Jump to content

OSoccer

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. When I executed Mbam several days ago, it found and let me remove about a dozen kinds of malware, and since then Mbam has reported no malware on my computer. However, I am still concerned about the MBR rootkit malware called Boot.Mebroot that was found on my computer by my other antiviruse software, Norton 360. I've been perplexed as to how to totally eliminate the "malicious code @ sector 0x04458930 !", and the "PE file found in sector at 0x04458946 !" as reported by Gmer's MBR.EXE utility program. Here is the ouput from my most recent execution of MBR.EXE a few minutes ago: ------------------------------------------------------------------------------------------ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll adpu160m.sys kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x0445892D malicious code @ sector 0x04458930 ! PE file found in sector at 0x04458946 ! ------------------------------------------------------------------------------------------ This all started when my Norton 360 scan reported finding the following: ----------------------------- Resolved Threats : Boot.Mebroot Type : Master Boot Record Risk : High (High Stealth, High Removal, High Performance, High Privacy) Categories : Virus Status : Fully Resolved ----------------------------- Questions: 1. Is the Boot.Mebroot in fact removed from my computer (WinXP Pro SP3)? 2. It so, why does MBR.EXE continue to report th following: malicious code @ sector 0x04458930 ! PE file found in sector at 0x04458946 ! 3. Is a "copy of MBR has been found in sector 0x0445892D" a good thing? 4. How can I shred the "malicious code" and the "PE file" in sectors 0x04458930 and 0x04458946, respectively? Thank you very much.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.