Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 23, 2015 14:55:30 GMT -8
Possibly HMP has protection so that it won't deal with it as It does not really know what it is but knows generically it is wrong (possibly due to a new variant)
Did it not list for you to deal with at the end of the scan??
Have sent your log minus the cookies to others also
Quads
|
|
|
Post by nanadeb on Jan 23, 2015 15:26:53 GMT -8
Nope - no actions at the end of scan. I guess that's why I assumed it didn't find anything.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 23, 2015 19:33:34 GMT -8
I am getting there, I was asked to get a copy of the MBR (and thinking maybe the VBR / PBR) from your system so people I guess will be able to study the MBR / VBR codes, So I am trying a hopefully easier way (still has danger if choosing the wrong button etc.
|
|
|
Post by nanadeb on Jan 24, 2015 7:45:46 GMT -8
Ok unfortunately I have no idea what I need to do to get that info for you. I'm sorry. I will be happy to follow any instructions you can provide. Thank you!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 24, 2015 16:35:30 GMT -8
I am getting there with creating pretty pictures with the highlighted areas Example Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 24, 2015 20:50:17 GMT -8
Caution: Make double sure of the steps and which button to push, I have created screenshots with highlights to show which button and so on, You may want to read all of the Below carefully first to understand.1. Download the attached program to your Desktop. 2. Start the tool that is now on your Desktop, 3. You should by default be on the Physical Disk tab 4. Select the Hard Drive (Destination Disk) from the drop down list, seen as the number 1 in the screenshot, if you only have one Hard Drive in the system then that is the only one available to select. Yours should be Disk: 0 (Size: 698.6 GB) (C, D) 5. Click the Process MBR Button, which is highlighted in the screenshot above. 6. The Master Boot Record (MBR) options dialog appear like the screenshot just above, 7. Due to the fact it could be modified by a Bootkit or a OEM version the Current MBR type may be listed as " Unknown MBR" So make sure the Windows NT 5.x / 6.x MBR is selected, as seen in the screenshot above at the BIG RED ARROW8. Now click the Backup MBR Button as shown in the screenshot above highlighted.9. Now the Sectors backup dialog appears, Give the MBR file a name in the box below Backup file that it is to be saved, You can see by the above screenshot by the Red Arrow named it "MBR_Copy"10. Click the Backup button, which is highlighted in the above screenshot.
When the Copy of the MBR is completed the tool gives the below screenshot of the completion.
11. Click OK and Close the tool completely, either by the Close button or the X in the upper right hand corner
Now you should find the file created on your Desktop (as that is the same place as the tool of the name you gave it, with a size of 512 bytes.
Quads
|
|
|
Post by nanadeb on Jan 25, 2015 7:02:14 GMT -8
Followed the 'pretty pictures' (which I SINCERELY appreciate) - here is the file:
Attachments:MBR_Copy (512 B)
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 25, 2015 14:12:35 GMT -8
Now the VBR (also known as PBR) Probably get the first 2 VBR's, SYSTEM and C, which should be listed as 0 and 1, basically the below instructions twice with little changes to the Caution: Make double sure of the steps and which button to push, I have created screenshots with highlights to show which button and so on, You may want to read all of the Below carefully first to understand.PBR time (VBR it is also know as)1. Start the tool again that is on your Desktop2. You should by default be on the Physical Disk tab 3. Select the Hard Drive (Destination Disk) from the drop down list, seen as the number 1 in the screenshot, if you only have one Hard Drive in the system then that is the only one available to select. Yours should be Disk: 0 (Size: 698.6 GB) (C, D) 4. Click the Process PBR Button, which is highlighted in the screenshot above. 5. The Partition Boot Record (PBR /VBR) options dialog appear like the screenshot just above, 6. This is where things have extra steps due to more than one VBR / PBR on a Hard Drive, also due to the fact it could be modified by a Bootkit the Current MBR type may be listed as " Unknown PBR" So make sure the BOOTMGR Boot Record (fat /fat32/NTFS........) is selected, as seen in the screenshot above at the SINGLE BIG RED ARROW7. From the Drop down list seen in the screenshot above with 2 RED ARROWS showing the 2 partitions where we are going to copy the PBR / VBR or SYSTEM and C, select one at a time to copy, Yours are or should be, Size= 100 MB (0 / SYSTEM) Size= 685.7 GB (1 / C;) The Program can only COPY one PBR at a time) 8. Now click the Backup PBR Button as shown in the screenshot above highlighted.9. Now the Sectors backup dialog appears, Give the PBR / VBR file a name in the box below Backup file that it is to be saved, You can see by the above screenshot by the Red Arrow named it "VBR_Copy_1"10. Click the Backup button, which is highlighted in the above screenshot.When the Copy of the PBR / VBR is completed the tool gives the below screenshot of the completion.11. Click OK and Close the tool completely, either by the Close button or the X in the upper right hand cornerNow you should find the file created on your Desktop (as that is the same place as the tool of the name you gave it, with a size of 8 KB.12. Now it depends on which Partition you selected above, BUT this time carefully do the steps 1 to 6 above and when you get to step 7. change the Partition to the other one.
13. Now the Sectors backup dialog appears, Give the PBR / VBR file a name in the box below Backup file that it is to be saved, You can see by the above screenshot by the Red Arrow named it "VBR_Copy_ 2" 10. Click the Backup button, which is highlighted in the above screenshot. After all this you should have 2 8kb files which are copies of the 2 VBR's / PBR's Quads
|
|
|
Post by nanadeb on Jan 25, 2015 15:41:00 GMT -8
As requested:
[REMOVED FOR SAFETY]
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 25, 2015 15:56:48 GMT -8
|
|