If thats all it had in it then we are ok there...
Phishing problem
- Thread starter Dakaggo
- Start date
- Status
If thats all it had in it then we are ok there...
Alright, I seen that your MBR was infected but Combofix fixed it but then after you reboot, it reinfects it.
So what we need to do here is check to make sure it is still infected.
Download mbr.exe to your desktop
So what we need to do here is check to make sure it is still infected.
Download mbr.exe to your desktop
- Doubleclick mbr.exe and follow prompts.
- When mbr.exe is ready, it will create a log.
- Copy and paste contents of that file to your next reply.
Alright I'll try that.
How do you not use FF O_O? Or do you use a Mac maybe?
edit: Here you go:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x88b8ecb8
NDIS: Dynex Enhanced G Desktop Card -> SendCompleteHandler -> 0x884ac330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x04A891C1
malicious code @ sector 0x04A891C4 !
PE file found in sector at 0x04A891DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
How do you not use FF O_O? Or do you use a Mac maybe?
edit: Here you go:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x88b8ecb8
NDIS: Dynex Enhanced G Desktop Card -> SendCompleteHandler -> 0x884ac330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x04A891C1
malicious code @ sector 0x04A891C4 !
PE file found in sector at 0x04A891DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
I use IE8
I dont plan to use any other browser, no need to. All browsers get infected, doesnt make you any safer. All them FF users, the more people use it, the more interest it will create, meaning more spyware, malware infections for them as well. It has already begun. If you wana stay outa the light, use the least used browser out there. Spyware programmers have almost no use in creating programs that exploit it if hardly anyone is using them, with popularity comes spyware which means $$$ for them. and just because you use a hardly known browser, still doest guarantee anything. Internet Explorer is embeded into windows so no matter what browser you use, IE will still be there which then means double duty for you. What do I mean by that? I mean keeping IE updated as well as FF. I've seen many MANY people here neglect to do it because they dont use it, just because it isnt used doesnt mean it shouldnt be updated. I stick with the most widely used browser.
I dont plan to use any other browser, no need to. All browsers get infected, doesnt make you any safer. All them FF users, the more people use it, the more interest it will create, meaning more spyware, malware infections for them as well. It has already begun. If you wana stay outa the light, use the least used browser out there. Spyware programmers have almost no use in creating programs that exploit it if hardly anyone is using them, with popularity comes spyware which means $$$ for them. and just because you use a hardly known browser, still doest guarantee anything. Internet Explorer is embeded into windows so no matter what browser you use, IE will still be there which then means double duty for you. What do I mean by that? I mean keeping IE updated as well as FF. I've seen many MANY people here neglect to do it because they dont use it, just because it isnt used doesnt mean it shouldnt be updated. I stick with the most widely used browser.
So you are still infected.......
Now follow this
Copy the MBR.exe on your desktop and place it in C:\
Now click Start > Run
Type in mbr.exe -f <- Note the space between mbr.exe and -f
Then click OK.
Then you should get a clean log that looks like this.
Quote:
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Post the new log it creates here.
Now follow this
Copy the MBR.exe on your desktop and place it in C:\
Now click Start > Run
Type in mbr.exe -f <- Note the space between mbr.exe and -f
Then click OK.
Then you should get a clean log that looks like this.
Quote:
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Post the new log it creates here.
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x88b8ecb8
NDIS: Dynex Enhanced G Desktop Card -> SendCompleteHandler -> 0x884ac330
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x04A891C1
malicious code @ sector 0x04A891C4 !
PE file found in sector at 0x04A891DA !
Use "Recovery Console" command "fixmbr" to clear infection !
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x88b8ecb8
NDIS: Dynex Enhanced G Desktop Card -> SendCompleteHandler -> 0x884ac330
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x04A891C1
malicious code @ sector 0x04A891C4 !
PE file found in sector at 0x04A891DA !
Use "Recovery Console" command "fixmbr" to clear infection !
I don't need it, I already have that on there. Here is the log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x04A891C1
malicious code @ sector 0x04A891C4 !
PE file found in sector at 0x04A891DA !
Oh, and it's still not working.
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x04A891C1
malicious code @ sector 0x04A891C4 !
PE file found in sector at 0x04A891DA !
Oh, and it's still not working.
- Status
Similar threads
