TDSSKiller Killed My Computer

1. SeaTools for DOS is what you need, yes. Those steps are all correct. (SeaTools for Windows is for installation from within Windows).

2. This is from memory only ...

• When you boot SeaTools for DOS you will have options/menu along the top. In one of the menus you will see short/quick test and long/extended test among others. Run the short ... then the long ...
• You will also see S.M.A.R.T. status, I am pretty sure.

Basically you will see results as either PASS or FAIL.

AustrAlien,

I was successful in creating a bootable ISO Image CD-ROM with "SeaTools for DOS" on it. I ran SeaTools and the HDD looks to be good. Test results:
- Short Test: PASSED
- Long Test (ie, Read Scan test): PASSED
- SMART Is Supported and ENABLED
- SMART Has NOT Been Tripped
- Ran "Acoustic" test, and no noticeable noise difference from the HDD
- Worst Temp 48 (I'm assuming this was the highest every seen by the HDD in it's life, deg C)

Looks like it's time to do step ... Recovery Console per your previous instructions. Will report results.

If your hard drive test result is "PASS", with no errors what-so-ever ....
Start the Recovery Console using a Windows XP CD (or an XP Recovery Console .ISO image that has been burned to CD).

• Insert the CD in the computer's optical disk drive tray.
• Start or re-start the computer so that it boots from the CD. You may be prompted to "Press any key". (If the system does not appear to be booting from the CD, you may need to enter the BIOS Setup Menu and change the boot order, so that the CD-ROM/optical disk drive is set to boot before the hard disk drive.)
• When the Welcome to Setup screen appears, press the R key on your keyboard to start the Recovery Console.
• The Recovery Console will ask which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would type the number associated with the installation you would like to work on and press the <ENTER> key. If you have just one Windows installation, type 1 and press <ENTER>.
• You will be prompted for the Administrator's password. If there is no password, (and this is most likely), simply press <ENTER>.
• You will be presented with a C:\Windows> prompt. (Please advise if you are not seeing a C:\WINDOWS> prompt.)

At the C:\Windows> prompt, type chkdsk /p and press <ENTER> (Note: There is a space between "chkdsk" and "/p")

• This test will take some time to run and at times may appear stalled but just let it run.
• If any errors are found/repairs made, run chkdsk /p again, and repeat if necessary.

Type "exit" at the prompt and press <ENTER> to close the Recovery Console and restart your system.

Does Windows start normally now?

AustrAlien - I did step as described above. I did create an ISO image disk using the file 'rc.iso' you linked to.

Installed the ISO image CD and booted computer. Results:

Black screen with white text saying: " Press any key to boot from CD ....." The dots (.....) were moving like something was loading, but I pressed the Enter key and then say the message "Setup is inspecting your computer's hardware configuration"

Then the screen went totally black ... nothing whatsoever on the screen. Tried a Ctrl+Alt+Del and it rebooted again from the CD. Got the same message "Press any key to boot from CD ....." but this time I waited and then another message came up on the screen (same message we've seen before):

A disk read error occurred
Press Ctrl+Alt+Del to reboot

When I did a Ctrl+Alt+Del, it just goes back and repeats the same results as shown above. I can not get into the Recovery Console using the ISO image CD I created. It looks like the computer is trying to boot from the CD, but fails to continue into the Recovery Console.

This doesn't sound good ... why wouldn't the computer load up Windows XP Recovery Console from the ISO image bootable CD? Note the I did change my BIOS (F2 on boot) device boot up sequence the other day so I could use the ISO image CD with the SeaTools on it, so it's not a BIOS boot sequence setting issue.

What's next? I really want to thank you for the fantastic help you have provided so far on this problem!

Do you have another XP system on which you could test the RC boot CD? Confirm that you can log on to the C:\Windows and then type "exit" to close the RC and remove the disk.

"Press any key to boot from CD ....." The dots (.....) were moving like something was loading

What happens is that you have five seconds in which to press "any key", and each of those dots is one second, so it counts to five dots and then attempts to boot from the HDD, and not the CD: Hence the "disk read error" again.

