Fake anti-spyware blocked my PC! Help!

[Chrissiee]

Every time I log on Avast scans and finds 2 Rootkit attacks which are impossible to remove: C:\\Windows\System32\sychost.exe and MBR:\\...PHYSICALDRIVE0. The PC is very slow, quickly heats up, and CPU usage almost always 100%. I need my PC for work. I would appreciate if anyone out there could help. Thanks.

[magna86]

Hi...

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs:
         1. DDS.txt
         2. Attach.txt

# Save both reports to your desktop. Attach DDS.txt back to topic.

[ANHTHU5991]

the problem is your master boot record. You should boot from the windows 7 Cd and choose "Repair your computer" option. Then, "System Recovery Options" window appears, click "next" and choose "Command Prompt".
A black window appears, type bootrec /fixboot
Then enter
That is complete

[nmb]

@ANHTHU5991
Again. Such things cannot be fixed very easily with windows rescue disc. Because the user should first of all use windows 7(As you have stated - but does he use windows 7?), even after fixing the the mbr, there might still be a infection lurking and hence advanced removal is required. Probably redirecting the user to a malware helper like essexboy would help, I have done that.

[ANHTHU5991]

i have problem with my computer when my antivirus software detects virus in mbr. I tried fixmbr, and it works. If people don't use win 7, they can try fixing mbr with windows xp. Antivirus software is not always detects a real virus

[Asyn]

Probably redirecting the user to a malware helper like would help, I have done that.

No need, imo.
The OP didn't answer at all.

[nmb]

No need, imo.
The OP didn't answer at all.

yeah, you're right . But I wanted ANHTHU5991 to know that redirecting to a expert would be a better option in case of rootkit infections.

[Asyn]

But I wanted ANHTHU5991 to know that redirecting to a expert would be a better option in case of rootkit infections.

Ah, ok.

[ANHTHU5991]

ok. Thanks for you opinion, anyway 

[Left123]

i have problem with my computer when my antivirus software detects virus in mbr. I tried fixmbr, and it works. If people don't use win 7, they can try fixing mbr with windows xp. Antivirus software is not always detects a real virus

First,You must remove the bootkit/rootkit and then try to fix your MBR.Otherwise the virus will continue infect the mbr in every restart.

[essexboy]

If you have a TDL4 infection and run fixmbr - you may not be able to boot again

[Left123]

If you have a TDL4 infection and run fixmbr - you may not be able to boot again

Ye agree,i've seen that happenning couple of times.