Infected computer

I have been getting a trojan virus in my scans. It says it's a boot sector
virus located in PHYSICALDRIVE O. I have webroot security and no matter how
many times I scan it's still there. I also get a pop up window with a debug
button. If you hit this you only end up loosing your internet page. It has
become very bothersome. Webroot wants $100 to go in and fix the problem.
Someone I know wants to take my computer back to factory settings. Is there
anothr option here?

 

nightfairy27 wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> I have been getting a trojan virus in my scans. It says it's a boot sector
> virus located in PHYSICALDRIVE O. I have webroot security and no matter how
> many times I scan it's still there. I also get a pop up window with a debug
> button. If you hit this you only end up loosing your internet page. It has
> become very bothersome. Webroot wants $100 to go in and fix the problem.
> Someone I know wants to take my computer back to factory settings. Is there
> another option here?<!--colorc--><!--/colorc-->

1) Exactly what malware is being identified?

2) Exactly what antimalware is identifying the infection?

3) What is the long and detailed version of your system's OS?

4) Download & execute GMER in "Normal Mode":

<http://www.gmer.net/#files>

5) If any malware is identified, remove the malware with this application.

6) Update this thread with the exact answers to the above and your
progress.

--
1PW

 

nightfairy27 wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> I have been getting a trojan virus in my scans. It says it's a boot
> sector virus located in PHYSICALDRIVE O. I have webroot security and no
> matter how many times I scan it's still there. I also get a pop up window
> with a debug
> button. If you hit this you only end up loosing your internet page. It
> has become very bothersome. Webroot wants $100 to go in and fix the
> problem. Someone I know wants to take my computer back to factory
> settings. Is there anothr option here?<!--colorc--><!--/colorc-->

At this point either get guided help at one of the specialty forums below OR
back up your data and do a clean install of Windows. It is your choice. If
you are unsure how to back up your data or how to do a clean install, you
can take your machine to a local computer professional. I don't recommend
using BigComputerStore/GeekSquad types of places.

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

- Posting FAQ





f37.html








Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!

 

The virs says it is Troj/Mbroot-G I also get an alert saying the firewall
has detected a NULL SCAN.

"1PW" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> nightfairy27 wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
> > I have been getting a trojan virus in my scans. It says it's a boot sector
> > virus located in PHYSICALDRIVE O. I have webroot security and no matter how
> > many times I scan it's still there. I also get a pop up window with a debug
> > button. If you hit this you only end up loosing your internet page. It has
> > become very bothersome. Webroot wants $100 to go in and fix the problem.
> > Someone I know wants to take my computer back to factory settings. Is there
> > another option here?<!--colorc--><!--/colorc-->
>
> 1) Exactly what malware is being identified?
>
> 2) Exactly what antimalware is identifying the infection?
>
> 3) What is the long and detailed version of your system's OS?
>
> 4) Download & execute GMER in "Normal Mode":
>
> <http://www.gmer.net/#files>
>
> 5) If any malware is identified, remove the malware with this application.
>
> 6) Update this thread with the exact answers to the above and your
> progress.
>
> --
> 1PW
> <!--colorc--><!--/colorc-->

 

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"nightfairy27" <nightfairy27@discussions.microsoft.com> wrote in message
news:7A40385B-DD61-422E-BEA7-B975851367DF@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> The virs says it is Troj/Mbroot-G I also get an alert saying the firewall
> has detected a NULL SCAN.
>
> "1PW" wrote:
><!--coloro:green--><span style="color:green <!--/coloro-->
>> nightfairy27 wrote:<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>> > I have been getting a trojan virus in my scans. It says it's a boot sector
>> > virus located in PHYSICALDRIVE O. I have webroot security and no matter how
>> > many times I scan it's still there. I also get a pop up window with a debug
>> > button. If you hit this you only end up loosing your internet page. It has
>> > become very bothersome. Webroot wants $100 to go in and fix the problem.
>> > Someone I know wants to take my computer back to factory settings. Is there
>> > another option here?<!--colorc--><!--/colorc-->
>>
>> 1) Exactly what malware is being identified?
>>
>> 2) Exactly what antimalware is identifying the infection?
>>
>> 3) What is the long and detailed version of your system's OS?
>>
>> 4) Download & execute GMER in "Normal Mode":
>>
>> <http://www.gmer.net/#files>
>>
>> 5) If any malware is identified, remove the malware with this application.
>>
>> 6) Update this thread with the exact answers to the above and your
>> progress.
>>
>> --
>> 1PW
>> <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

cf.


NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

1. See if you can download/run the MSRT manually:


NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:


3. Run a /thorough/ check for hijackware, including posting requested logs
in an appropriate forum, not here.

Checking for/Help with Hijackware:
•

•
•
•
•

**Chances are you will need to seek expert assistance in
,
,
,
,
or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002


nightfairy27 wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> The virs says it is Troj/Mbroot-G I also get an alert saying the firewall
> has detected a NULL SCAN.
><!--coloro:green--><span style="color:green <!--/coloro-->
>>
>> 1) Exactly what malware is being identified?
>>
>> 2) Exactly what antimalware is identifying the infection?
>>
>> 3) What is the long and detailed version of your system's OS?
>>
>> 4) Download & execute GMER in "Normal Mode":
>>
>> <http://www.gmer.net/#files>
>>
>> 5) If any malware is identified, remove the malware with this
>> application.
>>
>> 6) Update this thread with the exact answers to the above and your
>> progress.
>><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>>> I have been getting a trojan virus in my scans. It says it's a boot
>>> sector virus located in PHYSICALDRIVE O. I have webroot security and no
>>> matter how many times I scan it's still there. I also get a pop up
>>> window
>>> with a debug button. If you hit this you only end up loosing your
>>> internet page. It has become very bothersome. Webroot wants $100 to go
>>> in
>>> and fix the problem. Someone I know wants to take my computer back to
>>> factory settings. Is there another option here? <!--colorc--><!--/colorc--><!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

nightfairy27 wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> The virs says it is Troj/Mbroot-G I also get an alert saying the firewall
> has detected a NULL SCAN.
>
> "1PW" wrote:
> <!--coloro:green--><span style="color:green <!--/coloro-->
>> nightfairy27 wrote:<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>>> I have been getting a trojan virus in my scans. It says it's a boot sector
>>> virus located in PHYSICALDRIVE O. I have webroot security and no matter how
>>> many times I scan it's still there. I also get a pop up window with a debug
>>> button. If you hit this you only end up loosing your internet page. It has
>>> become very bothersome. Webroot wants $100 to go in and fix the problem.
>>> Someone I know wants to take my computer back to factory settings. Is there
>>> another option here?<!--colorc--><!--/colorc-->
>> 1) Exactly what malware is being identified?
>>
>> 2) Exactly what antimalware is identifying the infection?
>>
>> 3) What is the long and detailed version of your system's OS?
>>
>> 4) Download & execute GMER in "Normal Mode":
>>
>> <http://www.gmer.net/#files>
>>
>> 5) If any malware is identified, remove the malware with this application.
>>
>> 6) Update this thread with the exact answers to the above and your
>> progress.
>>
>> --
>> 1PW<!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

Some likelihood exists for your system having malware in your master
boot record (MBR). If this is so, do you have the computer skills to
to restore your HDD's MBR, if this could be confirmed? Had you made a
full system backup long before your possible malware discovery?

--
1PW

 

I don't know alot about computers but if I had a step by step instructions I
could follow them. I had anitvirus software before the infection but it
doesn't remove the problem. It seem things got worse when I updated from
Explorer 7 to Explorer 8

"PA Bear [MS MVP]" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> cf.
>
>
> NB: If you had no anti-virus application installed or the subscription had
> expired *when the machine first got infected* and/or your subscription has
> since expired and/or the machine's not been kept fully-patched at Windows
> Update, don't waste your time with any of the below: Format & reinstall
> Windows. A Repair Install will NOT help!
>
> 1. See if you can download/run the MSRT manually:
>
>
> NB: Run the FULL scan, not the QUICK scan! You may need to download the
> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
> machine and rename it to SCAN.EXE before running it.
>
> 2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan
> (only!) in Safe Mode with Networking, if need be:
>
>
> 3. Run a /thorough/ check for hijackware, including posting requested logs
> in an appropriate forum, not here.
>
> Checking for/Help with Hijackware:
> •
>
> •
> •
> •
> •
>
> **Chances are you will need to seek expert assistance in
> ,
> ,
> ,
> ,
> or other appropriate forums.**
>
> If these procedures look too complex - and there is no shame in admitting
> this isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA) computer repair shop.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>
>
> nightfairy27 wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
> > The virs says it is Troj/Mbroot-G I also get an alert saying the firewall
> > has detected a NULL SCAN.
> ><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
> >>
> >> 1) Exactly what malware is being identified?
> >>
> >> 2) Exactly what antimalware is identifying the infection?
> >>
> >> 3) What is the long and detailed version of your system's OS?
> >>
> >> 4) Download & execute GMER in "Normal Mode":
> >>
> >> <http://www.gmer.net/#files>
> >>
> >> 5) If any malware is identified, remove the malware with this
> >> application.
> >>
> >> 6) Update this thread with the exact answers to the above and your
> >> progress.
> >>
> >>> I have been getting a trojan virus in my scans. It says it's a boot
> >>> sector virus located in PHYSICALDRIVE O. I have webroot security and no
> >>> matter how many times I scan it's still there. I also get a pop up
> >>> window
> >>> with a debug button. If you hit this you only end up loosing your
> >>> internet page. It has become very bothersome. Webroot wants $100 to go
> >>> in
> >>> and fix the problem. Someone I know wants to take my computer back to
> >>> factory settings. Is there another option here? <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
>
> <!--colorc--><!--/colorc-->

 

Um, my previous reply included step by step instructions. You'll also find
step by step instructions when you visit one of the forums I cited in Step
#3.


nightfairy27 wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> I don't know alot about computers but if I had a step by step instructions
> I
> could follow them. I had anitvirus software before the infection but it
> doesn't remove the problem. It seem things got worse when I updated from
> Explorer 7 to Explorer 8
>
> "PA Bear [MS MVP]" wrote:
><!--coloro:green--><span style="color:green <!--/coloro-->
>> cf.
>>
>>
>> NB: If you had no anti-virus application installed or the subscription
>> had
>> expired *when the machine first got infected* and/or your subscription
>> has
>> since expired and/or the machine's not been kept fully-patched at Windows
>> Update, don't waste your time with any of the below: Format & reinstall
>> Windows. A Repair Install will NOT help!
>>
>> 1. See if you can download/run the MSRT manually:
>>
>>
>> NB: Run the FULL scan, not the QUICK scan! You may need to download the
>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
>> machine and rename it to SCAN.EXE before running it.
>>
>> 2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection'
>> scan
>> (only!) in Safe Mode with Networking, if need be:
>>
>>
>> 3. Run a /thorough/ check for hijackware, including posting requested
>> logs
>> in an appropriate forum, not here.
>>
>> Checking for/Help with Hijackware:
>> •
>>
>> •
>> •
>> •
>> •
>>
>> **Chances are you will need to seek expert assistance in
>> ,
>> ,
>> ,
>> ,
>> or other appropriate forums.**
>>
>> If these procedures look too complex - and there is no shame in admitting
>> this isn't your cup of tea - take the machine to a local, reputable and
>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>
>>
>> nightfairy27 wrote:<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>>> The virs says it is Troj/Mbroot-G I also get an alert saying the
>>> firewall
>>> has detected a NULL SCAN.
>>>
>>>>
>>>> 1) Exactly what malware is being identified?
>>>>
>>>> 2) Exactly what antimalware is identifying the infection?
>>>>
>>>> 3) What is the long and detailed version of your system's OS?
>>>>
>>>> 4) Download & execute GMER in "Normal Mode":
>>>>
>>>> <http://www.gmer.net/#files>
>>>>
>>>> 5) If any malware is identified, remove the malware with this
>>>> application.
>>>>
>>>> 6) Update this thread with the exact answers to the above and your
>>>> progress.
>>>>
>>>>> I have been getting a trojan virus in my scans. It says it's a boot
>>>>> sector virus located in PHYSICALDRIVE O. I have webroot security and
>>>>> no
>>>>> matter how many times I scan it's still there. I also get a pop up
>>>>> window
>>>>> with a debug button. If you hit this you only end up loosing your
>>>>> internet page. It has become very bothersome. Webroot wants $100 to go
>>>>> in
>>>>> and fix the problem. Someone I know wants to take my computer back to
>>>>> factory settings. Is there another option here? <!--colorc--><!--/colorc--><!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

