Jump to content

Remedy for "Trend Chipaway Virus" Boot Virus?

Recommended Posts

Hello and hope this finds you all well.

On my old Windows 2000 computer, which I still use occasionally for some old programs, etc.

Here are the DDS logs. Thank you in advance for your help. Please note I have altered a couple of places where my name appears.




DDS (Ver_2011-08-26.01) - FAT32x86

Internet Explorer: 6.0.2800.1106

Run by MMMM_M at 10:45:52 on 2012-10-11

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.1024.447 [GMT -4:00]



============== Running Processes ===============







C:\Program Files\Alwil Software\Avast5\AvastSvc.exe


C:\Program Files\Ahead\InCD\InCDsrv.exe


C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe





C:\Program Files\Iomega\AutoDisk\ADService.exe



C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe



C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\PIXELA\PTP Manager\PixePtpManager.exe

C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Applications\Computer Programs\Hot Key Plus\HotKeyPlus.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\uTorrent\uTorrent.exe




============== Pseudo HJT Report ===============


uStart Page = hxxp://

uSearch Page = hxxp://best-search.cc/index.php?v=6&aff=1894039

uSearch Bar = hxxp://best-search.cc/search.php?v=6&aff=1894039

uSearchAssistant = hxxp://ie.search.msn.com

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll

uRun: [ctfmon.exe] ctfmon.exe

uRunOnce: [FlashPlayerUpdate] c:\winnt\system32\macromed\flash\NPSWF32_FlashUtil.exe -p

mRun: [synchronization Manager] mobsync.exe /logon

mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [WinPatrol] "c:\progra~1\billps~1\winpat~1\WinPatrol.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [inCD] c:\program files\ahead\incd\InCD.exe

mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\winnt\system32\NeroCheck.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"

mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe

mRun: [iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe

mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [D-Link AirPlus XtremeG DWL-G122] c:\program files\d-link\airplus xtremeg dwl-g122\AirGCFG.exe

mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe

mRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop

dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly

StartupFolder: c:\docume~1\user\startm~1\programs\startup\shortc~1.lnk - c:\applications\computer programs\hot key plus\HotKeyPlus.exe

StartupFolder: c:\docume~1\user\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ptpman~1.lnk - c:\program files\pixela\ptp manager\PixePtpManager.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab

DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB

DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab

DPF: {15A7CF10-CB3E-4265-8779-9FD22619E8ED} - hxxp://

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {31564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab

DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe

DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38027.7776851852

DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F74959B0-1779-472E-BE6E-3023E1DBEC73} - hxxp://

TCP: DhcpNameServer =

TCP: Interfaces\{508762E4-2A99-42C5-A858-7ED990098EE6} : DhcpNameServer =

TCP: Interfaces\{DD57D27A-B120-41CA-B49A-CFD5A49086F3} : DhcpNameServer =

TCP: Interfaces\{F346C4AA-DD16-4F13-A670-BA1063A26964} : NameServer =

Notify: AtiExtEvent - Ati2evxx.dll

Notify: nwprovau - nwprovau.dll


================= FIREFOX ===================


FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\8ily5idu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.freemarketrecords.com/

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\8ily5idu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\8ily5idu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJPI150_01.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: BitDefender QuickScanner: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF


============= SERVICES / DRIVERS ===============


R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [2009-9-1 64160]

R1 aswSP;aswSP;c:\winnt\system32\drivers\aswSP.sys [2010-5-24 355632]

R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [2010-5-24 21256]

R2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [2010-5-24 89624]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-10-10 44808]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1036104]

R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [2001-5-8 24784]

R3 RDID1057;EDIROL UA-1EX;c:\winnt\system32\drivers\Rdwm1057.sys [2009-5-29 139793]

R3 usbhub20;USB Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2004-2-10 49776]

S1 aswSnx;aswSnx;c:\winnt\system32\drivers\aswSnx.sys [2012-10-10 729752]

S2 DCamUSBSvis;%SvStream.DeviceDesc%;c:\winnt\system32\drivers\stream18.sys [2003-10-25 70708]

S3 AOXENET;%AOXENET.DriverDesc%;c:\winnt\system32\drivers\EA101ND4.SYS [1999-8-11 32224]

S3 Ftdioxy;Ftdioxy; [x]

S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\winnt\system32\drivers\qscnusb.sys [2010-2-26 103552]

S3 motccgp;Motorola USB Composite Device Driver;c:\winnt\system32\drivers\motccgp.sys [2009-9-18 18688]

S3 motccgpfl;MotCcgpFlService;c:\winnt\system32\drivers\motccgpfl.sys [2009-9-18 8320]

S3 motport;Motorola USB Diagnostic Port;c:\winnt\system32\drivers\motport.sys [2009-9-18 23680]

S3 NAVAP;NAVAP;\??\c:\program files\navnt\navap.sys --> c:\program files\navnt\NAVAP.sys [?]