..... I pressed the Enter key and then say the message "Setup is inspecting your computer's hardware configuration" ..... Then the screen went totally black ... nothing whatsoever on the screen. Tried a Ctrl+Alt+Del and it rebooted .....

It seems that was a genuine attempt to boot from the CD, and resulted in a "black screen". I would like you to check the CD (as noted above), and then try booting from the RC CD in the problematic computer one more time, to confirm same result.

Then enter the BIOS Setup Menu and confirm that your hard drive is listed/detected correctly.
Let me know the results of the above steps.

Do you have another XP system on which you could test the RC boot CD? Confirm that you can log on to the C:\Windows and then type "exit" to close the RC and remove the disk.

I tried it on the wife's work laptop, but it is password protected when doing a F2 on bootup, so I couldn't change the BIOS setup to boot from the CD-ROM drive. It's a DELL Latitude with Windows XP Professional. I'm assuming F2 is the right key to get into the BIOS on this laptop (?).

Therefore, unable to verify if the ISO image for the Recovery Console will bootup or not on another machine at this time. I think the CD is fine though.

It seems that was a genuine attempt to boot from the CD, and resulted in a "black screen". I would like you to check the CD (as noted above), and then try booting from the RC CD in the problematic computer one more time, to confirm same result.

Then enter the BIOS Setup Menu and confirm that your hard drive is listed/detected correctly.
Let me know the results of the above steps.

My BIOS setting recognized the HDD, and is set to boot from the CD-ROM drive first. As mentioned before, the computer will boot just fine from the ISO image CD with SeaTools on it. And I agree, it does seem the ISO image Recovery Console CD seems to be trying to load on boot up, but I get the same disk read error.

Assuming the ISO image bootup CD is good, what do you think this problem could be?

the ISO image Recovery Console CD seems to be trying to load on boot up, but I get the same disk read error.

No No ... we have our wires crossed here.

I want you to boot from the RC CD and press that "any key" before the 5 seconds is up so that it will indeed boot from the CD!
I do not expect that you will "get the same disk read error" when you do that (that error will show up when you attempt to boot from the HDD only).
Instead, I expect that you will either get the "black screen" that you did before ... OR ... it will proceed to give you options to enter the RC. Please attempt several times to ensure the result is repeatable.

If you are attempting to boot from the RC CD, you will see ...

the message "Setup is inspecting your computer's hardware configuration"

Thank you.

I want you to boot from the RC CD and press that "any key" before the 5 seconds is up so that it will indeed boot from the CD!
I do not expect that you will "get the same disk read error" when you do that (that error will show up when you attempt to boot from the HDD only).
Instead, I expect that you will either get the "black screen" that you did before ... OR ... it will proceed to give you options to enter the RC. Please attempt several times to ensure the result is repeatable.

If you are attempting to boot from the RC CD, you will see ...

the message "Setup is inspecting your computer's hardware configuration"

I booted 4 times as you requested. I pushed the Enter Key one second (1 dot showing) after seeing the message "Press any key to boot from the CD ."

Each bootup attempt resulted in the same behavior:
- Got the message: "Press any key to boot from the CD"
- Got the subsequent message: "Setup is inspecting your computer's hardware configuration"
- Screen then goes completely black after above message disappears. I waited a couple of minutes just to make sure it wasn't taking it that long to inspect the configuration. Screen stayed black with no text anywhere.
- Trying a Ctrl+Alt+Del results in nothing happening. I have to power cycle the computer with the on button to get it to reboot again.
- Same results keep happening as described above at each reboot attempt.

I did a F2 on bootup and looked at the BIOS settings again. The HDD is identified correctly as ST3200822A.
I can repeatedly bootup from the CD drive using the ISO image disk with the "SeaTools for DOS".

Each bootup attempt resulted in the same behavior:
- Got the message: "Press any key to boot from the CD"
- Got the subsequent message: "Setup is inspecting your computer's hardware configuration"
- Screen then goes completely black after above message disappears. I waited a couple of minutes just to make sure it wasn't taking it that long to inspect the configuration. Screen stayed black with no text anywhere.
- Trying a Ctrl+Alt+Del results in nothing happening. I have to power cycle the computer with the on button to get it to reboot again.
- Same results keep happening as described above at each reboot attempt.

