Author Topic: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME  (Read 252 times)

0 Members and 1 Guest are viewing this topic.

Offline Vi7

  • Newbie
  • *
  • Posts: 7
Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« on: January 13, 2018, 12:53:19 PM »
I've got virus named MBR:\\.\PHYSICALDRIVE0 Name Hurri i'm tried to delete it and it wont work and it says 0xc0000002 not implemented
 
so what i should do i've try to reinstal my windows but still have this virus

same problem like this threat : https://forum.avast.com/index.php?topic=134584.0

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33954
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #1 on: January 13, 2018, 01:09:48 PM »
what tool have you run that detect this? ... if it has a log, attach it

Instructions  >>  https://forum.avast.com/index.php?topic=194892.0


Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Vi7

  • Newbie
  • *
  • Posts: 7
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #2 on: January 13, 2018, 01:21:12 PM »
I've install avast few minute ago and just notification that say your computer had rootkit threat hurri i've tried scan with tdsskiller it show nothing it say there is no rootkit in my computer when avast suggesting scan boot-time i do it and try delete the virus but wont then got code with 0xc0000002 not implemented now got no idea what should i do now

Thx for fast respond

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33954
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #3 on: January 13, 2018, 01:27:38 PM »
Quote
got no idea what should i do now............
Link to instructions posted above

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Vi7

  • Newbie
  • *
  • Posts: 7
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #4 on: January 13, 2018, 02:24:17 PM »
here is my log of MBAM scanning sorry about late

Offline Vi7

  • Newbie
  • *
  • Posts: 7
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #5 on: January 13, 2018, 02:28:40 PM »
Here is my scanning of FRST and Addition

Offline Vi7

  • Newbie
  • *
  • Posts: 7
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #6 on: January 13, 2018, 02:38:26 PM »
i had force close game/application before it this make contact with malware??


sorry for #badEnglish

Offline Sass Drake

  • MyCity AMF R2
  • Sr. Member
  • ****
  • Posts: 297
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #7 on: January 13, 2018, 06:56:25 PM »
  • Open Notepad (click Start button -> type notepad.exe -> press Enter)
  • Copy text from code block below and paste it into Notepad
Code: [Select]
HKU\S-1-5-21-3035136888-3769285933-599706858-1000\...\Run: [MicrosoftRuntime] => C:\Users\Ari\AppData\Roaming\libraries\MicrosoftRuntimeUpdate.vbe [1457 2018-01-01] ()
CHR HomePage: Default -> hxxp://public-box.ru/start
CHR StartupUrls: Default -> "hxxp://public-box.ru/start","hxxp://go.mail.ru/?chverfix=1&fr=chverfix_sg"
VirusTotal: C:\Users\Ari\AppData\Roaming\libraries\MicrosoftRuntimeUpdate.vbe
C:\Users\Ari\AppData\Roaming\libraries
  • Go to File -> Save As
  • Make sure that  UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Offline Vi7

  • Newbie
  • *
  • Posts: 7
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #8 on: January 13, 2018, 07:12:54 PM »
this is the fixlog

Offline Sass Drake

  • MyCity AMF R2
  • Sr. Member
  • ****
  • Posts: 297
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #9 on: January 13, 2018, 08:29:54 PM »
What is the system status now?

Offline Vi7

  • Newbie
  • *
  • Posts: 7
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #10 on: January 13, 2018, 10:38:46 PM »
Emm my system now getting better than before i do it a scan twice with mbam then the result my computer now clear avast no popup a rootkit hurri notification

Ooh yeah by the way i had so much bluescreen of the dead (page_fault_in_nonpaged_area) and force close issue is it fixed?

Offline Sass Drake

  • MyCity AMF R2
  • Sr. Member
  • ****
  • Posts: 297
Re: Rootkit infected MBR.\\.\PHYSICALDRIVE0 HELP ME
« Reply #11 on: January 14, 2018, 04:12:32 AM »
I don't understand. You are getting constant bluescreens or?