this? ... if it has a log, attach it

Instructions  >>  https://forum.avast.com/index.php?topic=194892.0



REDACTED

  • Guest
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #2 on: January 13, 2018, 01:21:12 PM »
I've install avast few minute ago and just notification that say your computer had rootkit threat hurri i've tried scan with tdsskiller it show nothing it say there is no rootkit in my computer when avast suggesting scan boot-time i do it and try delete the virus but wont then got code with 0xc0000002 not implemented now got no idea what should i do now

Thx for fast respond

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #3 on: January 13, 2018, 01:27:38 PM »
Quote
got no idea what should i do now............
Link to instructions posted above


REDACTED

  • Guest
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #4 on: January 13, 2018, 02:24:17 PM »
here is my log of MBAM scanning sorry about late

REDACTED

  • Guest
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #5 on: January 13, 2018, 02:28:40 PM »
Here is my scanning of FRST and Addition

REDACTED

  • Guest
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #6 on: January 13, 2018, 02:38:26 PM »
i had force close game/application before it this make contact with malware??


sorry for #badEnglish

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #7 on: January 13, 2018, 06:56:25 PM »
  • Open Notepad (click Start button -> type notepad.exe -> press Enter)
  • Copy text from code block below and paste it into Notepad
Code: [Select]
HKU\S-1-5-21-3035136888-3769285933-599706858-1000\...\Run: [MicrosoftRuntime] => C:\Users\Ari\AppData\Roaming\libraries\MicrosoftRuntimeUpdate.vbe [1457 2018-01-01] ()
CHR HomePage: Default -> hxxp://public-box.ru/start
CHR StartupUrls: Default -> "hxxp://public-box.ru/start","hxxp://go.mail.ru/?chverfix=1&fr=chverfix_sg"
VirusTotal: C:\Users\Ari\AppData\Roaming\libraries\MicrosoftRuntimeUpdate.vbe
C:\Users\Ari\AppData\Roaming\libraries
  • Go to File -> Save As
  • Make sure that  UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

REDACTED

  • Guest
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #8 on: January 13, 2018, 07:12:54 PM »
this is the fixlog

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #9 on: January 13, 2018, 08:29:54 PM »
What is the system status now?

REDACTED

  • Guest
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #10 on: January 13, 2018, 10:38:46 PM »
Emm my system now getting better than before i do it a scan twice with mbam then the result my computer now clear avast no popup a rootkit hurri notification

Ooh yeah by the way i had so much bluescreen of the dead (page_fault_in_nonpaged_area) and force close issue is it fixed?

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #11 on: January 14, 2018, 04:12:32 AM »
I don't understand. You are getting constant bluescreens or?