Win32:MBRoot-J

[seahorses]

i mean move to chest,
i havnt restored yet

[essexboy]

What are your current problems ?

[seahorses]

there still is a trojan on my computer, (so the Fcleaner says)
1 have done a payment with ing online banking and my tan has been blocked, because they had found a virus in my computer. then i tried to clean my computer, but still it says it has the virus in my computer and it is not easy to clear it with another program.

so can cannot pay anymore with ing online banking.

my computer seems to work normaly, though it is slow sometimes. i do not know right now if the virus (trojan) is my computer for bad intentions.

[essexboy]

What virus does Fcleaner detect and what is its location ?

[seahorses]

This says the Fcleaner

------------------------------------------------------------------------------------------------------------------------
[13-09-2011 13:37:59] FCleaner v1.5.0.0 Loading...
[13-09-2011 13:38:00] Mebroot Infection Found!
[13-09-2011 13:38:00] FCleaner has detected malware on your system!
[13-09-2011 13:38:00] Please press the "Clean" button to remove the malware

it does not give an location, and if i want to clean it, it says that i have a big problem, and need assistance, because FCleaner, cant clean it...

[essexboy]

There was no indication of mebroot on your logs

But for peace of mind 

Please read carefully and follow these steps.

• DownloadTDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

[seahorses]

okay thank you, i wil do it tomorrow at the "infected" computer and let you know.

[essexboy]

No problem, although as I say the original infection appears to have been removed by Combofix 

[seahorses]

I have runned the task killer (see results in the attached files)
then i runned avast (full scan and start up scan)
Result: no viruses found!

runned the fcleaner again, but still finds something
------------------------------------------------------------------------------------------------------------------------
[15-09-2011 10:42:30] FCleaner v1.5.0.0 Loading...
[15-09-2011 10:42:30] Mebroot Infection Found!
[15-09-2011 10:42:30] FCleaner has detected malware on your system!
[15-09-2011 10:42:30] Please press the "Clean" button to remove the malware
[15-09-2011 10:43:08] Cleaner finished! ...

(see attached file)

i think my computer is clean now, and fcleaner is wrong!

[essexboy]

Run TDSSKiller again please and could you post the log

[seahorses]

see attached file

[seahorses]

again (ANSI) instead of Unicode

[essexboy]

Methinks Fcleaner is providing a false positive, how is the computer behaving anything weird or unusual ?

[seahorses]

no computer seems to work normally

[essexboy]

Try an update on the Fcleaner and then re-run it