Author Topic: "Rootkit: hidden boot sector" on Triple-Boot!  (Read 9396 times)

0 Members and 1 Guest are viewing this topic.

lafncow

  • Guest
"Rootkit: hidden boot sector" on Triple-Boot!
« on: June 13, 2008, 07:44:33 PM »
Hi, I've been a long time user of Avast, but just installed it on my Windows XP partition (other 2 partitions are Ubuntu & OSX via the Kalaway hack). I use GRUB to load my boot. So I installed & ran a boot-time scan to be greeted with:

Quote
A suspicious hidden object [rootkit] has been detected on your system. This may be a sign of a malware infection. It is recommended to remove the object immediately.
File name: MBR: \\.\PHYSICALDRIVE0
Type: Rootkit: hidden boot sector

yikes. Now, is this Avast getting cranky at my boot scheme or is this a real rootkit?! Having fixed my MBR once, I'd rather not botch it up again if I dont really have a rootkit. Many thanks to anyone that can help!

ardvark

  • Guest
Re: "Rootkit: hidden boot sector" on Triple-Boot!
« Reply #1 on: June 13, 2008, 10:45:43 PM »
Hi...

You might want to give Blacklight a try just to confirm. You can download it here....

http://www.f-secure.com/security_center/

It's under "downloads."

Best Regards...




lafncow

  • Guest
Re: "Rootkit: hidden boot sector" on Triple-Boot!
« Reply #2 on: June 13, 2008, 11:59:40 PM »
Thx Ardvark!   BlackLight says I'm clean, I think I'll try RUBotted by Trend Micro next...

lafncow

  • Guest
Re: "Rootkit: hidden boot sector" on Triple-Boot!
« Reply #3 on: June 14, 2008, 12:09:05 AM »
...which also says I'm clean (not that it detects rootkits, but it does detect spy / bot activity associated with them. So I'm going to cautiously let this one go, but if anyone knows anything about this (interaction of Avast and GRUB and the possibility of a false positive), please, PLEASE drop a line!  Thank you all!

ardvark

  • Guest
Re: "Rootkit: hidden boot sector" on Triple-Boot!
« Reply #4 on: June 14, 2008, 06:46:51 AM »
Hi...

You're welcome! :)

Glad I could help.

Best Regards...

lafncow

  • Guest
Re: "Rootkit: hidden boot sector" on Triple-Boot!
« Reply #5 on: June 21, 2008, 11:16:39 PM »
UPDATE:  so I got impatient, skipped backing up my MBR and decided to roll the dice on Avast knowing better than I do...and it does! I was indeed rootkitted and Avast correctly detected & fixed the issue without disrupting my MBR or GRUB!  Big thanks and kudos to Avast!

Pony_Girl

  • Guest
Re: "Rootkit: hidden boot sector" on Triple-Boot!
« Reply #6 on: February 01, 2011, 12:26:24 AM »
Hello. Brand new here. =)

Anyway, straight to the point - lafncow, I appear to have exactly the same problem as the one you have described in this thread. My Avast! is giving me the same messages saying the same thing.

I would be extremely grateful if you (or anybody here for that matter) could please give me instructions on what to do to sort out this problem, as I personally know hardly anything about this kind of computer stuff (literate, but only in CLAIT, Microsoft stuff and basic computing really)and I read that you managed to sort out your problem which seems to be identical to mine.

If anybody here can help me, I am more than happy to communicate via whatever medium is more convenient for you, listen carefully and do as I'm told (I admit, that as I've said, this is something I know very little about and I don't really have a clue as to how to go about this task by myself).

Thank-you all who have read this for your time, it is much appreciated. Best wishes. =)

Pony_Girl

  • Guest
Re: "Rootkit: hidden boot sector" on Triple-Boot!
« Reply #7 on: February 01, 2011, 12:36:46 AM »
By the way, just remembered and thought it might be useful for anybody wishing to help me, my antivirus is Avast! Free Antivirus, a downloaded antivirus.