Need Help With Trojan.mebroot.b
Hi every one,
Ok hope you guys can help me with this one here my bitdefender scan
BitDefender Log File !!!!!
Product : BitDefender Total Security 2008
Version : BitDefender UIScanner v.11
Log date : 05:02:54 24/08/2008
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1219568574_1_02.xml
Scan Paths:Path0000: C:\
Path0001:\
Path0002: E:\
Path0003: F:\
Path0004: G:\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Scan engines summaryNumber of virus signatures : 1573989
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
Archive plugins : 43
System plugins : 4
Unpack plugins : 7
Overall scan summaryScanned items : 776389
Infected items : 29
Suspicious items : 0
Resolved items : 3
Individual viruses found : 16
Scanned directories : 20143
Scanned boot sectors : 22
Scanned archives : 8292
Input-output errors : 37
Scan time : 00:04:14:43
Files per second : 50
Scanned processes summaryScanned : 50
Infected : 0
Scanned registry keys summaryScanned : 379
Infected : 0
Scanned cookies summaryScanned : 672
Infected : 0
Remaining issues:Object Name Threat Name Final Status
F:\RECYCLER\S-1-5-21-329068152-1637723038-839522115-1003\Df15\prog.rar=]- crk\StyleXP_Keygen.exe Application.Keygen.Xpstyle.BX Delete Failed (file was in an archive)
G:\Download\polaris3.0.rar=]polaris3.0\addons\nHTMLn.dll Spyware.Hacktool.Flood.A Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df14.zip=]keygen.rar=]AlienSkin.Software.MultiKeygen.v1.0.exe Trojan.Generic.252565 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df60.zip=]keygen.rar=]AlienSkin.Software.MultiKeygen.v1.0.exe Trojan.Generic.252565 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df64.rar=]AlienSkin.Software.MultiKeygen.v1.0.exe Trojan.Generic.252565 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df72.zip=]keygen.rar=]AlienSkin.Software.MultiKeygen.v1.0.exe Trojan.Generic.252565 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df80.zip=]keygen.rar=]AlienSkin.Software.MultiKeygen.v1.0.exe Trojan.Generic.252565 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df82.rar=]AlienSkin.Software.MultiKeygen.v1.0.exe Trojan.Generic.252565 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df177.zip=]keygen.rar=]onOne.Software.MultiKeygen.v1.0.exe Trojan.Generic.262961 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df182.rar=]onOne.Software.MultiKeygen.v1.0.exe Trojan.Generic.262961 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df194.zip=]keygen.rar=]onOne.Software.MultiKeygen.v1.0.exe Trojan.Generic.262961 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df198.rar=]onOne.Software.MultiKeygen.v1.0.exe Trojan.Generic.262961 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df275.zip=]Registry.Healer.v4.5.0.build.304-RES\install.exe Trojan.Generic.341900 Delete Failed (file was in an archive)
E:\=]Master Boot Record Trojan.Mebroot.B Delete Failed (file was in an archive)
F:\=]Master Boot Record Trojan.Mebroot.B Delete Failed (file was in an archive)
G:\=]Master Boot Record Trojan.Mebroot.B Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df118.zip=]keygen.rar=]keygen.exe Trojan.Packed.1753 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df120.rar=]keygen.exe Trojan.Packed.1753 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df123.zip=]keygen.rar=]keygen.exe Trojan.Packed.1753 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df126.rar=]keygen.exe Trojan.Packed.1753 Delete Failed (file was in an archive)
G:\Temp\Apps\Video Converter\iLead DVD Products 2008 [h33t][deepstatus]\iLead DVD Products 2008[h33t][deepstatus].rar=]iLead DVD Products 2008[h33t][deepstatus]\iLead_DVD_ripper_3.4.2\iLeadDVDRipperKeygen.exe Trojan.Packed.20520 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df233.zip=]keygen.rar=]Photomatix.Tone.Mapping.v1.1.2.Keygen.exe Trojan.Packed.5256 Delete Failed (file was in an archive)
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df235.rar=]Photomatix.Tone.Mapping.v1.1.2.Keygen.exe Trojan.Packed.5256 Delete Failed (file was in an archive)
G:\RECYCLER\S-1-5-21-57989841-963894560-1644491937-1003\Dg1333.exe=](RAR Sfx o)=]scarlett-johansson\scarlett-johansson.exe Trojan.Vundo.FFN Infected (no action was possible, file was in an archive)
F:\System Volume Information\_restore{99204C4D-948D-45A0-AB1E-05CD03E78485}\RP93\A0033172.exe=](NSIS o)=]lzma_solid_nsis0005 Win32.Worm.Warezov.FH Infected (no action was possible, file was in an archive)
I resolve all problem with manual except for master boot sector
then I run mbr.exe from c:\ and I get this
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x950a600 size 0x1fe !
Comments
-
Its normal to have MBR malware as long as you seem to use A LOT of keygens and crackers.Remember that there are always real freeware alternatives to payed software.If there is not alternative then its better to try and buy the best, its more safer.
Usage of cracked software,which almost 100% of the cases is infected with malware of all kinds, is on your own risk ,so enjoy
0 -
Your system aprtition C: doesn`t look like being affected by Mebroot. Overwriting the MBR`s of the affected partitions will fix the problem, as long as specific partition specific data is not lost. You may run fixmbr and fixboot inside the recovery console to do that.
LE: I`m sure I don`t have to repeat what sm3k3r told you about cracks/keygens/patches/whatever.0 -
Your system aprtition C: doesn`t look like being affected by Mebroot. Overwriting the MBR`s of the affected partitions will fix the problem, as long as specific partition specific data is not lost. You may run fixmbr and fixboot inside the recovery console to do that.
LE: I`m sure I don`t have to repeat what sm3k3r told you about cracks/keygens/patches/whatever.
1-Thanks alot for the info and the time for the answering.
2-If I ad something to hide I would modified the info that I leave on this forum I let it on because I new what would happen as responce so I can show my 16 year old son what happens when he do that.
So have a nice day and thanks again0 -
1-Thanks alot for the info and the time for the answering.
2-If I ad something to hide I would modified the info that I leave on this forum I let it on because I new what would happen as responce so I can show my 16 year old son what happens when he do that.
So have a nice day and thanks again
You re welcome!
Maybe you should upload those samples(cracks/keygens) for the experts to look into them, here.0 -
You re welcome!
Maybe you should upload those samples(cracks/keygens) for the experts to look into them, here.
Sorry I wipe out those drive.
If there a next time I will do
Thanks everyone0
