Author Topic: Help - Rootkit MBR Found - Now What?  (Read 3191 times)

0 Members and 1 Guest are viewing this topic.

Offline RDT

  • Newbie
  • *
  • Posts: 3
Help - Rootkit MBR Found - Now What?
« on: April 11, 2008, 07:56:15 PM »
Hello all and thanks in advance for your time reading my thread.  Yesterday I came home from work and woke my desktop from hibernation.  When doing so, I see "A Rootkit was Found" dialog box from Avast on the screen.  I am running XP Media Center with SP2.  Avast is 4.8 with the latest detections file loaded. 

I told Avast to delete the file and shortly thereafter, another dialog box pops up stating that a boot scan is recommended because there is a virus and a hidden file was found.  The file name was MBR: \\.\PHYSICALDRIVE0.  And as I recall it was a pretty serious tone in the dialog text, just do not remember it all.

The bootup scan ran for quite some time.  Found a file or two that had the win32: VB-GMR [trG] problem and told it to delete them.  However, the problem did not go away.  The boot finished and the process started all over again. I have tried the above sequence a few times with the same results.

Have been doing some reading about this problem these past few hours and it looks like I got a big problem on my hands.  There does not seem to be a way to correct this problem if the operating system starts before any corrective measures that I can throw at it.  Thus the reason for the lack of success of removing it from my machine - I think.

I also downloaded other rootkit identifying tools from Panda, GMER, and AVG.  I have run these but they do not find the any rootkits on my system.  Also ran spybot and Adaware just to make sure there were not other problems.  They both came back negative.  Am I seeing a false positive from Avast?  If not, what are the steps to get rid of this?  Any help is greatly appreciated.

Steve

Offline calcu007

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 482
  • I'm lamma!
Re: Help - Rootkit MBR Found - Now What?
« Reply #1 on: April 11, 2008, 08:18:15 PM »
Download the avast beta it has inproved the rootkit MbR desinfection. Also  disable the system restore of winxp before you made the scan
Asus Intel i7 8GB RAM , Win 8.1 64 bit, Avast IS

Offline RDT

  • Newbie
  • *
  • Posts: 3
Re: Help - Rootkit MBR Found - Now What?
« Reply #2 on: April 11, 2008, 08:26:44 PM »
Download the avast beta it has inproved the rootkit MbR desinfection. Also  disable the system restore of winxp before you made the scan

Where do you find the latest beta version?  Went here - http://www.avast.com/eng/beta_products.html and there were none listed. 

Thanks,
Steve

Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 82708
  • No support PMs thanks
Re: Help - Rootkit MBR Found - Now What?
« Reply #3 on: April 11, 2008, 09:29:16 PM »
Check out this Topic and instructions, http://forum.avast.com/index.php?topic=34612.0.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.1.2397 (build 20.1.5069.558) UI-1.0.460/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline RDT

  • Newbie
  • *
  • Posts: 3
Re: Help - Rootkit MBR Found - Now What?
« Reply #4 on: April 12, 2008, 01:54:10 PM »
Thanks you for the link to the beta and advice.  Installed the beta and it cleared all my problems up.

Thanks again,
Steve

Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 82708
  • No support PMs thanks
Re: Help - Rootkit MBR Found - Now What?
« Reply #5 on: April 12, 2008, 02:33:33 PM »
No problem, glad your problem is resolved and I could help.

Welcome to the forums.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.1.2397 (build 20.1.5069.558) UI-1.0.460/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro