WiredWX Hobby Weather ToolsLog in

 


descriptionMebroot and Norton Internet Security 2011 - Page 2 EmptyRe: Mebroot and Norton Internet Security 2011

more_horiz
Looks good.

Your VLC Player needs updating, so do that now.

Download and install VLC Player 1.1.5
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

How is the machine running now?

descriptionMebroot and Norton Internet Security 2011 - Page 2 EmptyRe: Mebroot and Norton Internet Security 2011

more_horiz
Still get the popup from Norton Internet Security that the MBR is infected with mebroot.

descriptionMebroot and Norton Internet Security 2011 - Page 2 EmptyRe: Mebroot and Norton Internet Security 2011

more_horiz
Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.

descriptionMebroot and Norton Internet Security 2011 - Page 2 EmptyRe: Mebroot and Norton Internet Security 2011

more_horiz
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9E94000 SYMDS.SYS
0xB9E82000 sr.sys
0xB9DDE000 SYMEFA.SYS
0xB9DC7000 KSecDD.sys
0xB9D3A000 Ntfs.sys
0xB9D0D000 NDIS.sys
0xB9CF3000 Mup.sys
0xB9C72000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xB966F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB965B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB9647000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA727000 \SystemRoot\system32\drivers\msmpu401.sys
0xB9623000 \SystemRoot\system32\drivers\portcls.sys
0xBA1D8000 \SystemRoot\system32\drivers\drmk.sys
0xB9600000 \SystemRoot\system32\drivers\ks.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB95DC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3F0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA208000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA218000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9562000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB952F000 \SystemRoot\system32\drivers\ctoss2k.sys
0xBA3F8000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xBA228000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB9445000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xBA238000 \SystemRoot\system32\DRIVERS\processr.sys
0xBA73F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA248000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA574000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB942E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA258000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA268000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA400000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB941D000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA278000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA408000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA410000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB93ED000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA288000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA418000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5CA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9367000 \SystemRoot\system32\DRIVERS\update.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA298000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5CC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB2DCE000 \SystemRoot\system32\drivers\ha20x2k.sys
0xB2DA1000 \SystemRoot\system32\drivers\emupia2k.sys
0xB2D7A000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xB2CDE000 \SystemRoot\system32\drivers\ctac32k.sys
0xBA428000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA5D2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7CA000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D4000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA438000 \SystemRoot\System32\drivers\vga.sys
0xBA5D6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA440000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA448000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9CBF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB2CAB000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB2C52000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB2BF9000 \SystemRoot\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS
0xB2BD3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB2BAD000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xBA558000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA308000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA450000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB2B2D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB2B0B000 \SystemRoot\System32\drivers\afd.sys
0xBA318000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB2AE7000 \SystemRoot\system32\drivers\NIS\1205000.07D\Ironx86.SYS
0xBA198000 \SystemRoot\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
0xB2ABC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB2A4C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA128000 \SystemRoot\System32\Drivers\Fips.SYS
0xB29EE000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xBA54C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB29A9000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB28FD000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
0xBA158000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB28E5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA60A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB923A000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA488000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7E8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB2529000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB2348000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5BE000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB21D8000 \SystemRoot\system32\DRIVERS\srv.sys
0xB1EFB000 \SystemRoot\System32\Drivers\NIS\1205000.07D\SRTSP.SYS
0xB1D5F000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2278000 \SystemRoot\system32\drivers\sysaudio.sys
0xB1750000 \SystemRoot\System32\Drivers\HTTP.sys
0xB09E2000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101229.002\IDSxpx86.sys
0xB07CF000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101231.002\NAVEX15.SYS
0xB07BB000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101231.002\NAVENG.SYS
0xAE1D6000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 28):
0 System Idle Process
4 System
560 C:\WINDOWS\system32\smss.exe
632 csrss.exe
656 C:\WINDOWS\system32\winlogon.exe
700 C:\WINDOWS\system32\services.exe
712 C:\WINDOWS\system32\lsass.exe
884 C:\WINDOWS\system32\svchost.exe
952 svchost.exe
1048 C:\WINDOWS\system32\svchost.exe
1168 svchost.exe
1244 svchost.exe
1392 C:\WINDOWS\system32\spoolsv.exe
1504 svchost.exe
1568 C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
1608 C:\WINDOWS\system32\nvsvc32.exe
1676 C:\WINDOWS\system32\svchost.exe
1140 alg.exe
140 C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
1008 C:\WINDOWS\explorer.exe
3300 C:\WINDOWS\CTHELPER.EXE
3304 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
3356 C:\WINDOWS\system32\rundll32.exe
3396 C:\WINDOWS\system32\ctfmon.exe
2012 C:\WINDOWS\system32\wuauclt.exe
2532 C:\Program Files\Mozilla Firefox\firefox.exe
2392 C:\Program Files\Mozilla Firefox\plugin-container.exe
2512 C:\Documents and Settings\dendeb\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00004000 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD400BB-32CLB0, Rev: 05.04E05
PhysicalDrive1 Model Number: ST3160812A, Rev: 3.AAE
PhysicalDrive2 Model Number: WDCWD600BB-00CAA1, Rev: 17.07W17

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive1 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
55 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

descriptionMebroot and Norton Internet Security 2011 - Page 2 EmptyRe: Mebroot and Norton Internet Security 2011

more_horiz
Hello.
the problem is in the Norton cache.

Mebroot and Norton Internet Security 2011 - Page 2 Original?v=mpbl-1&px=-1

Remove any old threat in there, see if it still detects Mebroot now.

descriptionMebroot and Norton Internet Security 2011 - Page 2 EmptyRe: Mebroot and Norton Internet Security 2011

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum