Jump to content

luci

Members
  • Content Count

    22
  • Joined

  • Last visited

About luci

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. maybe you can make mbam to scan rootkit for flashdisk, because this current mbam can't directly scan for flashdisk. To scan flashdisk for rootkit, current mbam need to checklist all HDD and that make long time to scan because scanning all data. Example: i have flashdisk or HDD externali , i can''t scan my HDD external using quick scan. If i suing custom scan i need checklist all HDD drive
  2. thanks, yes but i use deep freeze too while scaning with Malwarebyte Premium but can pick it up Okay, if in the future any update from MBAR, i will update MBAR to new version My case is all clear now, all clean, i already fix MBR on HDD external too *my english grammar is not good
  3. uwm, i'm already upload the logs you asked on attachment above, look at at post before this post on attachment Here i re-upload on attachment 678230911_mbar-log-2018-12-21(12-52-38).txt system-log.txt
  4. malware MBR already cleaned using aswMBR and bootable disc easyus I fixmbr on HDD using aswMBR, but aswMBR can't fix HDD 2. aswMBR can scan + fix 1 HDD only (HDD 1 for system and boot) So for HDD 2, i fix MBR from bootable cd easyus before enter windows, and done. I enter windows, scan using malwarebyte premium, and clean, no rootkit anymore. Thanks for all support here For Malwarebyte Anti Rootkit/MBAR, that software can't detected this virus.
  5. i found software which can fix MBR on HDD (not only one HDD), here https://www.easeus.com/partition-manager-software/free-mbr-repair-tool.html Step 1: Create a WinPE bootable disk. 1. Download and launch EaseUS Partition Master on a new PC which runs the same system as yours. 2. Click "WinPE Creator" on the toolbar. And select to create the bootable disk on a USB drive. If your computer has a CD/DVD drive, you can also create the bootable disk to CD/DVD. Why they say to launch on another PC? i don't have another PC I try to open that EasyUS Partition Master to create bootable cd, but my IOBIT detected Malmo, is this okay? Can i create bootable cd from my PC? Notes: I create thread of my case on other forum too, but on indonesian antivirus forum, here http://smadaver.com/konsultasi-virus/csrss-trojan-miner-folder-wmiappsrv/msg248115/#msg248115
  6. My computer model Windows 7 Ultimate 64bit, i5-2500 3.3GHz Yes, i have HDD external 1 terra but i not yet checking/scanning for that hdd external for rootkit scanning Here the log from MBAR (Malwarebyte Anti Rootkit), check on attachment If you are concerned with mbam fixing it and dont have another computer if by some small chance yours becomes unbootable The please create a windows rescue disk if you dont have the the install dvd for windows. How to fixing it? MBAR not detected that infection, only MBAM which detected it. MBAM detected on my 2 HDD, on disk 0 and disk 1 (i have 2 HDD, system is on disk 1, and my second HDD on disk 0), check attachment How about if i click fixmbr button from farbar? If after fixing my windows fail to booting, what should i do to repair my HDD? mbar-log-2018-12-21 (12-52-38).txt system-log.txt
  7. adding log aswMBR with database avast updated: aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software Run date: 2018-12-21 09:56:48 ----------------------------- 09:56:48.951 OS Version: Windows x64 6.1.7601 Service Pack 1 09:56:48.951 Number of processors: 4 586 0x2A07 09:56:48.951 ComputerName: AZURLANEPC UserName: Yuudachi 09:56:49.665 Initialize success 09:56:49.727 VM: initialized successfully 09:56:49.728 VM: Intel CPU supported 09:56:52.499 VM: supported disk I/O ataport.SYS 10:02:52.119 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 10:02:52.123 Disk 0 Vendor: ST1000DM010-2EP102 CC43 Size: 953869MB BusType: 3 10:02:52.126 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 10:02:52.128 Disk 1 Vendor: ST3320310CS ES11 Size: 305245MB BusType: 3 10:02:52.251 VM: Disk 1 MBR read successfully 10:02:52.254 Disk 1 MBR scan 10:02:52.257 Disk 1 unknown MBR code 10:02:52.262 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 10:02:52.268 Disk 1 default boot code 10:02:52.272 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 72000 MB offset 206848 10:02:52.287 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 233143 MB offset 147662848 10:02:52.412 Disk 1 scanning C:\Windows\system32\drivers 10:03:00.649 Service scanning 10:03:27.738 Modules scanning 10:03:27.745 Disk 1 trace - called modules: 10:03:27.804 ntoskrnl.exe CLASSPNP.SYS disk.sys DfDiskLow.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 10:03:27.809 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8005ff5060] 10:03:27.813 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8005e798e0] 10:03:27.818 5 DfDiskLow.sys[fffff880016371c9] -> nt!IofCallDriver -> [0xfffffa8005979580] 10:03:27.822 7 ACPI.sys[fffff88000d697a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800597b060] 10:03:27.826 \Driver\atapi[0xfffffa80058dec10] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> DfDiskLow.sys[0xfffff88001631318] 10:03:27.831 Disk 1 statistics 101970/0/0 @ 9.31 MB/s 10:03:27.835 Scan finished successfully 10:04:40.099 Disk 1 MBR has been saved successfully to "C:\Users\Yuudachi\Downloads\MBR.dat" 10:04:40.104 The log file has been saved successfully to "C:\Users\Yuudachi\Downloads\aswMBR 21 december.txt" mbr.dat sample still same at https://www.sendspace.com/file/q598cf --------------------> (mbr.dat) aswMBR 21 december.txt
  8. yes, the owner of this PC prefer ver. 3.5.1 but the database update is current I have sample of mbr.dat from farbar, can you check my sample mbr.dat? here= https://www.sendspace.com/file/q598cf --------------------> (mbr.dat) Can you check my mbr.dat sample? Because if i scan with Malwarebyte antirootkit beta, from https://www.malwarebytes.com/antirootkit/ (this difference software) = scan result clean (with current update) And the log on attachment. i scan using 2 malwarebyte difference product here log malwarebyte antirootkit beta: Malwarebytes Anti-Rootkit BETA 1.10.3.1001 www.malwarebytes.org Database version: main: v2018.12.20.03 rootkit: v2018.12.20.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Yuudachi :: AZURLANEPC [administrator] 12/20/2018 4:44:42 PM mbar-log-2018-12-20 (16-44-42).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 178100 Time elapsed: 5 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) And log Malwarebyte premium: LOG SCAN MALWAREBYTE PREMIUM 3.5.1 -Log Details-Scan Date: 12/14/18Scan Time: 7:51 PMLog File: 06c5a37a-ff9f-11e8-82d0-00ff3820cd7a.jsonAdministrator: Yes-Software Information-Version: 3.5.1.2522Components Version: 1.0.365Update Package Version: 1.0.8055License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: AzurLanePC\Yuudachi-Scan Summary-Scan Type: Threat ScanScan Initiated By: ManualResult: CompletedObjects Scanned: 232927Threats Detected: 2Threats Quarantined: 0(No malicious items detected)Time Elapsed: 5 min, 0 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: DetectPUM: Detect-Scan Details-Process: 0(No malicious items detected)Module: 0(No malicious items detected)Registry Key: 0(No malicious items detected)Registry Value: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 0(No malicious items detected)File: 0(No malicious items detected)Physical Sector: 2Bootkit.Malmo.MBR, 0, No Action By User, [15174], [514093],0.0.0Bootkit.Malmo.MBR, 1, No Action By User, [15174], [514093],0.0.0WMI: 0(No malicious items detected)(end) You can see, 2 software but with difference scan result, malwarebyte premium with antirootkit checked is detected, but malwarebyte antirootkit scan result is clean. I scan using IOBIT Malware Fighter is clean too if i scan root Addition new.txt FRST new.txt
  9. as i said before, i scan using 2 malwarebyte difference product here log malwarebyte antirootkit beta: Malwarebytes Anti-Rootkit BETA 1.10.3.1001 www.malwarebytes.org Database version: main: v2018.12.20.03 rootkit: v2018.12.20.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Yuudachi :: AZURLANEPC [administrator] 12/20/2018 4:44:42 PM mbar-log-2018-12-20 (16-44-42).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 178100 Time elapsed: 5 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) And log Malwarebyte premium: LOG SCAN MALWAREBYTE PREMIUM 3.5.1 -Log Details-Scan Date: 12/14/18Scan Time: 7:51 PMLog File: 06c5a37a-ff9f-11e8-82d0-00ff3820cd7a.jsonAdministrator: Yes-Software Information-Version: 3.5.1.2522Components Version: 1.0.365Update Package Version: 1.0.8055License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: AzurLanePC\Yuudachi-Scan Summary-Scan Type: Threat ScanScan Initiated By: ManualResult: CompletedObjects Scanned: 232927Threats Detected: 2Threats Quarantined: 0(No malicious items detected)Time Elapsed: 5 min, 0 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: DetectPUM: Detect-Scan Details-Process: 0(No malicious items detected)Module: 0(No malicious items detected)Registry Key: 0(No malicious items detected)Registry Value: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 0(No malicious items detected)File: 0(No malicious items detected)Physical Sector: 2Bootkit.Malmo.MBR, 0, No Action By User, [15174], [514093],0.0.0Bootkit.Malmo.MBR, 1, No Action By User, [15174], [514093],0.0.0WMI: 0(No malicious items detected)(end) You can see, 2 software but with difference scan result, malwarebyte premium with antirootkit checked is detected, but malwarebyte antirootkit scan result is clean. Somebody help me mbar-log-2018-12-20 (16-44-42).txt
