Zhooom

This was originally posted by user ponsich in the Anti-Rootkit Help, but several of us have the same issue - all running Intel Raid Storage Technology. See: https://forums.malwarebytes.org/index.php?showtopic=149317 Basically it appears to be, from ponsich's research and mine this morning, a false positive due to Intel's driver possibly changing these sectors for some reason. It's very spooky however since this is mucking around with my system at a low enough level the disk could become unrecoverable, so I'm a little paranoid here ... For me, It's outside my C: drive Partition space as well (starting at sector 206848 and 2000211968 total sectors, which is sector # 2000418816). The first results say the lowest forged sector number is 2000419072, and they go up from there. While I ran this using the mbam /developer option, the log message stayed the same as it does normally, which I attached. The actual physical sector doesn't seem like it would be very informative (at least to me) given that it doesn't say if that's what sector is being forged or that is the forgery location, but regardless I'd I'd think you need both to investigate. Maybe there's a pointer here somewhere .. I'm no expert. If needed I can upload one or more physical sector's of my disk for inspection. (edit - I enclosed the hex representation of the data in text format of the first physical sector being reported as forged. Sorry, the editor I'm using doesn't allow me to save it as true binary.) Let me know, thanks! --Z phys_sectors_log.txt forged_sector_values.txt

Exact same issue here - and I'm also running Intel Raid Storage Manager. I'm glad that google finally turned something up on this topic since I've been going out of my mind with this error showing up all the time! I'd do a scan right after rebooting and it shows up as being fine - then anywhere from 10 minutes to 8 hours later, this error comes back again. I was getting very close to formatting and reloading, but I had this nagging doubt since Norton 360, Spybot, etc never turned up any errors... I really hope this is a false positive, and that it can be fixed quickly. I'm going to post a link back to this thread under the Anti-Malware Support/False Positives forum here with the information they require in the sticky. They don't have a "Physical Sector" forum, so in the file forum I guess unless you know a better place. Btw, maybe it's normal, but I can't see any scan report in your post ponisch. (I'm a new forum member, although I've been running a licensed MalwareBytes for 4 years now, and the free version quite a while prior to that. I just never needed support until now!) I'll get it done as soon as it pops up for me again ... shouldn't be long. I was pretty freaked out since it was so deep in the system and not nearly as easy to confirm like a suspicious file... Speak of the devil. 5am comes around and on the dot, here's my Malware Detected message. LOL - I guess I'll get started.

Did this get any resolution? I'm having the same issue. However, Norton 360 and Spybot aren't seeing the same problem. Could this be a false positive from sector's being rewritten due to a disk/controller error or something? (Although I'm not seeing any hardware errors either...) I'm not sure why this would keep happening, since my system is clean according to MalwareBytes (except the sector errors), Spybot, and Norton 360. Thanks. :-D