BIBM detected as rootkit?
Posted: Tue Dec 27, 2011 3:31 pm
Hi,
I have been investigating some issues with my PC and have just had
ESET tech support online connected to my PC.
They ran a tool which produced this output:-
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1
(build 7601)
, 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00900000
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Controlled by rootkit!
Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
Done;
Press any key to quit...
------------------------------------------
Could you please check if this is a false positive as I suspect?
Thanks in advance.
--
Cheers
DrT
______________________________
We may not be able to prevent the stormy times in
our lives; but we can always choose to dance
in the puddles (Jewish proverb).
I have been investigating some issues with my PC and have just had
ESET tech support online connected to my PC.
They ran a tool which produced this output:-
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1
(build 7601)
, 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00900000
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Controlled by rootkit!
Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
Done;
Press any key to quit...
------------------------------------------
Could you please check if this is a false positive as I suspect?
Thanks in advance.
--
Cheers
DrT
______________________________
We may not be able to prevent the stormy times in
our lives; but we can always choose to dance
in the puddles (Jewish proverb).