I have run hitman pro and found 'traces of the TDL3 Alureon' rootkit on the computer. However, running TDSSKiller would of solved this issue - but - apparently the symptoms keep coming back so I decided to scan using COMBOFIX. I have run it once, it found a rootkit on the MBR. Rebooted the computer, the symptoms were still there. I ran COMBOFIX again, still detecting the rootkit. Is there a way to get rid of it without having to format the hard disk? Here is the log message:
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86EE3ACE]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7605f28
\Driver\ACPI -> ACPI.sys @ 0xf7578cb8
\Driver\atapi -> atapi.sys @ 0xf750a852
\Driver\iaStor -> iaStor.sys @ 0xf7477918
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
Answer
Use boot manager repair procedure for your operating system. It should overwrite MBR data, so you should be safe. Just to be safe you could repeat procedure several times.
No comments:
Post a Comment