Rootkit: hidden boot sector

View previous topic View next topic Go down

Re: Rootkit: hidden boot sector

Post by AdkWoody on Tue May 17, 2011 1:01 pm

Awesome! I think it's gone then! What's the MBR? I know that Avast and TDSSkiller both came back clean. Thanks again Crush!


Life is extremely short.... One VERY long day at a time. Can't Believe It

AdkWoody
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2010-08-17
Gender Gender : Male
OS OS : Windows 7 Home Premium 64-Bit
Protection Protection : Avast
Points Points : 23707
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Rootkit: hidden boot sector

Post by Crush on Tue May 17, 2011 6:22 pm

The Master Boot Record. This infection will produce a detection from Avast similar to what you're stating. Is the detection from the first post gone?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42078
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Rootkit: hidden boot sector

Post by AdkWoody on Wed May 18, 2011 5:20 pm

Yes. All is gone nothing is being detected. Thank you so much for your help Crush! My friend thanks you too!


Life is extremely short.... One VERY long day at a time. Can't Believe It

AdkWoody
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2010-08-17
Gender Gender : Male
OS OS : Windows 7 Home Premium 64-Bit
Protection Protection : Avast
Points Points : 23707
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Rootkit: hidden boot sector

Post by Crush on Wed May 18, 2011 5:55 pm

To uninstall ComboFix



  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)



  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

====

Download Security Check from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42078
# Likes # Likes : 0

View user profile

Back to top Go down

I have a similar issue

Post by Lapps on Fri Feb 01, 2013 2:18 pm

Hey guys,
I made an account specifically for noticing this thread. My problem is that my world of warcraft account continuously gets hacked, and I have FOUR of those things popping up in my avast security when I try doing a quick scan. The datasafe_green pops up, along with the following:
|>diff_000001.dif
|>IRIMG1.BMP
|>IRIMG1.JPG

Now I notice you guys have figured these notices are not of issue, however what is it exactly that keeps on gaining access to my WOW account and locking it? Is it a keylogger? And what can I do to get rid of this? It's been happening for several years even when I was not playing on the account.

Any help will be greatly appreciated!! Smile
Lapps

Lapps
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2013-02-01
OS OS : Windows 7
Points Points : 14035
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum