Jump to content

Rootkit Pihar.c

OlderDude

By OlderDude
in Resolved Malware Removal Logs

 Share

Recommended Posts

OlderDude

OlderDude

Posted
Posted

Running Win 7 Pro and have been using only Microsoft default protections.

Just downloaded Malwarebytes trial and ran full scan.  The only thing at all that showed up was some old serial port test program that I'd downloaded a few years ago but hadn't used for ages.  So I let the tool delete it even though I'm 99 percent sure it was safe.

But looking at the default options selected I noticed that as a default Malwarebytes does not scan for rootkits.   So I enabled that and ran the scan again, and it detected 2:

Rootkit.Pihar.c.mbr on sector #5 on volume #1

Rootkit.Pihar.c.mbr on sector #0 on volume #1

I have no symptoms of any sort of infection.  No random reboots, no odd popups, no BSOD.    I found a list of registry entries typically associated with this MBR infection and found none  of them at all.   Doing a google search for that rootkit, it looks like most of the discussion is from a few years ago, and most is about trying to recover after botching the MBR removal.

So for now, I'm sitting on it.      But my questions are:    What are the chances that allowing Malwarebytes to remove the rootkit by clicking "remove selected"  will screw things up?

What are the chances that the rootkit is just so very smart that it isn't allowing me or Malwarebytes to see some serious infection by hiding its payloads.

Thanks.

 

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted (edited)

Hello and :welcome:

 

Rootkit is designed to hide itself and/or other infections. Let's make some diagnostics:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Edited by TwinHeadedEagle
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept