Author Topic: aswMBR says 'unknown MBR code' should I worry ?  (Read 12499 times)

0 Members and 1 Guest are viewing this topic.

Stang

  • Guest
aswMBR says 'unknown MBR code' should I worry ?
« on: May 15, 2011, 07:29:38 PM »
Is this a problem ?  I have attached the log.

Thanks

UPDATE by the way all scans (Avast and MBAM) are all clean
« Last Edit: May 15, 2011, 07:32:49 PM by Stang »

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1048
  • Proud Community Member&Helper.
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #1 on: May 15, 2011, 08:38:04 PM »
No.
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

m00nbl00d

  • Guest
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #2 on: May 16, 2011, 02:55:31 AM »
No.

Is it a bug, making it display that message?

timcan

  • Guest
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #3 on: May 17, 2011, 01:47:37 PM »
No.

Is it a bug, making it display that message?
Just a guess, possibly a non windows boot manager.
I have grub4dos as a boot manager and I get that "unknown mbr code" message.

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1048
  • Proud Community Member&Helper.
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #4 on: May 17, 2011, 01:54:59 PM »
No.

Is it a bug, making it display that message?
Probably modified master boot record code.
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88896
  • No support PMs thanks
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #5 on: May 17, 2011, 03:25:35 PM »
Whist it could be related to a different boot manager, I don't know if that would also change the MBR.

However, your  aswMBR.txt content is almost identical to another were the Aluron rootkit has been confirmed and if correct you are going to need investigate further and if confirmed help to remove it.

See this topic, the one starting on page 2 for drankinboy http://forum.avast.com/index.php?topic=77998.msg645836#msg645836.

Whilst essexboy won't be back on the forums until this evening (UK time), you could run the OTS tool and post the log so he has something else to work with.

Quote from: essexboy
Unfortunately no two attacks are the same so first I will need to see what you have.

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

Why was it that you ran aswMBR in the first place ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Stang

  • Guest
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #6 on: May 17, 2011, 06:53:21 PM »

Why was it that you ran aswMBR in the first place ?


A while back I had several viruses including rootkit.  Essexboy helped me through those issues.  Lately my pc just seemed to be very slow from time to time and aswMBR seemed a simple non-invasive way to check my MBR.  Last time I used a varitey of tools including ComboFix under direction of EB.

I see a few posts with the same 'unknown MBR code' message so  I suspect I am OK.

Thanks

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #7 on: May 17, 2011, 07:39:48 PM »
Is your system a Dell ?

Stang

  • Guest
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #8 on: May 17, 2011, 07:44:32 PM »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #9 on: May 17, 2011, 08:33:01 PM »
OK Dell have a unique MBR that allows you to access the recovery partition, if the MBR is replaced by a standard file then you will lose access to the recovery partition and it is a pain to restore it  ;D

Stang

  • Guest
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #10 on: May 17, 2011, 08:37:51 PM »
Thanks!  one of these days i might have to breakdown and get a new laptop anyway.  For  now all is well and i will save me pennies.


Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88896
  • No support PMs thanks
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #11 on: May 17, 2011, 08:45:55 PM »
OK Dell have a unique MBR that allows you to access the recovery partition, if the MBR is replaced by a standard file then you will lose access to the recovery partition and it is a pain to restore it  ;D

That is very interesting.

I guess if a DELL gets an MBR Rootkit they are stuffed for doing a factory restore, as they won't be able to get the custom MBR back (or can they). So no access to the modified/unique MBR if a fixMBR replaces it with a clean standard MBR ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #12 on: May 17, 2011, 08:52:07 PM »
Correct we give them the option of no access to the recovery partition for a while - or continued MBR infection - that does focus their mind somewhat

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88896
  • No support PMs thanks
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #13 on: May 17, 2011, 09:28:23 PM »
Correct we give them the option of no access to the recovery partition for a while - or continued MBR infection - that does focus their mind somewhat

So presumably this is a fix the problem first, e.g. remove the MBR rootkit setting a standard MBR and at a later point try to change the MBR to the Dell unique one if possible.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: aswMBR says 'unknown MBR code' should I worry ?
« Reply #14 on: May 17, 2011, 09:38:46 PM »
Aye - it is possible to revert but it does require some fiddling with the system to download and install the MBR.  The only other alternative is a full factory restore