Jump to content

ohaya

Members
  • Content Count

    21
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ohaya

  • Rank
    New Member
  1. Naathim Any update on this? If this turns out to be a false positive, I would still like to clean off the files, etc. that were created. Thanks, Jim
  2. Naathim, I was wondering which, if any, of the files that we've created from the various tests thus far, I can delete? I can wait until we're at the conclusion, but am just curious about this. Thanks, Jim
  3. aswMBR version 1.0.1.2172 Copyright© 2014 AVAST Software Run date: 2014-11-03 13:52:29 ----------------------------- 13:52:29.991 OS Version: Windows x64 6.1.7600 13:52:29.991 Number of processors: 8 586 0x2D07 13:52:29.992 ComputerName: BIGBIGWINDOWS UserName: jl 13:52:30.099 Initialize success 13:52:30.150 VM: initialized successfully 13:52:30.151 VM: Intel CPU supported 13:53:09.080 VM: supported disk I/O ataport.SYS 13:53:46.122 AVAST engine defs: 14110301 13:54:11.019 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 13:54:11.020 Disk
  4. Hi, To answer your question, "yes", I can boot each of those systems via the boot manager BING.
  5. Also, an additional piece of info: This system (when I ran the tools you asked for) was booting off of a Samsung SSD, i.e., Windows 7 was installed on the Samsung SSD. I think that the actual boot drive is a WD Raptor and that is where the BING resides, and then BING boots the Windows 7 that is on the Samsung SSD partition, or something like that.
  6. Hi, I'm not sure what you mean by "Is every system, on each drive, operational?"? As I said, I use BootIt NG ("BING"), which is an MBR/EMBR-based boot manager, to multi-boot (i.e., it allows me to have several different OSes installed and when I boot the system, BING allows me to select which of those OSes I want to boot into. As I understand it, BING installs itself partially into the MBR or EMBR of the actual Drive 0/Boot drive, and then it gets invoked when the system is booted, and BING then puts up a menu which allows me to select which "boot entry" I want to boot into. When I set
  7. Trying attach again ... TDSSKiller.3.0.0.41_03.11.2014_08.59.44_log.txt
  8. Attaching the larger TDSSkiller file..
  9. From MBRScan: MBRScan v1.1.1 OS : Windows 7 (64 bit)PROCESSOR : Intel64 Family 6 Model 45 Stepping 7, GenuineIntelBOOT : Normal BootDATE : 2014/11/03 (ISO 8601) at 09:11:16________________________________________________________________________________ DISK : Device\Harddisk0\DR0 __SAMSUNG SSD 830 Series (CXM03B1Q)BUS_TYPE : (0x0B) S-ATAUSE_PIO : NOMAX_TRANSFER : 128 KbALIGNMENT_MASK : word aligned________________________________________________________________________________ DISK : Device\Harddisk1\DR1 __ST2000DM001-
  10. Hi, Your forum won't allow posting the 2nd, longer report from TDSSkiller because it is too long (583K)...
  11. TDSSkiller reported no theats found and produced 2 different .txt files: TDSSKiller.3.0.0.41_03.11.2014_08.57.21_log.txt 08:57:21.0427 0x0cf4 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:3408:57:35.0228 0x0cf4 ============================================================08:57:35.0228 0x0cf4 Current date / time: 2014/11/03 08:57:35.022808:57:35.0228 0x0cf4 SystemInfo:08:57:35.0228 0x0cf4 08:57:35.0228 0x0cf4 OS Version: 6.1.7600 ServicePack: 0.008:57:35.0228 0x0cf4 Product type: Workstation08:57:35.0228 0x0cf4 ComputerName: BIGBIGWINDOWS08:57:35.0228 0x0cf4 UserName: jl08:5
  12. Hi, This finding only showed up when I manually went and checked the MBAM setting for "Scan for rootkits", which is, I guess, disabled by default. I think that that location that MBAM is pointing to is my boot drive, and I use a boot manager named "Boot It NG" or "BING", which installs into the drive MBR. Is it possible that MBAM is detecting BING as a rootkit? Thanks, Jim
  13. I found another similar topic and downloaded the tool mentioned there. FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014Ran by jl (administrator) on BIGBIGWINDOWS on 02-11-2014 21:31:11Running from E:\ZiptempLoaded Profile: jl (Available profiles: jl)Platform: Windows 7 Ultimate (X64) OS Language: English (United States)Internet Explorer Version 8Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ===========
  14. Hi, When I run MBAM, it is detecting Unknown.rootkit.VBR (physical sector #0 on volume #2). I let MBAM quarantine it, then reboot, but when I re-run MBAM it is detecting the same thing. How can I eliminate this? Thanks, Jim
  15. Hi, FYI, I just downloaded 2014.07.09.03 and the popups stopped. I had the popups when I was on 2014.07.09.02.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.