Hey guys, I've got my hands full with this latest issue.
Long story short, I picked up the GoogleUpdater.exe virus and now have a couple trojan's I'm incapable of removing.
Booting into the Windows Defender Standalone (
http://connect.microsoft.com/systemsweeper) I can see an Alureon.E trojan in my boot drive [listed as boot:\\.\PHYSICALDRIVE0\Partition2 (Type 17)] but the program can't remove it.
Trial install of NOD32 notes a Win32/Olmarik.TDL4 trojan which also can't be accessed.
Had to download the unsigned version of Kaspersky's TDSSKiller.exe to actually get it to run, but it didn't find anything useful. I am unable to run Avast!'s rootkit tool, even after renaming it and changing the extension to a .com file. Task pops up in my manager then disappears.
Used MBRCheck.exe to take a look at my MBR, it lists the MBR of \\.\PhysicalDrive0 (my only drive) as "MBR Code Faked!"
MBRCheck's repair tool runs successfully but a restart and a rescan yields the same results.
Threw in my Win 7 disk and tried to fix the MBR through the repair command prompt, but using both
>bootrec /fixmbr
>bootrec /fixboot
didn't change anything, though they ran successfully. I also tried grabbing bootsect.exe right from the install disk through
>bootsect /nt60 SYS /mbr
but was given one access error, followed by a notation of Success on physicaldrive0 (I can rerun if the exact output is needed)
I'd rather not throw logs at you guys without being prompted but since I've been taking every shot I could think of at this thing I've got a pretty solid collection of scanners if you're looking for some output:
MBRCheck
OTL
MWB Anti-Malware
Spybot S&D
Symantec EP 12
Trendmicro SysClean (my old favorite from XP, but i think its got x64 issues...)
ESET NOD32 (trial)
Microsoft Security Essentials
HJT
I'd prefer not to reinstall my OS, but I guess I can if thats my only option...
System is running Windows 7 Pro x64 SP1
Thanks in advance guys
Mike
