TheBlackKnight
Visitor
TheBlackKnight
Posts: 8
Registered: ‎03-24-2012
Re: Did Malwarebytes Detect Trojan virus that Norton missed?

‎04-01-2012 06:56 AM

We have the free version of Malwarebytes.  I don't see the Realtime tab that you reference.

 

Here is the portion of the TSSDKiller log that references the detected virus.  If you need more, let me know.

 

22:00:26.0963 7716 MBR (0x1B8)     (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0
22:00:26.0990 7716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:00:26.0990 7716 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:00:27.0066 7716 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:00:27.0066 7716 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:00:27.0096 7716 Boot (0x1200)   (b8ff3f1c922092962d5b12b9666f4afe) \Device\Harddisk0\DR0\Partition0
22:00:27.0099 7716 \Device\Harddisk0\DR0\Partition0 - ok
22:00:27.0107 7716 Boot (0x1200)   (b5151692fde71203cf1d54b58395e35f) \Device\Harddisk0\DR0\Partition1
22:00:27.0109 7716 \Device\Harddisk0\DR0\Partition1 - ok
22:00:27.0147 7716 Boot (0x1200)   (a1c63a4b199e133ab408f70f32d7b7d2) \Device\Harddisk0\DR0\Partition2
22:00:27.0149 7716 \Device\Harddisk0\DR0\Partition2 - ok
22:00:27.0165 7716 Boot (0x1200)   (bb4479bcb5868d0d5a1c9afcd0fcc0ef) \Device\Harddisk0\DR0\Partition3
22:00:27.0167 7716 \Device\Harddisk0\DR0\Partition3 - ok
22:00:27.0171 7716 ============================================================
22:00:27.0171 7716 Scan finished
22:00:27.0171 7716 ============================================================
22:00:27.0188 7172 Detected object count: 2
22:00:27.0188 7172 Actual detected object count: 2
22:05:18.0929 7172 \Device\Harddisk0\DR0\# - copied to quarantine
22:05:18.0930 7172 \Device\Harddisk0\DR0 - copied to quarantine
22:05:19.0039 7172 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:05:19.0044 7172 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:05:19.0066 7172 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:05:19.0079 7172 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:05:19.0104 7172 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:05:19.0124 7172 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:05:19.0127 7172 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:05:19.0130 7172 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:05:19.0133 7172 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:05:19.0138 7172 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:05:19.0144 7172 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:05:19.0147 7172 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:05:19.0185 7172 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
22:05:19.0188 7172 \Device\Harddisk0\DR0 - ok
22:05:19.0912 7172 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
22:05:19.0916 7172 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:05:19.0916 7172 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:08:19.0523 7260 Deinitialize success

Report Inappropriate Content
(1,603 Views)