That clears that up: Thank you.

While I am working on the next step .... ???

Please try again, but this time leave it sit for awhile (longer than "a couple of minutes") to see if anything results. If after 15 minutes there is no movement, I guess you can conclude that it is not going to progress any further.

Please try again, but this time leave it sit for awhile (longer than "a couple of minutes") to see if anything results. If after 15 minutes there is no movement, I guess you can conclude that it is not going to progress any further.

Did as requested above. Left computer alone for 30+ minutes after I saw the message "Setup is inspecting your computer's hardware configuration". Screen remained totally black, and I could not reboot by doing a Ctrl+Alt+Del. As usual, I had to power off the computer and then back on to try another reboot.

I guess I'll see if I can find another computer to try the ISO image CD on ... but I think it is probably OK since at initial boot up the two messages "Press any key to boot from the CD" and "Setup is inspecting your computer's hardware configuration" are seen.

I'm going to see if I can find the Recovery Disk from DELL that came with the computer, and see it that works at all. Maybe a generic ISO image disk of Recovery Console doesn't want to run on my machine for some odd reason (just guessing at this point).

I'm going to see if I can find the Recovery Disk from DELL that came with the computer

That might be needed.

I agree: It is likely that the RC CD that you created is probably good.

At this time I think that you should consider the very real possibility that we are not going to recover your operating system. Do you have personal files on this computer that you wish to save. If so, it may be a good idea to recover them now.

Use Ubuntu Live CD to Backup Files from Your Dead Windows Computer

Backup your personal files to an external USB hard drive, or another hard drive of some sort, or CD/DVD.

Note: Files with the following extensions should not be backed up:

• .exe
• .scr
• .htm
• .html
• .xml
• .zip
• .rar
• .asp
• .php

The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. Then make sure you scan the backed up data with your anti-virus prior to copying it back to your hard drive.

Again, do not back up any data with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

Source: quietman7 http://www.bleepingcomputer.com/forums/ind...t&p=1390964
------------------------------------------------

When you have recovered any files that you wish to save we can then consider what you would like to do next. I would consider it a personal failure if I could not assist you to recover your operating system, but the decision is entirely yours as to whether we continue or not. You may have more pressing issues than this little challenge to occupy your time and energy. In the end, it may beat us anyway.

Let me know how you are getting on, or if you have any problems. Meantime, I will give the matter some more thought.

Edit: On the other hand, if you are thinking you might want to press on with this issue you might consider downloading Hiren's BootCD, which will be much more useful than Ubuntu, and allow you access to the net and to recover your files as well. See post #16 by Elise.

When you have recovered any files that you wish to save we can then consider what you would like to do next. I would consider it a personal failure if I could not assist you to recover your operating system, but the decision is entirely yours as to whether we continue or not. You may have more pressing issues than this little challenge to occupy your time and energy. In the end, it may beat us anyway.

Let me know how you are getting on, or if you have any problems. Meantime, I will give the matter some more thought.

AustrAlien - You have been a big help on this problem, and do not consider it a personal failure if I can't get my computer back up and running - my hat is off to you for the fantastic help. Worse case is that I will have to flatten the HDD and reload everything. I've done it before, but it's not fun.

Here's an update on a few things I've done since my last post. I found my Dell Utilities CD and ran all the extensive diagnostics tests on the hardware ... I mean everything possible. It took just over 12 hrs for all the tests to complete! The results said there were zero errors and that my hardware was operating optimally.

So, definitely sounds like this is not a hardware issue. The Dell Utilities did not run an actual 'CHKDSK", but my next step is to try the Windows XP installation disc that came with the computer because I think there is an option to go into 'Recovery Console' when that disc is started (according to some of my old notes I kept). Since I can't seem to get into 'Recovery Console' with the ISO image file I burned, maybe I can get into RC via the Dell installation disc. Before I try this, I think I will try the ISO image RC disc I originally burned a few days ago and see it it will come up on another computer. I think if I do a F12 on bootup, I should be able to choose the option to boot from the CD-ROM drive instead of trying to change the BIOS settings (in case the BIOS is password protected).

