Author Topic: Rootkit MBR:\\.\PHYSICALDRIVE0  (Read 2475 times)

0 Members and 1 Guest are viewing this topic.

onliest

  • Guest
Rootkit MBR:\\.\PHYSICALDRIVE0
« on: March 14, 2012, 09:45:08 PM »
Rootkit MBR:\\.\PHYSICALDRIVE0 is still being detected by Avast!, despite the fact I had already executed a boot time scan. I had also already done a scan with MalwareBytes in safe mode which picked up nothing. Occasionally, I get a blue screen after the root kit is 'removed' by Avast! A few days ago, I was continually being prompt by "Found New Hardware Wizard" to install "Unknown". Just yesterday, I had finally decided to simply comply with the wizard which kept bothering me every startup. Perhaps this hap hazardous installation might be a factor? MBAM, OTL and aswMBR logs are attached. Many thanks.
« Last Edit: March 14, 2012, 09:51:01 PM by onliest »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Rootkit MBR:\\.\PHYSICALDRIVE0
« Reply #1 on: March 14, 2012, 09:57:50 PM »
I have tried to refer this to a malware removal specialist.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Rootkit MBR:\\.\PHYSICALDRIVE0
« Reply #2 on: March 14, 2012, 10:40:25 PM »
    Hi this is a multiple type MBR infection so I will need to use a specialist tool

    Download the latest version of TDSSKiller from
here and save it to your Desktop.
 
 
[list=1]
 
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     

     
  • Click the Start Scan button.
     

     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
     

     
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.