known bad mbr code detected whistler black internet

[akadeadbeat]

http://forum.avast.com/index.php?topic=61890.0

i have the same issues less the clicking noise and the voice pop ups are constant as the ie explorer page pop ups and this has been going on for months !  i followed essex's instructions and restart to still have issues and still finding this with mbr check. please help lol avast finds nothing

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:                Windows XP Home Edition
Windows Information:            Service Pack 3 (build 2600)
Logical Drives Mask:            0x0000000c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00  (NTFS)

      Size  Device Name          MBR Status
  --------------------------------------------
     37 GB  \\.\PhysicalDrive0   Known-bad MBR code detected (Whistler / Black I
nternet)!
            SHA1: 55D22FACFA0250F2B3D94EC565072522D6388C82


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
 [ 0] Default (Windows XP)
 [ 1] Windows XP
 [ 2] Windows Server 2003
 [ 3] Windows Vista
 [ 4] Windows 2008
 [ 5] Windows 7
 [-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Press ENTER to exit...
 

[Pondus]

Follow this guide from our expert malware remover Essexboy, and post the log`s here
http://forum.avast.com/index.php?topic=53253.0

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. and Malwarebytes scan log)


Essexboy will be notified when you have posted the log`s

[akadeadbeat]

ty lets see what i can screw up 

[akadeadbeat]

here they are   please tell me if this is good?

[Pondus]

Looks fine.......you seem to have tested lots of virus scanners 

Essexboy is notified, he usually arrives late uk time, so in about 5-6 hours......

[essexboy]

Hi lets get rid of black internet first - this can be done whilst I look at the logs

• Run MBRCheck.exe
• Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  
• Please push the 'Y' key and then press Enter
• When program ask you Enter your choice: enter 2 and press the Enter key
  
• Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  
• Enter 0 and press the Enter key.
  
• The program will show Available MBR codes:, followed by a list of operating systems.  Please enter [ 1] Windows XP, and then press Enter.
  
• The program will prompt for confirmation.  Type YES and press Enter (Must type the full word, YES). You will be informed if successfully wrote a new MBR code!
  
• A text file will be saved to your desktop
• Paste that report into your next post
• Restart your PC.

OTL FIX

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\nlopvlh.sys -- (tvcklxs)
  O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O3 - HKU\S-1-5-21-2933267661-3459406812-908886527-1011\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  [2010/11/19 20:49:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\vtscheduletask.job
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

[akadeadbeat]

ok boss here is mbr report

[essexboy]

OK lets approach from a different direction

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[akadeadbeat]

1 combo fix log coming up sir  

[essexboy]

Could you run another scan with MBRCheck please - Combofix took two goes to kill it

[akadeadbeat]

going for it now boss thank you =P combofix took out a rootkit right off the start! wear a condom near this computer or you will get a ctd


wow everything is SOOOOOOOO much better  so much thanks

[essexboy]

Aye but it took two goes 

What are your current problems - before I remove my tools ?

[akadeadbeat]

 only thing i notice is sound is scratchy lol but at least it isnt reducing on its own and no sound pop ups malware should be scared with you as sheriff lol

[essexboy]

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

 Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done

Click Start > Run  and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself.  MBAM can be uninstalled via control panel add/remove along with ERUNT.  But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
• Click OK.

SPRING CLEAN
 
Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
  Malwarebytes.  Run weekly to keep your system clean
  

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update
  

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
Keep safe  :wave: