file name :disk 0 Master Boot Record . status : Threat:Whistler

[antonopoul0s]

Hello.
My name is alexandros and here are the avast informations threat.
when i do the full scan it says:

file name :disk 0 Master Boot Record .
Severity: high
status : Threat:Whistler-B@mbr [Rtk]

      and one time find:

file name MRB:\\.\PHYSICALDRIVE0
saverity high
status threat:Rootkit:hidden boot-sector

my PC does not have (almost) any problem.. exept some erros like that:

to window defender command line ulitity has a problem and need to get close
more informations szAppName:MpCmdRun.exe szAppVer:1.1.1593.0 szModName: ntdll.dll
SzModVer:5.1.2600.2180 offset:00018fea
morew informations c:\DOCUME~1/alekos\LOCALS~1\Temp\WER8088.dir00\MpCRun.exe.mdmp
               C:\DOCUME~1/alekos\LOCALS~1\Temp\WER8088.dir00\appcpmpat.tx
but this erros my pc saws only 2-3 times!

the main problem is that , i conect my PC on the internet but
after a few minutes i am disconected! if i restart my PC i can be
conected to the internet again.. but after a few minutes is disconected again.
how can fix it..? in a full scan i can not apply any action.
and in a boot time it just say that mbr 0 is infected.
can i fixed that without a format?
have XP windows. i really don't have a lot of excepirience with PC because
i did not really need to do something like that again.
( i am new here. i use 3 years the avast and i did not even know that
this forum exist i hope that when some one respond i 'll be informed
via e-mail. PLEASE try to help my with as easy english as possible,
as you can see my english are not very good. you can also find me in fb as : alex antono .)
thanks for your time!

[mikaelrask]

welcome to the forum.

i think there is no problem with your english.

i suggest you do a boot scan with avast. and if avast finds any threats during the scan get avast the order to send them to the chest.

http://www.schmahl.net/avastbootscan.php - link to instruction how to make a boot scan.

second download, install, scan with malwarebyte antimalware, don't forget to update its database before you do a scan.

http://filehippo.com/download_malwarebytes_anti_malware/ - link to malwarebytes.

if you still having problem after this two scans, i suggest you do a scan with hijack this and post the result here.

http://filehippo.com/download_hijackthis/- link to hijack this.

good luck and let us know on the progress or if you need more support.

[essexboy]

I would also recommend a run with ASWMbr

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it


Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

[antonopoul0s]

i did the boot scan , i scan with malwarebyte , and there was no result!
With the hijacks i dodn't know what i must "fix" :S
i aslo try and tehe aswMBR . i scan my pc and the picture below shows
the results!

[antonopoul0s]

shit i don't know how to input an image! hahahaha :S

[YoKenny]

s**t i don't know how to input an image! hahahaha :S

How to post an image:
How to attach a Picture or File on the forum:
http://forum.avast.com/index.php?topic=8982.0

[essexboy]

New piccies I have just revamped the instruction to take account of additional options

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it


Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[Left123]

Geia sou file,o whistler einai ena bootkit mpwreis na matheis perissotera edw : http://blog.novirusthanks.org/2010/02/whistler-bootkit-a-new-powerful-windows-bootkit/
Efoson o essexboy einai edw min anisixeis .
He is from greece so i gave him some info about whistler+that he doesn't need to worry since essexboy has joined the topic.
Regards

[antonopoul0s]

euxaristw gia thn pliforia filos!
here is the result in the aswMBR

[Left123]

Mpwreis na me kaneis add facebook kai na mou les ta problimata sou opote 8es add : MeKakao Filippao

[antonopoul0s]

euxaristw filos alla den se vriskei!

[essexboy]

That shows no indication of whistler

Please read carefully and follow these steps. 

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
   
   
  
   
   
  
• If an infected file is detected, the default action will be Cure, click on Continue.
   
   
  
   
   
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
   
   
  
   
   
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   
   
  
   
   
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

[antonopoul0s]

i download it and i did step step what you say.. after the scan didn't say about the rebut
it was a message which i include as the first picture with.. i pick the "no" option
an then it saws the mesagge about rebut which is in the second picture! now i am going to
reboot!  i don't know what to expect! :S i am p..ssy

[antonopoul0s]

after the reboot i run again the tdds and i did not pick the start scan but the report
an txt open with this infos :

2011/03/17 03:36:31.0000 0748   TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/17 03:36:31.0468 0748   ================================================================================
2011/03/17 03:36:31.0468 0748   SystemInfo:
2011/03/17 03:36:31.0468 0748   
2011/03/17 03:36:31.0468 0748   OS Version: 5.1.2600 ServicePack: 3.0
2011/03/17 03:36:31.0468 0748   Product type: Workstation
2011/03/17 03:36:31.0468 0748   ComputerName: USER-BBC07F4DC3
2011/03/17 03:36:31.0468 0748   UserName: alekos
2011/03/17 03:36:31.0468 0748   Windows directory: C:\WINDOWS
2011/03/17 03:36:31.0468 0748   System windows directory: C:\WINDOWS
2011/03/17 03:36:31.0468 0748   Processor architecture: Intel x86
2011/03/17 03:36:31.0468 0748   Number of processors: 2
2011/03/17 03:36:31.0468 0748   Page size: 0x1000
2011/03/17 03:36:31.0468 0748   Boot type: Normal boot
2011/03/17 03:36:31.0468 0748   ================================================================================
2011/03/17 03:36:35.0906 0748   Initialize success

[essexboy]

On your desktop will be a file called MBR.dat could you add that to the virus chest and then upload to the virus lab - for comments put in undetected MBR infection

To add to the virus chest :

Open Avast and select Maintenance > Virus chest
Right click in the white area to the right and select Add
Browse to MBR.dat and select
Once it is in the chest right click the file and select Send to Virus labs

Is Avast still alerting ?