Page 2 of 2 First 12
  1. #21

    Re: re-install windows 7 ?

    Quote Originally Posted by Corrine View Post
    Hi, one_unique_guy.

    What makes you think your computer is infected? If you'd like, you can run the tool as instructed below which will back up and scan the MBR.

    Please download aswMBR and save it to your Desktop.
    • Right click aswMBR.exe & choose "Run as Administrator" to run it.
    • Click Yes to the prompt to download Avast! virus definitions.
      (Please be patient whilst the virus definitions download)
    • With the AVscan set to Quick Scan, click the Scan button.
      (Please be patient whilst your computer is scanned.)
    • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
    • Click OK > Exit.
    • Note: Do not attempt to fix anything at this stage!
    • Two files will be created, aswMBR.txt & a file named MBR.dat.
    • MBR.dat is a backup of the MBR (master boot record), do not delete it..
    • I strongly suggest you keep a copy of this backup stored on an external device.
    • Copy & Paste the contents of aswMBR.txt into your next reply.
    Here is the text information
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

    Run date: 2012-05-31 15:02:44

    -----------------------------

    15:02:44.888 OS Version: Windows x64 6.1.7601 Service Pack 1

    15:02:44.888 Number of processors: 4 586 0x2A07

    15:02:44.888 ComputerName: MAIN UserName: Paul

    15:02:48.148 Initialize success

    15:06:02.912 AVAST engine defs: 12053100

    15:06:33.363 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

    15:06:33.363 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3

    15:06:33.363 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1

    15:06:33.363 Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 953868MB BusType: 3

    15:06:33.363 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-2

    15:06:33.363 Disk 2 Vendor: Hitachi_ JKAO Size: 1907728MB BusType: 3

    15:06:33.378 Disk 0 MBR read successfully

    15:06:33.378 Disk 0 MBR scan

    15:06:33.378 Disk 0 Windows 7 default MBR code

    15:06:33.378 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 what is this for, and what is the offset for / mean?

    15:06:33.410 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848 why is there an offset?

    15:06:33.441 Disk 0 scanning C:\Windows\system32\drivers

    15:06:41.568 Service scanning

    15:07:00.507 Modules scanning

    15:07:00.507 Disk 0 trace - called modules:

    15:07:00.522 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

    15:07:00.538 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009a88060]

    15:07:00.538 3 CLASSPNP.SYS[fffff88001f8e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80087cb050]

    15:07:03.471 AVAST engine scan C:\Windows

    15:07:07.308 AVAST engine scan C:\Windows\system32

    15:09:43.683 AVAST engine scan C:\Windows\system32\drivers

    15:09:58.644 AVAST engine scan C:\Users\Paul

    15:20:56.252 AVAST engine scan C:\ProgramData

    15:30:03.405 Scan finished successfully

    15:32:41.593 Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"

    15:32:41.624 The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"


    • Ad Bot

      advertising
      Beep.

        
       

  2. #22
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,525

    Re: re-install windows 7 ?

    15:06:33.378 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 what is this for, and what is the offset for / mean?
    15:06:33.410 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848 why is there an offset?
    That I can't tell you, other than it is common to see in logs. What I was looking to confirm is that there was no entry like "**INFECTED** MBR:Alureon-K [Rtk]". Fortunately there is no indication that the MBR is infected.

    However, seeing "246 Windows Updates failures since January" and the MSE indication of suspicious behavior by C:\Users\Paul\AppData\Local\Temp\un984.exe implies that there is more going on than the inability to record a blank CD. There are no results for un984.exe, however, 984.exe is described as "cloaked malware".

    Have you run Malwarebytes, as suggested by jcgriff2? If so, please post the log here, so as not to confuse the other thread.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #23

    Join Date
    Feb 2012
    Posts
    2,086
    Blog Entries
    7

    Re: re-install windows 7 ?

    The 100 mB partition has some boot stuff that Windows puts in there. I haven't had any time to research that portion of setup, so I can't explain it exactly - but it is legitimate and is on many, many Win7 systems.

    Now to show my ignorance about things related to malware:
    What about the ZeroAccess rootkit. I had my first exposure to it today (a STOP 0xc0000135 error missing %hs)
    No mention of it in the MBR - but it sure hosed the ability of this system to boot into Windows!

  4. #24
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,525

    Re: re-install windows 7 ?

    ZeroAccess hasn't been picked up by MSE and it is in detection as Win64/Sirefef. The variant added today. From http://www.microsoft.com/security/po...64%2fSirefef.Y:

    Trojan:Win64/Sirefef.Y is a component of Win64/Sirefef - a multi-component family of malware that moderates your Internet experience by modifying search results, and generates pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing the main payload.

    It provides selected function calls for Win64/Sirefef to establish network connections.
    McAfee has an extensive writeup at ZeroAccess.a - Malware - McAfee Labs Threat Center.
    Last edited by Corrine; 05-31-2012 at 08:20 PM.
    usasma says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #25

    Join Date
    Mar 2012
    Posts
    469

    Re: re-install windows 7 ?

    I had to deal with ZeroAccess in the past and manually removed it. Was a bugger.

    Anyways, I believe the "offset" means the starting position of the partition in relation to the drive. So offset 2048 means 2048 sectors(?) from the beginning of the drive.

  6. #26
    TheCyberMan's Avatar
    Join Date
    May 2012
    Location
    The Cyberverse
    Posts
    147
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        Compaq 6715B
      • Motherboard:
        HP30C2
      • CPU:
        AMD Turion 64x2 MT TL-64 2.2Ghz
      • Memory:
        SoDimm DDR2 PC2-5300(333Mhz) 4GB
      • Graphics:
        ATI Radeon(IGP) X1250 128Mb
      • Sound Card:
        SoundMax Integrated digital Audio HD audio USB audio
      • Hard Drives:
        FUJITSU MJA2500BH G2 Sata 3.0Gb/s 500GB
      • Disk Drives:
        Optiarc DVD RW AD-7560A ATA Device
      • Power Supply:
        N/A
      • Case:
        N/a
      • Cooling:
        HP Laptop cooling
      • Display:
        Generic PnP Monitor
      • Operating System:
        Windows 7 Ultimatex64 SP1

    Re: re-install windows 7 ?

    Was the operating system and C drive in use in another pc with a different motherboard to the one you are using now in the new system?

  7. #27

    Re: re-install windows 7 ?

    Yes the drive was used in old system, however I am no longer sure if it was the boot drive.
    No the OS not on any other system, was new hardware and old drives.
    I bought the win 7 and MB at the same time.
    Quote Originally Posted by TheCyberMan View Post
    Was the operating system and C drive in use in another pc with a different motherboard to the one you are using now in the new system?

  8. #28

    Re: re-install windows 7 ?

    I apologize to all who have tried to help, I have been away from computer for a long time. I just got back to it. I believe the issue to be solved.
    Thank you to all who have helped!
    zigzag3143 and TheCyberMan say thanks for this.

Page 2 of 2 First 12

Similar Threads

  1. In-Place Upgrade Install Windows (Windows 7 / Vista)
    By writhziden in forum Windows 7 | Windows Vista Tutorials
    Replies: 2
    Last Post: 06-05-2015, 02:56 PM
  2. Backup and Clean Install Windows (Windows 7 / Vista)
    By writhziden in forum Windows 7 | Windows Vista Tutorials
    Replies: 0
    Last Post: 09-28-2012, 04:45 PM
  3. Windows 8 Release Preview: Install Windows Media Center
    By zigzag3143 in forum Microsoft News
    Replies: 0
    Last Post: 06-01-2012, 04:28 PM

Log in

Log in