I will let you know what happens. If the ISO image CD with RC on it works on another computer, and if I can't get RC to come up with the Dell installation disc, then I guess it's time to get any files I want to save off of the HDD and then rebuilt it from scratch. If there is a 'Recover' option on the installation CD is it worth trying, and will it leave my personal files alone?

Did you have any time to ponder why TDSSKiller.exe froze up my machine in the first place? Do you think not running it from the desktop or not running it from the 'Run' command line caused it to crash?

If there is a Recover" option on the installation CD is it worth trying, and will it leave my personal files alone?

My understanding is that a typical OEM system does not have a "non-destructive" recovery option, like the use of a Windows XP installation disk does. As such, I would expect that your only option would probably be a "destructive" restoration, and all your personal files would be gone.

Did you have any time to ponder why TDSSKiller.exe froze up my machine in the first place? Do you think not running it from the desktop or not running it from the 'Run' command line caused it to crash?

I have seen no more information on these matters. I do not think it would matter where it was run from if you started it with a double-click. It is only when issuing a specific run command, with specific instructions on the log produced, would it matter that it was on the Desktop.

TDSSKiller, along with other malware removal tools, is prone to crashing because of the job it is asked to do, and the environment in which it is asked to work. Other notable crash-causers that come to mind are gmer and Dr.Web. It is not the tool itself that is responsible for the crashing. It is one of the hazards of attempting malware removal, and is one of the reasons that having backups of your work is always recommended.

'Alien

If there is a "Recover" option on the installation CD is it worth trying, and will it leave my personal files alone?

My understanding is that a typical OEM system does not have a "non-destructive" recovery option, like the use of a Windows XP installation disk does. As such, I would expect that your only option would probably be a "destructive" restoration, and all your personal files would be gone.

From some previous notes I took, it looks like the Dell installation disc has Recovery Console on it, and also a "Repair" option (probably CHKDSK with the repair option). I'm going to boot up with the installation disc and see what options I have.

Is it true that typically a "Restore" will wipe out some non O/S files? ... or does a "Restore" only restore Windows O/S files?

Did you have any time to ponder why TDSSKiller.exe froze up my machine in the first place? Do you think not running it from the desktop or not running it from the 'Run' command line caused it to crash?

I have seen no more information on these matters. I do not think it would matter where it was run from if you started it with a double-click. It is only when issuing a specific run command, with specific instructions on the log produced, would it matter that it was on the Desktop.

If I recall correctly, I ran TDSSKiller.exe from the 'Run' command line, and used the 'Browse' button to go find where it resided in a folder on the HD. I did not use any switches in the command line, just told it to run TDSSKiller.exe.

Is it true that typically a "Restore" will wipe out some non O/S files? ... or does a "Restore" only restore Windows O/S files?

Sorry, but I can't answer that. I've never done "it", and have no personal experience in that exercise. It seems to me that each manufacturer / OEM version possibly differs in the options available. Also, the use of the word "restore" is somewhat ambiguous in my mind and I do not know exactly what you mean (I am thinking you mean "factory restore" = "restore the computer to the same condition it was when it left the factory" and this from a pre-exisiting "recovery" partition on the hard drive. If this is the case, you will certainly lose anything that has been added to the computer since it was new. This process basically wipes everything on the drive and replaces what was on the drive with an image of what is in the "recovery" partition.).

Best thing I can suggest is that you look closely at all the options you see as being available with the tools/disks you have at hand, and if you still have further questions, post them here and we will try to get them answered as best we can. You might also find answers in your original paperwork, or on-line at the manufacturer's website, by finding you exact model and reading the User Guide.

It won't make you feel any better, but sometimes it just happens!

What about my offer ... ??? .... the other option ?

Do you have the time &/or interest to have a play around and see if we can get the system running again ?

If so, I'll ask you to download some other LiveCD than Ubuntu ... something more useful, and then you can do your recovery, and then we can have a quick "investigation".

The infection you have is serious ... so I cannot recommend that you do this: The best option depends on your circumstances (and what you want to do).

'Alien