Tech Support Forum - View Single Post

calvin333 · 06-17-2008, 10:36 PM

Hi Reid - just a quick note that I was from Ohio too, lived in Dayton for 5 years and Columbus for 10.

Re DrWeb I got the Chinese version so a quick summary is that it found and deleted BackDoor.MaosBoot from memory and fixed BackDoor.MaosBoot from the Master Boot Record.

The DrWeb.csr file is attached, not posted because I'm not sure if copy & paste would capture everything in a csr/excel file.
I also want to mention that the interface is slighly different from your description (probably a newer release) but I didn't take any corrective action after the full scan.

The mbr log :

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
malicious code @ sector 0xdf8f900 size 0x1a8 !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

06-17-2008, 10:36 PM	#6 (permalink)
calvin333 Registered User Join Date: May 2008 Posts: 27 OS: xp	Re: cssrss creating HQS Trojan at startup Hi Reid - just a quick note that I was from Ohio too, lived in Dayton for 5 years and Columbus for 10. Re DrWeb I got the Chinese version so a quick summary is that it found and deleted BackDoor.MaosBoot from memory and fixed BackDoor.MaosBoot from the Master Boot Record. The DrWeb.csr file is attached, not posted because I'm not sure if copy & paste would capture everything in a csr/excel file. I also want to mention that the interface is slighly different from your description (probably a newer release) but I didn't take any corrective action after the full scan. The mbr log : Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully malicious code @ sector 0xdf8f900 size 0x1a8 ! copy of MBR has been found in sector 62 ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.