Need Help With Trojan.mebroot.b

superl

Hi every one,

Ok hope you guys can help me with this one here my bitdefender scan

BitDefender Log File !!!!!
Product : BitDefender Total Security 2008 
Version : BitDefender UIScanner v.11 
Log date : 05:02:54 24/08/2008 
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1219568574_1_02.xml 

Scan Paths:Path0000: C:\ 
Path0001: \ 
Path0002: E:\ 
Path0003: F:\ 
Path0004: G:\ 


Scan Options:Scan for viruses : Yes 
Scan for adware : Yes 
Scan for spyware : Yes 
Scan for applications : Yes 
Scan for dialers : Yes 
Scan for rootkits : Yes 


Target selection options:Scan registry keys : Yes 
Scan cookies : Yes 
Scan boot sectors : Yes 
Scan memory processes : Yes 
Scan archives : Yes 
Scan runtime packers : Yes 
Scan emails : Yes 
Scan all files : Yes 
Heuristic Scan : Yes 
Scanned extensions :  
Excluded extensions :  


Target ProcessingDefault action for infected objects : Disinfect 
Default action for suspicious objects : None 
Default action for hidden objects : None 


Scan engines summaryNumber of virus signatures : 1573989 
Archive plugins : 43 
Email plugins : 6 
Scan plugins : 12 
Archive plugins : 43 
System plugins : 4 
Unpack plugins : 7 


Overall scan summaryScanned items : 776389 
Infected items : 29 
Suspicious items : 0 
Resolved items : 3 
Individual viruses found : 16 
Scanned directories : 20143 
Scanned boot sectors : 22 
Scanned archives : 8292 
Input-output errors : 37 
Scan time : 00:04:14:43 
Files per second : 50 


Scanned processes summaryScanned : 50 
Infected : 0 


Scanned registry keys summaryScanned : 379 
Infected : 0 


Scanned cookies summaryScanned : 672 
Infected : 0 


Remaining issues:Object Name Threat Name Final Status 
F:\RECYCLER\S-1-5-21-329068152-1637723038-839522115-1003\Df15\prog.rar=]- crk\StyleXP_Keygen.exe Application.Keygen.Xpstyle.BX Delete Failed (file was in an archive) 
G:\Download\polaris3.0.rar=]polaris3.0\addons\nHTMLn.dll Spyware.Hacktool.Flood.A Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df14.zip=]keygen.rar=]AlienSkin.Software.MultiKeygen.v1.0.exe Trojan.Generic.252565 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df60.zip=]keygen.rar=]AlienSkin.Software.MultiKeygen.v1.0.exe Trojan.Generic.252565 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df64.rar=]AlienSkin.Software.MultiKeygen.v1.0.exe Trojan.Generic.252565 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df72.zip=]keygen.rar=]AlienSkin.Software.MultiKeygen.v1.0.exe Trojan.Generic.252565 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df80.zip=]keygen.rar=]AlienSkin.Software.MultiKeygen.v1.0.exe Trojan.Generic.252565 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df82.rar=]AlienSkin.Software.MultiKeygen.v1.0.exe Trojan.Generic.252565 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df177.zip=]keygen.rar=]onOne.Software.MultiKeygen.v1.0.exe Trojan.Generic.262961 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df182.rar=]onOne.Software.MultiKeygen.v1.0.exe Trojan.Generic.262961 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df194.zip=]keygen.rar=]onOne.Software.MultiKeygen.v1.0.exe Trojan.Generic.262961 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df198.rar=]onOne.Software.MultiKeygen.v1.0.exe Trojan.Generic.262961 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df275.zip=]Registry.Healer.v4.5.0.build.304-RES\install.exe Trojan.Generic.341900 Delete Failed (file was in an archive) 
\=]Master Boot Record Trojan.Mebroot.B Delete Failed (file was in an archive) 
E:\=]Master Boot Record Trojan.Mebroot.B Delete Failed (file was in an archive) 
F:\=]Master Boot Record Trojan.Mebroot.B Delete Failed (file was in an archive) 
G:\=]Master Boot Record Trojan.Mebroot.B Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df118.zip=]keygen.rar=]keygen.exe Trojan.Packed.1753 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df120.rar=]keygen.exe Trojan.Packed.1753 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df123.zip=]keygen.rar=]keygen.exe Trojan.Packed.1753 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df126.rar=]keygen.exe Trojan.Packed.1753 Delete Failed (file was in an archive) 
G:\Temp\Apps\Video Converter\iLead DVD Products 2008 [h33t][deepstatus]\iLead DVD Products 2008[h33t][deepstatus].rar=]iLead DVD Products 2008[h33t][deepstatus]\iLead_DVD_ripper_3.4.2\iLeadDVDRipperKeygen.exe Trojan.Packed.20520 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df233.zip=]keygen.rar=]Photomatix.Tone.Mapping.v1.1.2.Keygen.exe Trojan.Packed.5256 Delete Failed (file was in an archive) 
F:\RECYCLER\S-1-5-21-2052111302-1202660629-725345543-1003\Df235.rar=]Photomatix.Tone.Mapping.v1.1.2.Keygen.exe Trojan.Packed.5256 Delete Failed (file was in an archive) 
G:\RECYCLER\S-1-5-21-57989841-963894560-1644491937-1003\Dg1333.exe=](RAR Sfx o)=]scarlett-johansson\scarlett-johansson.exe Trojan.Vundo.FFN Infected (no action was possible, file was in an archive) 
F:\System Volume Information\_restore{99204C4D-948D-45A0-AB1E-05CD03E78485}\RP93\A0033172.exe=](NSIS o)=]lzma_solid_nsis0005 Win32.Worm.Warezov.FH Infected (no action was possible, file was in an archive)

I resolve all problem with manual except for master boot sector

then I run mbr.exe from c:\ and I get this

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

malicious code @ sector 0x950a600 size 0x1fe !

Sm3K3R

Its normal to have MBR malware as long as you seem to use A LOT of keygens and crackers.Remember that there are always real freeware alternatives to payed software.If there is not alternative then its better to try and buy the best, its more safer.

Usage of cracked software,which almost 100% of the cases is infected with malware of all kinds, is on your own risk ,so enjoy

AndreiASM

Your system aprtition C: doesn`t look like being affected by Mebroot. Overwriting the MBR`s of the affected partitions will fix the problem, as long as specific partition specific data is not lost. You may run fixmbr and fixboot inside the recovery console to do that.

LE: I`m sure I don`t have to repeat what sm3k3r told you about cracks/keygens/patches/whatever.

superl

Your system aprtition C: doesn`t look like being affected by Mebroot. Overwriting the MBR`s of the affected partitions will fix the problem, as long as specific partition specific data is not lost. You may run fixmbr and fixboot inside the recovery console to do that.

LE: I`m sure I don`t have to repeat what sm3k3r told you about cracks/keygens/patches/whatever.

1-Thanks alot for the info and the time for the answering.

2-If I ad something to hide I would modified the info that I leave on this forum I let it on because I new what would happen as responce so I can show my 16 year old son what happens when he do that.

So have a nice day and thanks again

Sm3K3R

1-Thanks alot for the info and the time for the answering.

2-If I ad something to hide I would modified the info that I leave on this forum I let it on because I new what would happen as responce so I can show my 16 year old son what happens when he do that.

So have a nice day and thanks again

You re welcome!

Maybe you should upload those samples(cracks/keygens) for the experts to look into them, here.

superl

You re welcome!

Maybe you should upload those samples(cracks/keygens) for the experts to look into them, here.

Sorry I wipe out those drive.

If there a next time I will do

Thanks everyone