Author Topic: Win32 MBRoot - J[Trj] detected  (Read 50768 times)

0 Members and 1 Guest are viewing this topic.

noridge

  • Guest
Re: Win32 MBRoot - J[Trj] detected
« Reply #45 on: May 25, 2011, 10:34:29 AM »
as an update i have noticed that my default browser has somehow been reset and now firefox just will not accept being the default. i have researched this and done all of the suggested methods (running as administrator, run commands, toggling between browsers, control panel > add remove programs > set program access and defaults etc) but with no luck.

could that be caused by a registry key change during the clean up process?

SafeSurf

  • Guest
Re: Win32 MBRoot - J[Trj] detected
« Reply #46 on: May 25, 2011, 10:43:55 AM »
Did you double check in FF that FF is your default browser?  Go to Tools > Options > Advanced.

Edit:  I would run another scan with Avast and MBAM.  Can you please run a fresh OTS log and post as an attachment?

I have also notified Essexboy to check in with you regarding your issue.  Let us know if you have any questions.  Thank you.
« Last Edit: May 25, 2011, 10:51:10 AM by SafeSurf »

noridge

  • Guest
Re: Win32 MBRoot - J[Trj] detected
« Reply #47 on: May 25, 2011, 10:50:03 AM »
hi SafeSurf

yep like i say ive tried all of the obvious methods.

when i go to options > advanced > check if ff is your default browser it always says that it is not my default browser and would i like to change it, but it never changes.

(sorry i realise this might not be an Avast! issue but it did start occurring after all the scans i ran so i figured it could have been caused during that process)

SafeSurf

  • Guest
Re: Win32 MBRoot - J[Trj] detected
« Reply #48 on: May 25, 2011, 10:51:54 AM »
OK....I just edited my post above.  See additional instructions and I have also notified Essexboy to check in with you.

noridge

  • Guest
Re: Win32 MBRoot - J[Trj] detected
« Reply #49 on: May 25, 2011, 10:54:47 AM »
thanks for that. i will redo those scans.

SafeSurf

  • Guest
Re: Win32 MBRoot - J[Trj] detected
« Reply #50 on: May 25, 2011, 11:00:12 AM »
The OTS log will tell us if anything is left over from the clean up or any malware as well.  Please post that as an attachment. 

The other scans you can let us know if clean; if infected, give a screen shot of Avast and MBAM give an attachment of log.  Thanks.

noridge

  • Guest
Re: Win32 MBRoot - J[Trj] detected
« Reply #51 on: May 25, 2011, 10:05:32 PM »
the avast scan was clean no threats.

here's my mbam log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6675

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25/05/2011 20:13:29
mbam-log-2011-05-25 (20-13-29).txt

Scan type: Quick scan
Objects scanned: 161723
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



and i have attached my latest ots log.

thanks!

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32 MBRoot - J[Trj] detected
« Reply #52 on: May 25, 2011, 10:18:35 PM »
First could you disable Teatimer and then reset FF as default... Does that work

If not then download and re-install Firefox ....  Does that work

noridge

  • Guest
Re: Win32 MBRoot - J[Trj] detected
« Reply #53 on: May 26, 2011, 08:59:44 AM »
download and re-install Firefox ....  Does that work

that did it. the installation must have been corrupted because it would not allow me to uninstall firefox via the control panel or ccleaner either. overwriting it with a new installation has fixed it.

thanks essexboy, i should really have thought of that myself  ::) ;)

re: the webhost access issue
the webhost has gone through all of their logs but have not been able to determine an exact cause of the problem, so i guess we will never know what it was, nevermind. you can close this issue now.

thank you all again for your time and effort, you really helped me out  ;D

« Last Edit: May 26, 2011, 09:05:30 AM by noridge »

SafeSurf

  • Guest
Re: Win32 MBRoot - J[Trj] detected
« Reply #54 on: May 26, 2011, 10:57:54 AM »
Glad everything worked out for you.  Feel free to come back if you have any other problems.  :)

noridge

  • Guest
Re: Win32 MBRoot - J[Trj] detected
« Reply #55 on: May 26, 2011, 11:05:11 AM »
thanks SafeSurf - i have a feeling that might happen sooner than you think as my laptop doesnt seem very happy right now either! (i'll start a new thread for that one though)

SafeSurf

  • Guest
Re: Win32 MBRoot - J[Trj] detected
« Reply #56 on: May 26, 2011, 11:05:58 AM »
Did you share a USB with your friend by any chance?

noridge

  • Guest
Re: Win32 MBRoot - J[Trj] detected
« Reply #57 on: May 26, 2011, 11:29:47 AM »
i do use a usb stick on both machines but i have scanned it and seems clean.. i'll start a new thread for that though ;)

MrsNemo

  • Guest
Re: Win32 MBRoot - J[Trj] detected
« Reply #58 on: June 10, 2011, 10:35:40 PM »
I got the same message while running the Avast boot scan. (MBR 0 is infected by win32:MBROOT-J [Trj]) I downloaded and ran aswMBR.exe and here is the log.

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-10 15:17:53
-----------------------------
15:17:53.312    OS Version: Windows 5.0.2195 Service Pack 4
15:17:53.312    Number of processors: 1 586 0x209
15:17:53.312    ComputerName: PAYROLLPC2008  UserName: 786
15:17:54.406    Initialize success
15:17:57.390    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2
15:17:57.390    Disk 0 Vendor: Maxtor_6E040L0 NAR61EA0 Size: 0MB BusType: 3
15:17:59.406    Disk 0 MBR read successfully
15:17:59.406    Disk 0 MBR scan
15:17:59.406    Disk 0 unknown MBR code
15:17:59.406    Disk 0 MBR hidden
15:17:59.406    Disk 0 scanning C:\WINNT\system32\drivers
15:18:03.468    Service scanning
15:18:04.515    Disk 0 trace - called modules:
15:18:04.515    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81c91668]<<
15:18:04.515    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82046910]
15:18:04.515    3 CLASSPNP.SYS[eb420c60] -> nt!IofCallDriver -> \Device\0000001d[0x81e4ceb0]
15:18:04.515    5 ACPI.sys[bffde46b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-2[0x81e35270]
15:18:04.515    Scan finished successfully
15:20:05.875    Disk 0 MBR has been saved successfully to "Q:\tcom\Meg\System Error\MBR.dat"
15:20:05.890    The log file has been saved successfully to "Q:\tcom\Meg\System Error\aswMBR.txt"


Anything I can do to fix this?

Thanks

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32 MBRoot - J[Trj] detected
« Reply #59 on: June 10, 2011, 11:27:29 PM »
It may be TDL3

Please read carefully and follow these steps. 
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
     
     

     
     
  • If an infected file is detected, the default action will be Cure, click on Continue.
     
     

     
     
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
     
     

     
     
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
     
     

     
     
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.