This is what AVG picked up and it says that I have to remove it manually. I have absolutely NO IDEA how to go about doing this.
It apparently has something to do with a root-kit. Whatever that is. :confused:
Just came across this, & I have an almost identical scan result! Hope it's not too presumptious of me to post my logs without being asked??
Spybot finds nothing, malwarebytes nothing, mbar nothing, AVG rescue disk nothing, but the Gmer scan does have a reference to IDT entry#03, & some weird stuff down the end, along with 'unknown MBR code' for disk0!
Anyone help? Please??
Hi all have been reading your questions re IDT entry #03 Hook. I now have the same issue I have attempted to use the AVG Support to get assistance but have not been able to get help on the solution yet. I have suppled reports etc. but no solutions have yet been suggested/supplied. Is anyone able to tell what this virus is and what it does. At the moment it seems to have really effected my Laptop speed and it's startup speed. Any knowledge on this will be most appreciated. - Thanks
Please use AVG Rescue CD and restore your MBR as described here (refer to Offline mode using AVG Rescue CD). Then, scan the system using AVG Rescue CD and remove detected threats.
Should the infection be still present after restart, please provide us with new GMER anti-rootkit scan result and new AVG full computer scan result export. Also, please provide us with a screenshot of your partition table listing as follows:
1. Run the AVG Rescue CD.
2. Switch to the linux terminal by the left ALT + F2 key combination.
3. Login as the root user.
4. Execute the fdisk -l command.
5. Take a picture of your screen and attach it to your reply.
6. Use the left ALT + F1 key combination to switch back to the AVG Rescue CD menu.
Thanks for your attention & instructions. I followed the off-line route, using the AVG rescue disk, & since my computer doesn't show any obvious signs of infection, hoped it had fixed the problem. But, as you can see from the attached logs, all is still as it was :(
Command line stuff doesn't come easily to me, so I ran the fdisk -l option with some trepidation! The only way I could figure to get a picture of the screen to send you was to use a camera - I hope you can make it out. Not sure if all the info is there as there's lots about a 400GB disk which is a raid array of 2x200GB for audio files, & nothing to do with the system disk. Even so, it looks a bit of dog's breakfast to me ('this is not a valid partition table' etc)!
I'm getting exactly the same error in my scan. I've used the AVG Rescue CD to restore the MBR and the CD-based scan tells me there are no infections. However, once Windows starts up, the installed AVG scan still displays the message about the IDT entry #03.
I tried a scan with GMER 2.1, but before the scan could complete, I got a blue screen event telling me there was something wrong with an essential process. So, I ran GMER 2.1 for a limited period, then a complete scan with GMER 1.0.14.
The attached .zip file contains the 2 GMER logfiles, 2 screenshots of AVG showing the infection, msinfo, and a file containing formatted output from fdisk run from the Rescue CD (fdisk.txt). The .zip file is encrypted with my e-mail address.