  10. okay, i'm waiting Because i scan using 2 malwarebyte difference product, and the scan result is difference too 1. Malwarebyte antirootkit beta, from https://www.malwarebytes.com/antirootkit/ (this difference software) = result clean 2. Malwarebyte Premium with antiroot checked= result detected malmo If i scan using Malwarebyte antirootkit beta if the result is detected so i sure 100% trojan, but the fact is if i scan using Malwarebyte antirootkit beta the scan result is clean. I still have big question, why software Malwarebyte antirootkit beta which that software more specially to detected rootkit but in my case not detected alias clean?? This difference scan result make me not sure 100% if that detecting result is trojan, i don't know ..., need someone who can help me
  11. LOG SCAN MALWAREBYTE PREMIUM 3.5.1 -Log Details-Scan Date: 12/14/18Scan Time: 7:51 PMLog File: 06c5a37a-ff9f-11e8-82d0-00ff3820cd7a.jsonAdministrator: Yes-Software Information-Version: 3.5.1.2522Components Version: 1.0.365Update Package Version: 1.0.8055License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: AzurLanePC\Yuudachi-Scan Summary-Scan Type: Threat ScanScan Initiated By: ManualResult: CompletedObjects Scanned: 232927Threats Detected: 2Threats Quarantined: 0(No malicious items detected)Time Elapsed: 5 min, 0 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: DetectPUM: Detect-Scan Details-Process: 0(No malicious items detected)Module: 0(No malicious items detected)Registry Key: 0(No malicious items detected)Registry Value: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 0(No malicious items detected)File: 0(No malicious items detected)Physical Sector: 2Bootkit.Malmo.MBR, 0, No Action By User, [15174], [514093],0.0.0Bootkit.Malmo.MBR, 1, No Action By User, [15174], [514093],0.0.0WMI: 0(No malicious items detected)(end) But remember, if i scan using Malwarebyte Antirootkit Beta, the scan result is clean
  12. i means, i read other forum and they said if i clean mbr.dat then my hdd partition will get error Already scan using 2 software: 1. Malwarebyte premium 2. Malwarebyte antirootkit beta, from https://www.malwarebytes.com/antirootkit/ (this difference software) Scan Result: 1. I scan using malwarebyte premium with rootkit selected, scan result is detected: detected: Rootkit.MBR.Malmo.A (Boot image) screenshot on attachment= malwarepremium1.jpg 2. i scan using Malwarebyte antirootkit beta, the scan result is clean. screenshot on attachment= malwarebyteantirootkitbeta.jpg Why 2 malwarebyte software show difference scan result? I read other forum at https://support.emsisoft.com/topic/26435-boot-virus-malmo-just-one-problem-out-of-many/ , there is case like my case and they said false positive, look screenshot on attachment falsepositive.jpg They said: "This is an older MBR bootkit \DosDevices\PhysicalDrive1 detected: Rootkit.MBR.Malmo.A (Boot image) (B) [krnl.xmd] and is very likey a false positive based on what I can see in your logs."
  13. if i clean from malwarebyte premium while antirootkit checkbox is checked, any risk my HDD partition will get error?? Because if i scan using mallwarebyte antirootkit beta (difference software from malwarebyte premium), the scan result is clean. I don't know why malwarebyte premium and malwarebyte antirootkit beta have difference scan result
  14. If i scan that MBR.DAT using IOBIT Malwarefighter the result is detected Please re-check the new MBR.DAT on sendspace link above this post here= https://www.sendspace.com/file/q598cf --------------------> (mbr.dat), please ignore the file i upload on first post about mbr.dat, i upload wrong file, the new file is that file on sendspace
  15. try this, i uploading using sendspace, without zipped to 7z https://www.sendspace.com/file/q598cf
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.