Jump to content

Anti-rootkit fails on 2nd run attempt following repair


Recommended Posts

I ran Malwarebytes anti-rootkit (MBAR) today. It detected a problem the first time I ran it and I think the relevant excerpt from the log is as follows:

Partition information:

Partition 0 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 21876736 Numsec = 3072000

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 24948736 Numsec = 443912192

Partition 2 type is HIDDEN (0x17)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 21874688

Partition is not bootable

Infected: VBR on Hidden active partition --> [unknown Rootkit VBR Infection]

Changing partition to empty and not active. New active partition is 1 on drive 0 ...

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0

Disk Size: 240057409536 bytes

Sector size: 512 bytes

After a successful restart (from the MBAR restart prompt) following 'Clean' which iirc listed two fixes to be applied, I followed the advice in the guides and attempted to re-run MBAR again to double-check things. When I did so, it crashed (and does so everytime I attempt it now) , apparently on the physical scan step (if the log showing in the window is indicative). The drive is an OCZ-vertex3 if that makes any difference.

post-137629-0-13506600-1365803185.png

I realise it's in beta. But it seems strange that it worked once and then failed to run correctly after having done its job. Any suggestions?

Link to post
Share on other sites

Thanks, I have tried that several times and it seems to reproduce each time. I've attached the system-log here from the mbar directory.

I do have Norton installed, but I disabled both the firewall and the antivirus before attempting to run MBAR (the same as I did the first time when it was successful).

Other than that, my system seems stable, although time will tell I guess.

Thanks again!

system-log.txt

Link to post
Share on other sites

  • Root Admin

Well you may want to follow the advice below and have someone assist you with further scanning to ensure the computer is not infected.

Its possible that something is causing a hang with our driver but if you're concerned that the computer may be infected then it's best to get it cleaned.

If on the other hand you're reasonably certain that the computer is not infected and would like to assist Support in trying to debug why then let us know.

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.