Infected by MBR:\\.\PHYSICALDRIVE0 rootkit

[Colorless]

Hello. My VAIO F series laptop has been infected by a rootkit called MBR:\\.\PHYSICALDRIVE0 and I tried removing it using Avast but, Avast gives an error saying the access is denied.

Now, I'm currently using this method on a past thread http://forums.malwar...showtopic=78389 but, I'm stuck at the step after you scan your computer using aswMBR.exe

The results from the scan is

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software

Run date: 2012-01-18 18:18:10

-----------------------------

18:18:10.474 OS Version: Windows x64 6.1.7601 Service Pack 1

18:18:10.474 Number of processors: 8 586 0x2A07

18:18:10.474 ComputerName: XUFACE UserName:

18:18:12.440 Initialize success

18:18:12.596 AVAST engine defs: 12011801

18:18:18.602 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

18:18:18.602 Disk 0 Vendor: TOSHIBA_ MJ00 Size: 610480MB BusType: 3

18:18:18.602 Device \Driver\iaStor -> MajorFunction fffffa80069945c4

18:18:18.617 Disk 0 MBR read successfully

18:18:18.617 Disk 0 MBR scan

18:18:18.633 Disk 0 Windows 7 default MBR code

18:18:18.633 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12434 MB offset 2048

18:18:18.649 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25466880

18:18:18.664 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 597944 MB offset 25671680

18:18:18.664 Service scanning

18:18:19.881 Modules scanning

18:18:19.881 Disk 0 trace - called modules:

18:18:19.897 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80069945c4]<<

18:18:19.912 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062c7790]

18:18:19.912 3 CLASSPNP.SYS[fffff88001b5543f] -> nt!IofCallDriver -> [0xfffffa8004525d10]

18:18:19.928 5 ACPI.sys[fffff88000f237a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004524050]

18:18:19.943 \Driver\iaStor[0xfffffa8006258cf0] -> IRP_MJ_CREATE -> 0xfffffa80069945c4

18:18:20.848 AVAST engine scan C:\Windows

18:18:22.954 AVAST engine scan C:\Windows\system32

18:19:10.464 AVAST engine scan C:\Windows\system32\drivers

18:19:15.534 AVAST engine scan C:\Users\Reflections

18:22:21.270 AVAST engine scan C:\ProgramData

18:23:21.459 Scan finished successfully

18:28:05.461 Disk 0 MBR has been saved successfully to "C:\Users\Reflections\Desktop\MBR.dat"

18:28:05.477 The log file has been saved successfully to "C:\Users\Reflections\Desktop\aswMBR.txt"

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwarebytes.org/index.php?showtopic=9573

Following fixes for other people is not a good idea, each fix is custom prepared for that individual and following it may lead to an unbootable computer.

MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!