OSoccer
-
Posts
1 -
Joined
-
Last visited
This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
malicious code @ sector 0x04458930
in Resolved Malware Removal Logs
Posted
When I executed Mbam several days ago, it found and let me remove about a dozen kinds of malware, and since then Mbam has reported no malware on my computer.
However, I am still concerned about the MBR rootkit malware called Boot.Mebroot that was found on my computer by my other antiviruse software, Norton 360.
I've been perplexed as to how to totally eliminate the "malicious code @ sector 0x04458930 !", and the "PE file found in sector at 0x04458946 !"
as reported by Gmer's MBR.EXE utility program. Here is the ouput from my most recent execution of MBR.EXE a few minutes ago:
------------------------------------------------------------------------------------------
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll adpu160m.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0445892D
malicious code @ sector 0x04458930 !
PE file found in sector at 0x04458946 !
------------------------------------------------------------------------------------------
This all started when my Norton 360 scan reported finding the following:
-----------------------------
Resolved Threats : Boot.Mebroot
Type : Master Boot Record
Risk : High (High Stealth, High Removal, High Performance, High Privacy)
Categories : Virus
Status : Fully Resolved
-----------------------------
Questions:
1. Is the Boot.Mebroot in fact removed from my computer (WinXP Pro SP3)?
2. It so, why does MBR.EXE continue to report th following:
malicious code @ sector 0x04458930 !
PE file found in sector at 0x04458946 !
3. Is a "copy of MBR has been found in sector 0x0445892D" a good thing?
4. How can I shred the "malicious code" and the "PE file" in sectors 0x04458930 and 0x04458946, respectively?
Thank you very much.