Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
virus seems to reinstall itself during boot into shell
Message
<blockquote data-quote="KennyGordacki" data-source="post: 517509" data-attributes="member: 53506"><p>Here is the aswmbr.exe file.</p><p></p><p>aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software</p><p>Run date: 2016-06-22 23:07:56</p><p>-----------------------------</p><p>23:07:56.951 OS Version: Windows x64 6.1.7601 Service Pack 1</p><p>23:07:56.951 Number of processors: 2 586 0x170A</p><p>23:07:56.951 ComputerName: ME-PC UserName: </p><p>23:08:00.234 Initialize success</p><p>23:10:07.424 AVAST engine defs: 16062202</p><p>23:10:24.868 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1</p><p>23:10:24.884 Disk 0 Vendor: FUJITSU_MHY2250BH 0085000B Size: 238475MB BusType: 11</p><p>23:10:25.198 Disk 0 MBR read successfully</p><p>23:10:25.198 Disk 0 MBR scan</p><p>23:10:25.229 Disk 0 Windows 7 default MBR code</p><p>23:10:25.244 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048</p><p>23:10:25.291 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 229376 MB offset 3074048</p><p>23:10:25.338 Disk 0 scanning C:\Windows\system32\drivers</p><p>23:10:45.027 Service scanning</p><p>23:11:11.725 Service MpKsld8615e31 C:\Windows\Temp\MpKsld8615e31.sys **LOCKED** 32</p><p>23:11:42.021 Modules scanning</p><p>23:11:42.032 Disk 0 trace - called modules:</p><p>23:11:42.053 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys </p><p>23:11:42.063 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800331d060]</p><p>23:11:42.071 3 CLASSPNP.SYS[fffff88001b4343f] -> nt!IofCallDriver -> [0xfffffa8002d84520]</p><p>23:11:42.078 5 ACPI.sys[fffff88000ee67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8002e11060]</p><p>23:11:48.703 AVAST engine scan C:\</p><p>23:14:32.751 Disk 0 MBR has been saved successfully to "C:\Users\Administrator 1\Desktop\MBR.dat"</p><p>23:14:32.760 The log file has been saved successfully to "C:\Users\Administrator 1\Desktop\aswMBR.txt"</p></blockquote><p></p>
[QUOTE="KennyGordacki, post: 517509, member: 53506"] Here is the aswmbr.exe file. aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2016-06-22 23:07:56 ----------------------------- 23:07:56.951 OS Version: Windows x64 6.1.7601 Service Pack 1 23:07:56.951 Number of processors: 2 586 0x170A 23:07:56.951 ComputerName: ME-PC UserName: 23:08:00.234 Initialize success 23:10:07.424 AVAST engine defs: 16062202 23:10:24.868 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 23:10:24.884 Disk 0 Vendor: FUJITSU_MHY2250BH 0085000B Size: 238475MB BusType: 11 23:10:25.198 Disk 0 MBR read successfully 23:10:25.198 Disk 0 MBR scan 23:10:25.229 Disk 0 Windows 7 default MBR code 23:10:25.244 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048 23:10:25.291 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 229376 MB offset 3074048 23:10:25.338 Disk 0 scanning C:\Windows\system32\drivers 23:10:45.027 Service scanning 23:11:11.725 Service MpKsld8615e31 C:\Windows\Temp\MpKsld8615e31.sys **LOCKED** 32 23:11:42.021 Modules scanning 23:11:42.032 Disk 0 trace - called modules: 23:11:42.053 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 23:11:42.063 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800331d060] 23:11:42.071 3 CLASSPNP.SYS[fffff88001b4343f] -> nt!IofCallDriver -> [0xfffffa8002d84520] 23:11:42.078 5 ACPI.sys[fffff88000ee67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8002e11060] 23:11:48.703 AVAST engine scan C:\ 23:14:32.751 Disk 0 MBR has been saved successfully to "C:\Users\Administrator 1\Desktop\MBR.dat" 23:14:32.760 The log file has been saved successfully to "C:\Users\Administrator 1\Desktop\aswMBR.txt" [/QUOTE]
Insert quotes…
Verification
Post reply
Top