S3 RDID1003;EDIROL UM-2;c:\winnt\system32\drivers\Rdwm1003.sys [2007-9-29 66530]

S3 RDID1005;EDIROL UA-5;c:\winnt\system32\drivers\Rdwm1005.sys [2007-10-10 144673]

S3 SISNIC2K;SiS PCI Fast Ethernet Adapter Driver for NDIS5;c:\winnt\system32\drivers\sisnic2k.sys [2006-2-14 32768]

S3 SONYPVP2;SONYPVP2;c:\winnt\system32\drivers\sonypvp2.sys [2006-4-20 32924]


=============== Created Last 30 ================


2012-10-11 03:01:17 729752 ----a-w- c:\winnt\system32\drivers\aswSnx.sys

2012-10-11 02:54:50 21264 ----a-w- c:\winnt\system32\wdmaud.drv

2012-10-11 02:54:45 148208 ----a-w- c:\winnt\system32\drivers\portcls.sys

2012-10-11 02:54:45 148208 ----a-w- c:\winnt\system32\dllcache\portcls.sys

2012-10-11 01:42:57 83456 ----a-r- c:\winnt\system32\drivers\Rtnic.sys


==================== Find3M ====================


2012-09-07 21:04:46 20552 ----a-w- c:\winnt\system32\drivers\mbam.sys

2012-08-21 09:12:34 41224 ----a-w- c:\winnt\avastSS.scr

2004-03-11 17:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2003-03-08 05:33:16 1897672 ----a-w- c:\program files\winzip81.exe


=================== ROOTKIT ====================


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.0.2195 Disk: Maxtor_6Y080L0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2


device: opened successfully

user: MBR read successfully


Disk trace:

called modules: ntoskrnl.exe >>UNKNOWN [0x85E766E8]<<

_asm { MOV EAX, 0x85e76608; XCHG [ESP], EAX; PUSH EAX; PUSH 0x85e79c94; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }

1 nt!IofCallDriver[0x8041DDF0] -> \Device\Harddisk0\DR0[0x85D98BF0]

\Driver\Disk[0x85D99990] -> IRP_MJ_CREATE -> 0x85E766E8

kernel: MBR read successfully

_asm { CLI ; XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; CLD ; PUSH AX; PUSH AX; POP DS; POP ES; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x100; REP MOVSW ; JMP FAR 0x0:0x61d; }

detected disk devices:

detected hooks:

\Driver\Disk -> 0x85e766e8

user & kernel MBR OK

Warning: possible MBR rootkit infection !


============= FINISH: 10:46:58.25 ===============







DDS (Ver_2011-08-26.01)


Microsoft Windows 2000 Professional

Boot Device: \Device\Harddisk0\Partition1

Install Date:

System Uptime: (988642 hours ago)


Motherboard: ASUSTeK Computer INC. | | P4S533

Processor: Intel® Pentium® 4 CPU 2.40GHz | PGA 478 | 1800/100mhz


==== Disk Partitions =========================


A: is Removable

C: is FIXED (FAT32) - 38 GiB total, 15.536 GiB free.

D: is FIXED (NTFS) - 76 GiB total, 18.901 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is FIXED (FAT32) - 38 GiB total, 7.848 GiB free.

H: is FIXED (NTFS) - 76 GiB total, 4.448 GiB free.

I: is CDROM ()


==== Disabled Device Manager Items =============


Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: SiS 900 PCI Fast Ethernet Adapter

Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_807C1043&REV_90\3&61AAA01&0&18

Manufacturer: SiS

Name: SiS 900 PCI Fast Ethernet Adapter

PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_807C1043&REV_90\3&61AAA01&0&18

Service: SISNIC2K


Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Multimedia Audio Controller

Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_80E21043&REV_10\3&61AAA01&0&28


Name: Multimedia Audio Controller

PNP Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_80E21043&REV_10\3&61AAA01&0&28



Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}

Description: Agfa ePhoto CL18 Camera Stream Driver

Device ID: ROOT\IMAGE\0000

Manufacturer: Agfa - Gevaert N.V.

Name: Agfa ePhoto CL18 Camera Stream Driver

PNP Device ID: ROOT\IMAGE\0000

Service: DCamUSBSvis


==== System Restore Points ===================


No restore point in system.


==== Installed Programs ======================



2006 FIFA World Cup

7-Zip 2.30 Beta 28

ABBYY FineReader 5.0 Sprint

ABBYY FineReader 6.0 Sprint

AC3Filter (remove only)


Acoustica Effects Pack

Acoustica Mixcraft 3

Active Disk


Ad-Aware SE Personal

Adobe Acrobat 5.0

Adobe Audition 1.5

Adobe Flash Player 10 Plugin

Adobe Photoshop CS

Adobe Photoshop Elements 2.0

Adobe Premiere 6.0

Adobe Reader 8

Adobe Reader for Palm OS 3.0

Adobe Shockwave Player 11.5

Advanced RealMedia Export Plug-in for Premiere 6.0

Agfa ePhoto CL18 Digital Camera Driver

AirPlus XtremeG DWL-G122

ANIO Service

ANIWZCS2 Service

AnswerWorks Runtime


ARP2600 V


ASUS Enhanced Display Driver

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Audacity 1.0.0

Avanquest update

avast! Free Antivirus

AviSynth 2.5

BitLord 1.1

Brother HL-1435

Cakewalk VST Adapter 4

Camera Support Core Library

Camera Window


Canon Camera Support Core Library

Canon Camera TWAIN Driver

Canon Camera TWAIN Driver 6.4

Canon Camera Window for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities PhotoStitch 3.1

