OSoccer Posted February 21, 2010 ID:203773 Share Posted February 21, 2010 When I executed Mbam several days ago, it found and let me remove about a dozen kinds of malware, and since then Mbam has reported no malware on my computer. However, I am still concerned about the MBR rootkit malware called Boot.Mebroot that was found on my computer by my other antiviruse software, Norton 360.I've been perplexed as to how to totally eliminate the "malicious code @ sector 0x04458930 !", and the "PE file found in sector at 0x04458946 !"as reported by Gmer's MBR.EXE utility program. Here is the ouput from my most recent execution of MBR.EXE a few minutes ago: ------------------------------------------------------------------------------------------ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll adpu160m.sys kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x0445892D malicious code @ sector 0x04458930 !PE file found in sector at 0x04458946 ! ------------------------------------------------------------------------------------------This all started when my Norton 360 scan reported finding the following: ----------------------------- Resolved Threats : Boot.Mebroot Type : Master Boot Record Risk : High (High Stealth, High Removal, High Performance, High Privacy) Categories : Virus Status : Fully Resolved -----------------------------Questions: 1. Is the Boot.Mebroot in fact removed from my computer (WinXP Pro SP3)? 2. It so, why does MBR.EXE continue to report th following: malicious code @ sector 0x04458930 ! PE file found in sector at 0x04458946 !3. Is a "copy of MBR has been found in sector 0x0445892D" a good thing?4. How can I shred the "malicious code" and the "PE file" in sectors 0x04458930 and 0x04458946, respectively?Thank you very much. Link to post Share on other sites More sharing options...
Staff screen317 Posted March 17, 2010 Staff ID:215680 Share Posted March 17, 2010 Hi and welcome to Malwarebytes.Do you still need help? Link to post Share on other sites More sharing options...
Staff screen317 Posted March 28, 2010 Staff ID:223006 Share Posted March 28, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts