MegaShark
23-10-2008, 12:48
Hi guys,
first of all, my apologies for posting in English, but I'm afraid my Italian isn’t that good :( Plus, your forum looks loaded with great information and while googling around for help I found it to be the most comprehensive one. I'm from Portugal and even though I can't write in Italian I guess I can figure out most of what's written. If by any chance posting in English is not adequate here, please tell me and I'll make an effort to translate this.
My PC is now dual booting XP SP2 (with McAfee Enterprise) and Vista (with Avast). Starting this weekend, Internet Explorer 6 on XP SP2 crashes on opening (roughly 95% of the times; the other 5% it works OK for about 5 minutes and then crashes) without even accessing my homepage. The internet connection is OK (all other web applications work just fine and Firefox accesses the web with no problems). On Vista, everything is fine, including Internet Explorer 7. This appears to be something similar to what someone has experienced and posted here http://www.hwupgrade.it/forum/showthread.php?t=1745198
On XP SP2, I've tried installing IE 7, IE 8 beta2, IE 6 standalone, but the result is always the same: IE crashes on opening.
On XP, McAfee never showed up anything suspicious, nor did MalwareBytes. Nevertheless, Avast on Vista tells me I have some rootkit virus on the MBR (and apparently hiberfil.sys is infected).
Following your guide, I’ve extracted both Prevx and Gmer logs. I’ve truncated them in order to keep the attachment file size under 24,4kB.
_________________________________________
Prevx:
Last Scan: Thu 2008-10-23 10:37:21 GMT Standard Time. Number of Scans: 2
[R<R00000010>] (ACTIVE) \\.\PhysicalDrive0\MBR [PX5: 0000000000000000000000000000000000000002] Malware Group: Rootkit.MBR
_________________________________________
Gmer:
---- Disk sectors - GMER 1.0.14 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior; MBR rootkit code detected <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; malicious code @ sector 0x950e4c1 size 0x1b6
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
_________________________________________
Can you help me out?
Thanks in advance!!
first of all, my apologies for posting in English, but I'm afraid my Italian isn’t that good :( Plus, your forum looks loaded with great information and while googling around for help I found it to be the most comprehensive one. I'm from Portugal and even though I can't write in Italian I guess I can figure out most of what's written. If by any chance posting in English is not adequate here, please tell me and I'll make an effort to translate this.
My PC is now dual booting XP SP2 (with McAfee Enterprise) and Vista (with Avast). Starting this weekend, Internet Explorer 6 on XP SP2 crashes on opening (roughly 95% of the times; the other 5% it works OK for about 5 minutes and then crashes) without even accessing my homepage. The internet connection is OK (all other web applications work just fine and Firefox accesses the web with no problems). On Vista, everything is fine, including Internet Explorer 7. This appears to be something similar to what someone has experienced and posted here http://www.hwupgrade.it/forum/showthread.php?t=1745198
On XP SP2, I've tried installing IE 7, IE 8 beta2, IE 6 standalone, but the result is always the same: IE crashes on opening.
On XP, McAfee never showed up anything suspicious, nor did MalwareBytes. Nevertheless, Avast on Vista tells me I have some rootkit virus on the MBR (and apparently hiberfil.sys is infected).
Following your guide, I’ve extracted both Prevx and Gmer logs. I’ve truncated them in order to keep the attachment file size under 24,4kB.
_________________________________________
Prevx:
Last Scan: Thu 2008-10-23 10:37:21 GMT Standard Time. Number of Scans: 2
[R<R00000010>] (ACTIVE) \\.\PhysicalDrive0\MBR [PX5: 0000000000000000000000000000000000000002] Malware Group: Rootkit.MBR
_________________________________________
Gmer:
---- Disk sectors - GMER 1.0.14 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior; MBR rootkit code detected <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; malicious code @ sector 0x950e4c1 size 0x1b6
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
_________________________________________
Can you help me out?
Thanks in advance!!