Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Tag Cloud
access acer asus batch bios bsod crash desktop driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop malware memory modem monitor motherboard netgear network printer problem ram registry router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
GMER says I have a MBR rootkit, safe to delete? (In Progress)

Reply  
Thread Tools
SpeedofLight's Avatar
Member with 62 posts.
  
Join Date: Apr 2004
29-Jul-2010, 01:05 AM #1
GMER says I have a MBR rootkit, safe to delete?
Ive been infected with a worm thats in my userinit.exe constantly. I downloaded gmer and said i have an mbr rootkit. is this a false positive or is it legitimate? will it cure my problem?

---- Kernel code sections - GMER 1.0.15 ----

? vklfchlb.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8BC5360, 0x20574D, 0xE8000020]
.text win32k.sys!EngAcquireSemaphore + 20E2 BF808308 5 Bytes JMP 8871F4D0
.text win32k.sys!EngFreeUserMem + 5BD2 BF80EE8F 5 Bytes JMP 8871F430
.text win32k.sys!EngMultiByteToWideChar + 2F32 BF8A0D51 5 Bytes JMP 8871F750
.text win32k.sys!EngMulDiv + 90FA BF8B4264 5 Bytes JMP 8871F610
.text win32k.sys!XLATEOBJ_iXlate + 3A50 BF8B9E25 5 Bytes JMP 8871F570
.text win32k.sys!EngUnicodeToMultiByteN + 1756 BF8C322E 5 Bytes JMP 8871F6B0
.text win32k.sys!PATHOBJ_bCloseFigure + 19F1 BF8F98FC 5 Bytes JMP 8871F7F0

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit code detected

---- EOF - GMER 1.0.15 ----
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-Jul-2010, 07:14 AM #2
Download MBR Check to your desktop
  • Right click MBRcheck.exe and select Run as Administrator (Vista) or Double click MBRcheck.exe to run it (XP)
  • It will show a Black screen with some data on it
  • it will create a log called MBRcheck_time and date.txt on desktop
  • Post that resultant log here please
  • Do NOT fix anything or run any suggested fix before we see the report
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Possible MBR rootkit infection Nausike Virus & Other Malware Removal 0 11-May-2010 05:35 PM
Have Virus problems Rootkit mikelepc Virus & Other Malware Removal 0 10-Mar-2010 07:36 PM
I got a virus, Not letting me scan or delete saying "Acess denied" CPUMadness Virus & Other Malware Removal 14 12-Aug-2009 05:26 PM
I have the hacktool.rootkit virus and it keeps coming back Angelhug83 Virus & Other Malware Removal 0 12-Feb-2009 09:27 AM
Norton 360 Keeps Saying I have a Cookie,How Do I delete It? Vegito Virus & Other Malware Removal 0 16-Sep-2008 04:48 PM


Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 02:55 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.