Author Topic: MBR : \.\\PHYSICALDRIVE0\PARTITION2  (Read 15808 times)

0 Members and 1 Guest are viewing this topic.

willo.c

  • Guest
MBR : \.\\PHYSICALDRIVE0\PARTITION2
« on: March 29, 2012, 07:04:46 PM »
Avast continues to say that I have a virus: MBR Alureon-k in MBR physicaldrive0 Partition2
I'll send the log both from OTL, but aswMBR doesn't work on my PC.

Hope you can help me.
Thanks in advance,
« Last Edit: March 29, 2012, 08:04:35 PM by willo.c »

jeffce

  • Guest
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #1 on: March 30, 2012, 07:41:55 PM »
Hi, 

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it
----------

willo.c

  • Guest
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #2 on: March 31, 2012, 11:31:17 AM »
Jeff,

Thanks for consideration, but it simply doesn't work..
I tried to run it.. But it doesn't start..

I also take a look in the processes: for few seconds the aswMBR process is present and then it simply disappears without any view of the tool Windows in which we have the scan button..
« Last Edit: March 31, 2012, 12:15:16 PM by willo.c »

jeffce

  • Guest
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #3 on: March 31, 2012, 03:32:19 PM »
Hi willo.c,

Let's try this...move aswMBR to your C:\ folder so that it will look like this when there >>  C:\aswMBR.exe  Try to run it from there.  If it still doesn't work boot to Safe Mode and try to run it from there. 

willo.c

  • Guest
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #4 on: April 01, 2012, 11:34:54 AM »
Same problem even in C, even in Safe mode!!

Is it possibile the rootkit block aswMBR?

Helppp mee!! :((

willo.c

  • Guest
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #5 on: April 01, 2012, 11:58:19 AM »
If renamed in explorer.exe it showed:

The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.

willo.c

  • Guest
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #6 on: April 01, 2012, 12:07:37 PM »
Already tried TDSSKiller, but it doesn't start, exactly as aswMBR...


willo.c

  • Guest
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #7 on: April 01, 2012, 12:15:06 PM »
Ok, I'm doing the quick scan with Malwarebytes..

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #8 on: April 01, 2012, 12:15:48 PM »
adotd does not have permission to provide help in this section so has been deleted.

willo.c

  • Guest
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #9 on: April 01, 2012, 12:56:12 PM »
Ok, i will wait for Jeff!!

jeffce

  • Guest
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #10 on: April 01, 2012, 06:24:44 PM »
Hi,

Let's go about this another way.  Underneath my name over to the left...you will see a "Globe" icon.  Press that and go to my page.  Once there, select the file named svchost and download that file directly to your C:\ folder and then run the program.  If a log is produced post that to your next reply.  :)

willo.c

  • Guest
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #11 on: April 01, 2012, 08:27:06 PM »
Jeff,

always the same problem.. Nothing happens..
Is it the aswMBR renamed?

jeffce

  • Guest
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #12 on: April 01, 2012, 09:14:54 PM »
Let's take a look and see what we have

In the run box type the following

diskmgmt.msc

When disc management opens expand it so that all drives are visible
Take a screenshot and post it here

Are you able to burn a CD on another computer ?

willo.c

  • Guest
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #13 on: April 01, 2012, 09:35:17 PM »
Attached the screenshot..

Of course, i can burn a CD/DVD on another pc..

jeffce

  • Guest
Re: MBR : \.\\PHYSICALDRIVE0\PARTITION2
« Reply #14 on: April 01, 2012, 11:50:14 PM »
Hi,

I need you to download:
gparted-live-0.10.0-3.iso (115.1 MB) 

Create a bootable CD, for Gparted from the ISO image.

You can use ImgBurn do this.

Now boot off of the newly created Gparted CD. 



You should be here... Press ENTER



By default, "do not touch keymap" is highlighted.
Leave this setting alone and just press ENTER. 



Choose your language and press ENTER. English is default [33]



Once again, at this prompt, press ENTER 
You will now be taken to the main GUI screen below



According to your logs, the partition that you want to delete is 10mb

Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions: 

 

Now you should be here:

 



Is "boot" next to your OS drive? 
If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags 

In the menu that pops up, place a checkmark in boot like the picture below:

 


Now double-click the button. 

You should receive a small pop up like this:



Choose reboot and then press OK.