Hi CBA

---

CeeBee wrote:

Running GMER on one of my computer I get this report:

 

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

 

Anything to worry about?  I have checked with other rootkit progs and they report nothing like this.  Suggestions?!

 

Thanks, CBA

---

---

From the info you have given regarding your GMER scan .....it is difficult  to determine wether this is a False Positive ...or a genuine detection !

Can I politely ask just how familiar you are with interpreting the results in GMER ? It is a very popular tool ....but many users are sometimes baffled by the results it returns and certain genuine processes can return the Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior.....that you have reported 

If you have run other "double checks " via reputable "non real time scanners " ...and the results are negative ...it is possible that the GMER result is a "false positive "!

To be more certain though .....Can you advise if there any other behaviour that you have noticed that could indicate the intrusion by malware etc; such as redirects....rapid pop ups' ...or any strange browser activity ?

Anything you can add regarding your O.S version and Norton product version and any other detail that may indicate unusual activity will help ...Let us know and we'll take it from there ...

                                                                                                                    Thanks..........Ed

Go to VirusTotal @ http://www.virustotal.com and select the file in question and click on Scan. It will appear that nothing is happening as they redesigned their site recntly. Be patient your file is uploading and will be scanned by 43 different antivirus programs. P/ost a link to the VirusTotal result's here and someone will be able to help you better. Also download HijackThis from http://www.filehippo.com/download_hijackthis/ . Install it then right click on HijackThis! in the start menu and select Run As Adminstrator. Click on Main Menu , click on Do a full system scan and save a log file. A file will open up in Notepad on your desktop. Right-click starting to the left of the 1st word and drag your mouse down to the bottom of the text in Notepad. Right-click where the area is blue and select Copy. Now go to this website http://hijackthis.de/en and you se a white box with Analyze below it. In that empty box right-click and select Paste, then click on Analyze. Scroll down the list and look for anything that has a red X to the right. Make a note of those lines with the Red X's and click on the HijackThis program that's open on your pc. Scroll and anywhere that websiite has a Red X , place a check mark in the box to the left of that line in HijackThis and click on Fix and let it restart your pc, if need be. That will remove those bad files from your pc. 

Hi again CBA

                           You wrote..........................

Thanks for your comments, though.  Best, CBA

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

You're welcome CBA.....Happy to hear you got it sorted ....As you rightly say ....Always better to be safe than sorry 

                                                                                                                                                                            Cheers.............Ed

Hello brkkab123,

Go to VirusTotal @ http://www.virustotal.com and select the file in question and click on Scan. It will appear that nothing is happening as they redesigned their site recntly. Be patient your file is uploading...

There is no file to upload and/or to scan.

Also download HijackThis from http://www.filehippo.com/download_hijackthis/ . Install it then right click on HijackThis! in the start menu and select Run As Adminstrator...

HijackThis is always a good thing to run and I do so frequently.  This time, nothing suspicious at all.  I know every single entry in my logfile by heart.

Thanks, CBA

Kind of doesn't make sense, but any update Norton, download Malwarebytes free (http://www.malwarebytes.org) and SUPERAntiSpyware free (http://www.superantispyware.com). Install both and let both update themselves. Now go into Safe Mode and run full scan's with all 3. Then download and run Norton Power Eraser and let it scan your pc. To get Power Eraser do a quick scan with Norton and don't click Finish click on the llink where it asks if you  still think you have threats. Power Eraser is on the left and Norton Bootable Recovery Tool is on the right click either button to download each.  

Kind of doesn't make sense, but any update Norton, download Malwarebytes free (http://www.malwarebytes.org) and SUPERAntiSpyware free (http://www.superantispyware.com). Install both and let both update themselves. Now go into Safe Mode and run full scan's with all 3. Then download and run Norton Power Eraser and let it scan your pc.

Hi again.,

NAV 2012, MBAM, SAS and PE are all part of my package of protective programs.  None flagged the issue at hand as 'bad', so, I assume it was a false positive by GMER.  Or the actions taken removed the Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior 'flag'.  At any rate, from my perspective, the issue is resolved.  Thanks for your suggestions.  Best, CBA

Your welcome.