Boot sector virus : mbr:// physicaldrive0

no matter what i do, im going to get tracking cookies, right? is it better to use firefox? i like ie better, and firefox doesnt let me into some websites i need to go to. i did reset cookies, and change settings for cookies on ie and on firefox. what to do next?

i also have 2 other questions for you. i dont know if this has anything to do with viruses or spyware or any of that, but i am unable to update windows. when i try it says they all failed. the icon is constantly there in the taskbar. also, my video quality is very sloooow. or maybe its flash? i dont know. when i try to play a video or play a game, it lags big time. i know it used to work fine, but for the last few months its been awful. sorry i know these have nothing to do with my present problems, but im just wondering if they might?

No. If you have the Cookies reset properly and have good security, you can stop ALL the Tracking Cookies! These are 3rd Party Cookies- they come from the ads, images, banners. Most site require you to get the site Cookie- this is not the Tracking Cookie>>>> except in instances like the sites Joe is going to. Any Cookies from those types of site are going to leave nasty Cookies on the system!

Cookies are left when you register, input user name and password for a site. This board leaves a Cookie on the system so it will recognize you when you come back. That is a "First Party Cookie."
Site Cookie= 1st Party Cookie

But the site also has advertisements on it- some may be embedded in banners or images. These are 3rd Party Cookies. Most 3rd Party Cookies will track you in some way- where you shop, how often you access a site. But if a site is bad such as porn, sex, fraudulent or no Privacy Statement, then any Cookie it leave should be considered undesirable.

I use Firefox exclusively and have for the last 5 years or so. There have only been a couple of sites over the years that require IE exclusively. I think Firefox is a safer browser than IE. I have AdBlockPlus and Easy List. I do not get any Tracking Cookies. I get 'site cookies' for those sites I visit. They are 1st Party
====================================
About the Windows Updates: IF you have a failed update, new updates won't installed. Please refer to the information here for help: http://support.microsoft.com/kb/822798
====================================
Check the Audio and Video Forum for the video problem.
I doubt is has anything to do with the current problem you had.
======================================
Depending on the age of your son and how much control you want to have on his surfing habits, you might want to look into setting some restrictions for site visited. Open Internet Options in either Tools in IE or in the Control Panel> Select Content tab> Click on Enable for Content Advisor and place the setting you want to block.
Consider blocking these: the account for new shows visits to sites such as:
static.sexsearch.com
.porn.com
.pornhub.com
cc.gameadserve.com

i did reset cookies like you told me to, blocking 3rd party cookies. the only sites i go to every day and facebook and a couple others. but sas is still finding what it sees as a threat. my son is 13, so yes, i will be looking into it. my mom has to use ie for unemployment, but i dont really have to use it, im just not used to firefox. ok, so now that we have the cookies thing explained, what to do next? lol. im looking into fixing the video thing through the forum here. i like this site. the computer is running almost 100% better except for the slow video thing which is really annoying me because i do use the computer to watch movies and play a few games. it slows down like 5 minutes into a game or movie so bad that i have to stop it. i did download a graphics driver, but its not helping. grr!

hey there bobbye. just checking in, still waiting to hear from you as to what to do next. i thought you had said something before about uninstalling one of the programs you had me install or something like that to get rid of the boot sector virus. or am i finished? lol. just let me know when you get time. thanks!

Sorry- no notice again.

I'd like you to repeat this scan. If it is still on your desktop, you can use it, but you must update first. Also note, you will do the Full Scan this time.
Please Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

When scan has finished, you will see this image:

• Click on OK to close box and continue.
• Click on the Show Results button.
• Click on the Remove Selected button to remove all the listed malware.
• At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.

==========================================
Then update and repeat this:

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Malware Bytes found 0 Threats but here's the txt from ESET scan. Seems like Java is a culprit once again! rawr!!!

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\1\18f94b81-16e7e569 Java/TrojanDownloader.OpenStream.NCA trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\12\c255e4c-7d5f514b multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\7b09de1e-3a849c7e Java/TrojanDownloader.OpenStream.NBW trojan
C:\Documents and Settings\Sally\Application Data\Sun\Java\Deployment\cache\6.0\62\4bd616be-1a785ef6 Java/Agent.BB trojan
C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266938.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266943.dll probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266944.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266950.dll a variant of Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266954.dll a variant of Win32/Toolbar.MyWebSearch.P application

Where is the Malwarebytes log?

