Jump to content

Unrelenting mbr infection. Please help

Recommended Posts

I've followed the instructions provided for removal but following rebooting the virus is always still present.

If there is anyone out there that can help with this then please reply. I've provided logs from various scanning programs that may be of use. It may be important to know that that gmer rootkit scan made my computer crash every time.









Link to post
Share on other sites

Additional info.

The infected files seem to be:

C:\System Volume Information\Microsoft\services.exe

C:\System Volume Information\Microsoft\smss.exe

The virus manifests itself in annoying audio adverts, blue screen crashes and volume settings being changed to mute among other things. Stopping the 'iexplorer' process stops it for a few seconds until the process starts up again.

Link to post
Share on other sites


Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.


    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Link to post
Share on other sites

You can delete this file


How is everything running??

Things are running fine but any scanner I use still throws up the same infection warnings.

C:\123.exe I think is MGTools.exe which I renamed in the hope it might allow it to run. Should I still delete it?

Link to post
Share on other sites

So does that mean the infection has gone?

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.


1. Go to Start > Programs > Accessories > System Tools and click "System Restore".

2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.


Here is some useful information on keeping your computer clean:

  1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update
  2. How to update Adobe Acrobat Reader

    1. On your desktop, double-click on your Adobe icon.
    2. Click on Help.
    3. Click on Check for Updates.
    4. Visit my blog Here to view the video.

    5. How to update Jave SE Runtime
      1. Go to Start.
      2. Click on Control Panel
      3. Double-Click on the Java icon.
      4. Click on Update tab
      5. Click on Update Now.
      6. Visit my blog Here to view the video.

[*]Check out Tony Klein's "So how did i get infected in the first place" here

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.