BleepingComputer.com: Xp Does't Start After Combofix Run

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Xp Does't Start After Combofix Run Cannot start XP after running Combofix to remove Virtumonde infection

#1 User is offline   Laska 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 23-March 08

Posted 23 March 2008 - 06:02 PM

Hello ,

sorry,I know, I had to ask for expert advise earlier, but here it goes:

I had my Windows XP pro SP2 infected with Virtumonde malware
and after my unsuccessful attempt to remove it using FSecure I
decided to try Combofix to fix it and I’m now totally terrified by the result
as the XP doesn’t start, OS loader appears, but later I can see only
a black desktop.
In the end of Combofix clean there were a few error messages regarding windows security
files back-up and smth else, but I cannot recall them exactly.

I did not swith antivirus (FSecure) and did not install XP recovery console before running ComboFix.


I'm terrified by the thought that I 'll lose all the files on my harddrives. Please help me if you can!

#2 User is offline   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,174
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 24 March 2008 - 01:41 PM

Atriad, your new topic is here:

http://www.bleepingcomputer.com/forums/topic138002.html

Laska, please be patient while we get someone to help you.
Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!

#3 User is offline   JSntgRvr 

  • Surgeon General
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,435
  • Joined: 04-March 06
  • Gender:Male
  • Location:Puerto Rico

Posted 24 March 2008 - 01:59 PM

Hi, Laska :thumbsup:

Welcome to Bleeping Computer.

In order to restore your computer, we will need the XP Installation CD to boot the computer to the Recovery Console.

Boot the computer using the XP CD. You may need to change the boot order in the system BIOS so the CD boots before the hard drive. Check your system documentation for steps to access the BIOS and change the boot order.

At boot, you will be prompted with the following options:

A. To setup Windows XP, press Enter.
B. To repair Windows XP installation using recovery console, press R.

Choose the option, "To repair the Windows XP installation using recovery console", press R. If an Administrator Password have been established, you will be prompted to type it in. If no Administrator Password exists, just press ENTER.

You will be presented with the following:

Quote

Microsoft Windows® Recovery Console

The Recovery Console provides system repair and recovery functionality.
Type EXIT to quit the Recovery Console and restart the computer.

1: C:\WINDOWS

Which Windows Installation would you like to log onto
(To cancel, press ENTER)?


Press the number 1 on your keyboard and hit Enter.

At the command prompt, type the following command and press Enter:

cd erdnt\hiv-backup

At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

The erunt backups will begin copying.

Type exit when finished, and then press ENTER to quit Recovery Console. Remove the CD and let the computer start.

Let us know how it goes.
No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
Posted Image

#4 User is offline   Laska 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 23-March 08

Posted 25 March 2008 - 05:58 PM

Hi JSntgRvr :thumbsup:
thanks a lot for this , you made my day! I did as instructed and everything seems to be running fine now
and those nasty Virtumonde pop-ups went away :flowers: ,
but I keep getting 2 strange error messages on the start up though:

RUN DLL
Error loading C:\WINDOWS\system32\gytjjrhx.dll

The specified module cannot be found

RUN DLL

Error loading C:\WINDOWS\system32\joycsaio.dll

are they related to the infection? and how can I check that my machine is 100% clean now?

Many thanks again for your help!

#5 User is offline   JSntgRvr 

  • Surgeon General
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,435
  • Joined: 04-March 06
  • Gender:Male
  • Location:Puerto Rico

Posted 25 March 2008 - 06:11 PM

Hi, Laska :thumbsup:

You are welcome!

I would suggest you open a topic in the Malware forum and have that computer check by one of the authorized team members (You must include a Hijackthis log when posting):

http://www.bleepingcomputer.com/forums/forum22.html

Best wishes! Posted Image
No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
Posted Image

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users