a trojan virus that can't be deleted

September 30, 2011 at 03:19:57
Specs: Windows 7
I'm running window 7 with eset anti-virus 5 and i keep getting a message that i am infected with a trojan in the mbr sector, when i click "clean" it says "error while cleaning".
does anybody know how to get rid of it???
the alert:
Object: MBR sector of the 1 physical disk
Threat: Win32/Agent.SDG.Gen Trojan

See More: a trojan virus that cant be deleted

September 30, 2011 at 08:49:07

In order to take a better look at what is going on with your system, please do the following:

Download DDS from one of these locations:

Save to the Desktop.

Right-click DDS and select: Run as Administrator

When done, DDS opens two logs:
-DDS.txt (Opens on the Desktop)
-Attach.txt (Is minimized - will show on the TaskBar)

Save both reports to your Desktop.

Since this report can be quite large, please go to the ‘Uploading’ website:

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the DDS.txt report, and click on 'Open'
You will see the following:
“Your file has been uploaded successfully: (Name and size of the file)”

Please copy the 'Download link', and provide it in your reply.

Do the same with the Attach.txt.

Also download aswMBR:

Save it to the Desktop.

Right-click the file and select: Run as Administrator

Click 'Scan'

Upon completion of the scan, click ‘Save log’ and save it to the Desktop.
Note - Please do NOT attempt any fix anything!!

Also post the log produced by 'aswMBR' in your reply.

You will notice that another file is created on the Desktop.
It is named MBR.dat.

Please keep the file on the Desktop, and do not do anything with it.
This is important, just in case we need to have access to the Master Boot Record (MBR) information.


Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals

Report •

October 1, 2011 at 10:58:33
ok there you go:

aswMBR version Copyright(c) 2011 AVAST Software
Run date: 2011-10-01 20:55:57
20:55:57.304 OS Version: Windows 6.1.7601 Service Pack 1
20:55:57.304 Number of processors: 2 586 0xF0B
20:55:57.305 ComputerName: ADMIN-PC UserName: Admin
20:55:59.224 Initialize success
20:56:07.974 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:56:07.977 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
20:56:07.980 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-6
20:56:07.984 Disk 1 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
20:56:09.995 Disk 0 MBR read successfully
20:56:09.999 Disk 0 MBR scan
20:56:10.003 Disk 0 Windows 7 default MBR code
20:56:10.010 Disk 0 scanning sectors +488393024
20:56:10.083 Disk 0 scanning C:\Windows\system32\drivers
20:56:14.924 Service scanning
20:56:16.107 Modules scanning
20:56:23.386 Disk 0 trace - called modules:
20:56:23.403 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:56:23.407 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8566e030]
20:56:23.412 3 CLASSPNP.SYS[88da559e] -> nt!IofCallDriver -> [0x85587918]
20:56:23.624 5 ACPI.sys[888bd3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85585908]
20:56:23.631 Scan finished successfully
20:56:29.230 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
20:56:29.241 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"


Report •
Related Solutions

Ask Question