Bootkit.0010 issues?

2

1

Did read this: How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

But, computer I have is out of the box (OEM) and I've never connected it to the internet. Just did the install, and was starting working on moving applications (anti-spyware, etc) over to it via a USB drive, when I got a notification saying I have bootkit.0010:

enter image description here

Of course the AVG on the computer won't do anything (nothing happens when clicking 'protect me'), not connected to the internet so can't get 'show details'.

https://support.kaspersky.com/viruses/solutions/2727#block2

Downloaded that, and moved it (via the same USB drive, only one available and not formattable) to the computer, installed/run it, and it finds nothing.

Found this, trying it next: http://www.avg.com/us-en/remove-win32-bootkit.tpl-stdfull

What else should I be trying?

user3082

Posted 2016-12-09T18:24:43.223

Reputation: 143

1There's the distinct possibility that this is a false positive. It's not unheard of that viruses show up on brand-new computers, but it's not exactly common either. If the various things you've noted are not finding an actual infection and only AVG is complaining, I'd guess you're probably OK, except that you may want to remove AVG and use Windows Defender or Avast as your AV going forward. – music2myear – 2016-12-09T20:38:56.793

2It is, of course, possible to get a virus from a USB stick ... – DavidPostill – 2016-12-09T22:07:15.833

@DavidPostill That's precisely what I'm thinking of, as the detection is on e:, if I'm reading correctly. I think I've disabled autoruns and things, but... – user3082 – 2016-12-10T08:52:04.570

Answers

0

Your flash drive is infected, not the computer itself.

  • The AVG dialog states that the detected object is Boot sector (e:). I'm pretty sure E: is the flash drive as your images indicates that there is only one hard drive on the machine.

  • Removing the infection requires erasing its boot sector and reformatting the drive. This will make all data on the drive unreadable, so you should back up the contents of the drive before you proceed. Be sure the files are not themselves infected with malware.

  • To clean the drive:

    • Open an elevated command prompt and type diskpart.
    • Use list disk to find the correct drive, then use select disk x to specify the disk you want to clean (replace x with the number corresponding to your flash drive).
    • Type clean to erase the boot sector and partition table.

  • Once you've erased the boot sector, you can reformat the drive and it should no longer be infected. If it is still infected, the drive may have been compromised at the firmware level, which would render it unusable.

bwDraco

Posted 2016-12-09T18:24:43.223

Reputation: 41 701

Asked: 2016-12-09T18:24:43.223

Viewed: 196 times

Active: 2016-12-19T19:26:56.837