Author Topic: MBR : \.\\PHYSICALDRIVE0\PARTITION2  (Read 5739 times)

Offline willo.c

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
MBR : \.\\PHYSICALDRIVE0\PARTITION2
« on: March 29, 2012, 05:04:46 PM »
Avast continues to say that I have a virus: MBR Alureon-k in MBR physicaldrive0 Partition2
I'll send the log both from OTL, but aswMBR doesn't work on my PC.

Hope you can help me.
Thanks in advance,
« Last Edit: March 29, 2012, 06:04:35 PM by willo.c »

Offline jeffce

  • Probably Not A Bot
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2463
  • Gender: Male
  • Member of UNITE
    • Malware Removal
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #1 on: March 30, 2012, 05:41:55 PM »
Hi, 

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it
----------

Offline willo.c

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #2 on: March 31, 2012, 09:31:17 AM »
Jeff,

Thanks for consideration, but it simply doesn't work..
I tried to run it.. But it doesn't start..

I also take a look in the processes: for few seconds the aswMBR process is present and then it simply disappears without any view of the tool Windows in which we have the scan button..
« Last Edit: March 31, 2012, 10:15:16 AM by willo.c »

Offline jeffce

  • Probably Not A Bot
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2463
  • Gender: Male
  • Member of UNITE
    • Malware Removal
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #3 on: March 31, 2012, 01:32:19 PM »
Hi willo.c,

Let's try this...move aswMBR to your C:\ folder so that it will look like this when there >>  C:\aswMBR.exe  Try to run it from there.  If it still doesn't work boot to Safe Mode and try to run it from there. 

Offline willo.c

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #4 on: April 01, 2012, 09:34:54 AM »
Same problem even in C, even in Safe mode!!

Is it possibile the rootkit block aswMBR?

Helppp mee!! :((

Offline willo.c

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #5 on: April 01, 2012, 09:58:19 AM »
If renamed in explorer.exe it showed:

The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.

Offline willo.c

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #6 on: April 01, 2012, 10:07:37 AM »
Already tried TDSSKiller, but it doesn't start, exactly as aswMBR...


Offline willo.c

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #7 on: April 01, 2012, 10:15:06 AM »
Ok, I'm doing the quick scan with Malwarebytes..

Offline craigb

  • avast! √úberevangelist
  • Serious Graphoman
  • *****
  • Posts: 8056
  • Gender: Male
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #8 on: April 01, 2012, 10:15:48 AM »
adotd does not have permission to provide help in this section so has been deleted.
Windows 8.1 Pro X64/ IE 11/ Avast 9.0.2018/ MBAM Premium 2

Offline willo.c

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #9 on: April 01, 2012, 10:56:12 AM »
Ok, i will wait for Jeff!!

Offline jeffce

  • Probably Not A Bot
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2463
  • Gender: Male
  • Member of UNITE
    • Malware Removal
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #10 on: April 01, 2012, 04:24:44 PM »
Hi,

Let's go about this another way.  Underneath my name over to the left...you will see a "Globe" icon.  Press that and go to my page.  Once there, select the file named svchost and download that file directly to your C:\ folder and then run the program.  If a log is produced post that to your next reply.  :)

Offline willo.c

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #11 on: April 01, 2012, 06:27:06 PM »
Jeff,

always the same problem.. Nothing happens..
Is it the aswMBR renamed?

Offline jeffce

  • Probably Not A Bot
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2463
  • Gender: Male
  • Member of UNITE
    • Malware Removal
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #12 on: April 01, 2012, 07:14:54 PM »
Let's take a look and see what we have

In the run box type the following

diskmgmt.msc

When disc management opens expand it so that all drives are visible
Take a screenshot and post it here

Are you able to burn a CD on another computer ?

Offline willo.c

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #13 on: April 01, 2012, 07:35:17 PM »
Attached the screenshot..

Of course, i can burn a CD/DVD on another pc..

Offline jeffce

  • Probably Not A Bot
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2463
  • Gender: Male
  • Member of UNITE
    • Malware Removal
    • Personal Message (Offline)
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #14 on: April 01, 2012, 09:50:14 PM »
Hi,

I need you to download:
gparted-live-0.10.0-3.iso (115.1 MB) 

Create a bootable CD, for Gparted from the ISO image.

You can use ImgBurn do this.

Now boot off of the newly created Gparted CD. 



You should be here... Press ENTER



By default, "do not touch keymap" is highlighted.
Leave this setting alone and just press ENTER. 



Choose your language and press ENTER. English is default [33]



Once again, at this prompt, press ENTER 
You will now be taken to the main GUI screen below



According to your logs, the partition that you want to delete is 10mb

Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions: 

 

Now you should be here:

 



Is "boot" next to your OS drive? 
If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags 

In the menu that pops up, place a checkmark in boot like the picture below:

 


Now double-click the button. 

You should receive a small pop up like this:



Choose reboot and then press OK.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now