nightfairy27 wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> I don't know a lot about computers but if I had a step by step instructions I
> could follow them. I had antivirus software before the infection but it
> doesn't remove the problem. It seem things got worse when I updated from
> Explorer 7 to Explorer 8
>
> "PA Bear [MS MVP]" wrote:
> <!--coloro:green--><span style="color:green <!--/coloro-->
>> cf.
>>
>>
>> NB: If you had no anti-virus application installed or the subscription had
>> expired *when the machine first got infected* and/or your subscription has
>> since expired and/or the machine's not been kept fully-patched at Windows
>> Update, don't waste your time with any of the below: Format & reinstall
>> Windows. A Repair Install will NOT help!
>>
>> 1. See if you can download/run the MSRT manually:
>>
>>
>> NB: Run the FULL scan, not the QUICK scan! You may need to download the
>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
>> machine and rename it to SCAN.EXE before running it.
>>
>> 2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan
>> (only!) in Safe Mode with Networking, if need be:
>>
>>
>> 3. Run a /thorough/ check for hijackware, including posting requested logs
>> in an appropriate forum, not here.
>>
>> Checking for/Help with Hijackware:
>> •
>>
>> •
>> •
>> •
>> •
>>
>> **Chances are you will need to seek expert assistance in
>> ,
>> ,
>> ,
>> ,
>> or other appropriate forums.**
>>
>> If these procedures look too complex - and there is no shame in admitting
>> this isn't your cup of tea - take the machine to a local, reputable and
>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>
>>
>> nightfairy27 wrote:<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>>> The virs says it is Troj/Mbroot-G I also get an alert saying the firewall
>>> has detected a NULL SCAN.
>>>
>>>> 1) Exactly what malware is being identified?
>>>>
>>>> 2) Exactly what antimalware is identifying the infection?
>>>>
>>>> 3) What is the long and detailed version of your system's OS?
>>>>
>>>> 4) Download & execute GMER in "Normal Mode":
>>>>
>>>> <http://www.gmer.net/#files>
>>>>
>>>> 5) If any malware is identified, remove the malware with this
>>>> application.
>>>>
>>>> 6) Update this thread with the exact answers to the above and your
>>>> progress.
>>>>
>>>>> I have been getting a trojan virus in my scans. It says it's a boot
>>>>> sector virus located in PHYSICALDRIVE O. I have webroot security and no
>>>>> matter how many times I scan it's still there. I also get a pop up
>>>>> window
>>>>> with a debug button. If you hit this you only end up loosing your
>>>>> internet page. It has become very bothersome. Webroot wants $100 to go
>>>>> in
>>>>> and fix the problem. Someone I know wants to take my computer back to
>>>>> factory settings. Is there another option here? <!--colorc--><!--/colorc-->
>><!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

My sincere apologies if this seems harsh. I too had /asked/ step by
step type questions two days ago, and answers weren't forthcoming.
Perhaps all of this is a bit overwhelming and you may wish to heed
Malke's suggestion to enlist local technical support. Certainly
someone in or near Spartanburg is qualified to make everything right.

Best wishes.

--
1PW