Canon Utilities ZoomBrowser EX

Cantabile 1.2 Lite

Cleaner 5 EZ


dBpowerAMP Music Converter

Dimension LE 1.2


DivX Web Player


DreamStation DXi2

DVD Decrypter (Remove Only)

DVD Identifier

DVD Solution

EMS Synthi A-vs DEMO 1.0

EPSON Copy Utility 3



HP Image Zone 3.5

HP Photosmart Cameras 3.5

HP Software Update


ImageMixer for Sony



InterActual Player

Internet Explorer Q832894

IomegaWare 4.0.2

J2SE Runtime Environment 5.0 Update 1


Lexmark 1200 Series

Logitech SetPoint


Macromedia Director MX Trial

Macromedia Flash MX

Malwarebytes Anti-Malware version

MaxBlast 3

Microsoft .NET Framework 1.1

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office FrontPage 2003

Microsoft Office Professional Edition 2003

Microsoft Outlook Personal Folders Backup

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148


minimoog V

MovieEdit Task

Mozilla Firefox (3.6.8)

Native Instruments Sibelius Player

Natural Color Pro

Nero - Burning Rom

Nero 6 Ultra Edition

Nero Digital

Neuratron PhotoScore Lite

NHL '94 Record Keeper Version 2

NVIDIA Windows 2000/XP Display Drivers

Opera 9.62

Outlook Express Update Q330994

Palm Desktop

Palm VersaMail

PC Suite

PCR Editor V2

PE Builder 3.1.10a





Project5 LE

Project64 1.6

PTP Manager




Quicktime Browser Plug-In

RAW Image Task 1.1


Remote Desktop Connection

RemoteCapture Task 1.0.3

RM to MP3 Converter 1.48



Sibelius 3

Sibelius Scorch

SiS 900 PCI Fast Ethernet Adapter Driver




Spybot - Search & Destroy

TextSync (remove only)




Update Rollup 1 for Windows 2000 SP4

USB Driver Vers. 3.2

VideoLAN VLC media player 0.8.6c

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Warcraft II BNE



WinAce Archiver 2.0

Winamp (remove only)

Windows 2000 Service Pack 4

Windows Installer 3.1 (KB893803)

Windows Media Player system update (9 Series)

WinRAR archiver



==== End Of File ===========================

Link to post
Share on other sites

Hi Thank you for the response. Here is what I see when I boot this computer:

On start-up of the computer, a red screen with the following message is displayed "Trend Chip away Virus has detected a boot virus" and further following information is displayed, "Complete virus protection for the enterprise go to Trend Micro www.antivirus.com."

Just the fact that it doesn't boot properly.

Another issue I'm having, which may or may not have to do with this. Since this boot problem. I have had two separate network apadtors (one on the motherboard and a replacement PCI card) fail, without good reason. I'm wondering now if its connected or not.

Thanks kindly.

Link to post
Share on other sites

  • Staff


Just saw uTorrent in your log.

Please see:

Forum Piracy Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

It's likely why your issue began in the first place.

Link to post
Share on other sites

I didn't realize that uTorrent was illegal software. In fact uTorrent has a lot of uses other than piracy. I use it to trade non-commercial amateur recordings with communities that strictly forbid uploading commericially published recordings. I have automated this process with virus scanning every new download and I have never downloaded an infected file from these communities.

Is uTorrent illegal software or is it simply presumed to be used for illegal purposes?

Thank you kindly.

Link to post
Share on other sites

Screen: I was advised to bring this to your attention. Thanks again for your help!

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.0.2195 Disk: Maxtor_6Y080L0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2


device: opened successfully

user: MBR read successfully


Disk trace:

called modules: ntoskrnl.exe >>UNKNOWN [0x85E766E8]<<

_asm { MOV EAX, 0x85e76608; XCHG [ESP], EAX; PUSH EAX; PUSH 0x85e79c94; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }

1 nt!IofCallDriver[0x8041DDF0] -> \Device\Harddisk0\DR0[0x85D98BF0]

\Driver\Disk[0x85D99990] -> IRP_MJ_CREATE -> 0x85E766E8

kernel: MBR read successfully

_asm { CLI ; XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; CLD ; PUSH AX; PUSH AX; POP DS; POP ES; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x100; REP MOVSW ; JMP FAR 0x0:0x61d; }

detected disk devices:

detected hooks:

\Driver\Disk -> 0x85e766e8

user & kernel MBR OK

Warning: possible MBR rootkit infection !

Link to post
Share on other sites

  • 3 weeks later...

Greetings screen, I have been completely tied up this week and I will actually have to be going out of town for the next month. I know you guys place a time limit on threads for inactivity, justly so, but I hope that I can put a pause on this onw until I can be back at my desk. Please advise.

Thank you kindly, MMMM_M

Link to post
Share on other sites

  • 4 weeks later...
  • 2 weeks later...
This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.