Author Topic: Black Internet? (Read 7275 times)

epicelite · « **Reply #15 on:** January 21, 2011, 08:04:12 PM »

Well MBRchecker still says I have it so I dunno. :|

If I backup my stuff to a second partition, and format the windows installed one?
Will it like copy itself to my other partition too? :|

essexboy · « **Reply #16 on:** January 21, 2011, 08:56:45 PM »

MBRCheck fixed the MBR - see the bolded part at the bottom. If you want confirmation then re-run MBRcheck as per the initial run

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:      Windows XP Home Edition
Windows Information:      Service Pack 3 (build 2600)
Logical Drives Mask:      0x0000003d

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002e`031b3200 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500KS-00MJB0, Rev: 02.01C03

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 55D22FACFA0250F2B3D94EC565072522D6388C82

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix
Done!.

epicelite · « **Reply #17 on:** January 21, 2011, 10:10:41 PM »

Yeah I rebooted but when I run MBRchecker it still says it found bad MBR/black internet. :|

essexboy · « **Reply #18 on:** January 21, 2011, 10:11:58 PM »

OK new tool time, I gues it was only time before they circumvented that programme

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

[color="#FF0000"]Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop[/color]

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

epicelite · « **Reply #19 on:** January 22, 2011, 03:04:55 AM »

Here it is, only took 3 hours.

essexboy · « **Reply #20 on:** January 22, 2011, 02:00:32 PM »

OK lets use combofix to install the recovery console, if Kas could not repair then there is only an outside chance that Combofix will - so we will need to do a fixmbr from the recovery console

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

epicelite · « **Reply #21 on:** January 22, 2011, 07:59:12 PM »

I will just format then.

Can this thing copy itself to my backup partition that's on the same HDD?

Thanks for your assistance.

essexboy · « **Reply #22 on:** January 22, 2011, 08:56:21 PM »

No it will only use active partitions

epicelite · « **Reply #23 on:** January 22, 2011, 09:37:38 PM »

What does active partition mean? The one with windows installed on it? :\

essexboy · « **Reply #24 on:** January 22, 2011, 11:02:17 PM »

Yes that is correct as that is the bootable one

Author Topic: Black Internet? (Read 7275 times)

epicelite

Re: Black Internet?

essexboy

Re: Black Internet?

epicelite

Re: Black Internet?

essexboy

Re: Black Internet?

epicelite

Re: Black Internet?

essexboy

Re: Black Internet?

epicelite

Re: Black Internet?

essexboy

Re: Black Internet?

epicelite

Re: Black Internet?

essexboy

Re: Black Internet?