Jump to content

malicious code @ sector 0x04458930

Recommended Posts

When I executed Mbam several days ago, it found and let me remove about a dozen kinds of malware, and since then Mbam has reported no malware on my computer.

However, I am still concerned about the MBR rootkit malware called Boot.Mebroot that was found on my computer by my other antiviruse software, Norton 360.

I've been perplexed as to how to totally eliminate the "malicious code @ sector 0x04458930 !", and the "PE file found in sector at 0x04458946 !"

as reported by Gmer's MBR.EXE utility program. Here is the ouput from my most recent execution of MBR.EXE a few minutes ago:


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll adpu160m.sys

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x0445892D

malicious code @ sector 0x04458930 !

PE file found in sector at 0x04458946 !


This all started when my Norton 360 scan reported finding the following:


Resolved Threats : Boot.Mebroot

Type : Master Boot Record

Risk : High (High Stealth, High Removal, High Performance, High Privacy)

Categories : Virus

Status : Fully Resolved



1. Is the Boot.Mebroot in fact removed from my computer (WinXP Pro SP3)?

2. It so, why does MBR.EXE continue to report th following:

malicious code @ sector 0x04458930 !

PE file found in sector at 0x04458946 !

3. Is a "copy of MBR has been found in sector 0x0445892D" a good thing?

4. How can I shred the "malicious code" and the "PE file" in sectors 0x04458930 and 0x04458946, respectively?

Thank you very much.

Link to post
Share on other sites

  • 4 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.