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7092

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/12/2011 7:47:00 PM
mbam-log-2011-07-12 (19-47-00).txt

Scan type: Full scan (C:\|)
Objects scanned: 344875
Time elapsed: 1 hour(s), 49 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Okay- it appears these may be on the 'Sally' account:

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  Code:

  :Files  
  C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\1\18f94b81-16e7e569 
  C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\12\c255e4c-7d5f514b 
  C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\7b09de1e-3a849c7e 
  C:\Documents and Settings\Sally\Application Data\Sun\Java\Deployment\cache\6.0\62\4bd616be-1a785ef6 
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===========================================
Then do this again also:
To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel. The Java Control Panel appears.
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
===============================================
The main offender here is the Java/TrojanDownloader.Agent.NCA. It is a trojan which tries to download other malware from the Internet. It is written in Java. It may be invoked when visiting a malicious website by referencing a malicious Java class file within a Java archive file (.JAR).
===============================================
To help prevent this:
1. Be sure only the most current Java version is on the system. Right now that is Java v6u26, Update do not overwrite the old version, so outdated versions need to be removed in Add/Remove Programs.

Additionally, you do not need to add a separate extension for Java in Firefox. And if any versions remain there, they should be removed.

2. Tighten the security: I hope you can read my shorthand below. Your versions of IE and FF may be slightly different so lt me know if you have a question.
For Internet Explorer:
Open Internet Options either through Tools in IE or the Control Panel: Choose the Security tab> Internet> Custom Level> Set as follows:

E= Enable, P= Prompt, D= Disable:
Active X:
Auto Prompt> E
Binary> E
Download signed> E
DL unsigned> P
Init. &script not safe> Disable
Run Active X controls & plug ins> E
Script ActiveX marked safe> E

Download:
Auto prompt> E
File DL> E
Font DL> E

MISC:
Access data across domain> E
Allow META Ref> E
Allow scripting of IE> DISABLE
Allow script init. Windows> E
Allow web page to use... P
Display mix. Cont> P
Don't prompt for cert> E
Drag & drop> E
Init. desktop items> E
Launch programs in IFrame> E
Navigate sub frame> E
Open folder..content> E

SOFTWARE Permission Channel> Low

Font DL> E
Submit non-encrypt> E
Pop-up Blocker> E
User Date perm> E
Web sites in less priv> P

Scripting:
Active> E
Allow paste> E
Script Java> P

User Authentication
Check "Auto-logon with current user name and password."

Click on Apply when finished, then OK.
===========================================
For Firefox:
Tools> Options> Security section> Check Warn me...> Check 'block att sites> Check 'block web sites known as fraudulent.
Warning Messages> Settings> Check 'I am about to view page using low encryption'> Check 'I am about to view a page with encryption that has some unencrypted.'
===========================================
The settings above can be changed to suit your needs of needed.

i already have otm downloaded from the last time you had me use it. should i just use the one i already have, or download it again?

alrightie, i just redownloaded otm in case it was a new version. anyway, i ran it and it said error producing log. then i got up and when i came back my comp had shut down, restarted and said it had recovered from a serious error. its done that 2 times in the last week. dunno whats up with that. so, should i open otm again, and paste that stuff in there and run it again? i havent done the java stuff yet either. so ill wait for you to tell me what to do, cause my luck ill mess something up.

OTM isn't using the kind of database that needs reinstalling. All you had to do was follow the original direction to open and put my script in for removal.

In my opinion, with the multiple users and continuing malware and now errors, you would be best served by doing a reformat/reinstall. The system is also being used with no maintenance. It is not unexpected that the system has gotten to this point- my only suprise is that it took a month to get there!

You will find excellent reformat/reinstall instructions here:
http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html

ok. i would reformat but i dont have a windows disk. like i said, someone gave this computer to my mom. cant afford to buy windows xp. i guess ill just have to deal with it the way it is. thanks for all your help anyway!

i went to the link you provided, and assuming a did a windows "repair" would i need a windows disk?

ok nevermind i see that i would need a disk,.

last question i promis. i went to change the settings for ie like you said, and a couple of them that you wanted me to enable said it would make my system unsafe. Should i enable them or no?

The choice is yours. The setting are safe, but there is some responsibility on the user to practice safe surfing.