BleepingComputer.com: Booting XP from USB on Asus EEE following Malware infection

Hello,

My problem started with a severe malware infection that I got yesterday. First tried Adware, which was unable to completely remove all of the infected files, then tried ATL and MBAM. MBAM showed several infected files, such as Backdoor.Bot, Trojan.Vundo.H, Trojan.Gootkit, Trojan.Downloader, Malware.Trace etc. I deleted all of these and restarted my computer. However, upon subsequent scan showed that these files had not been completely deleted (some being located among registry keys).

Throwing in the towel regarding malware removal, my focus now turned to reinstalling Windows XP. Having an Asus EEE complicated matters a bit, as it has no CD/DVD-drive. Thus, I made a USB pendrive into an XP boot using my other laptop, using some internet guides as help.

I then chose to boot from the USB, then 2 options game up, one being GUI and the other one being TXT. I chose TXT (which the guides describing how to create the USB XP boot had indicated) and eventually I got a blue screen error message stating that I should run the chkdsk /f command because apparently some files might have been damaged because of an earlier virus. The STOP message was: 0x0000007B (0xF7A22524, 0xC0000034, 0x00000000, 0x00000000)

I tried doing chkdsk /f, and also /r, but they came out clean (at least showed no indication that something might be damaged). Now, I still get the same blue screen error message when I try the TXT pathway.

Any ideas?
Best regards,
Tommy

Hello again Tommy,

Annoying that the chkdsk /r didn't work as hoped.
I would like you to upload some files for me (memory dumps)

Go into safe mode and browse to this folder:
C:\Windows\MiniDump

There should be some files.
Upload the latest files. That should shed some light on what is doing this.

Regards,
Olrik

I checked the C:\Windows folder but couldn't find a folder called MiniDump. I'm guessing it might have been removed with the ATL (i.e. deleting all the temporary files etc). Is there anything else that can be done?

You could reproduce the blue screen, let it create a memory dump and then check the folder.

Regards,
Olrik

Was unable to locate the Minidump folder despite having all the settings for dump set as they should (default directory is system root/Minidump as you said earlier). Noticed also now that I am unable to open regedit (I thought I could do something about the dumping there), probably a result of the malware. However, I took a picture of the BSOD with my camera and uploading the picture now.

A rough translation of it: Control if the computer has any viruses. Remove all harddrives or harddrive-something-units that have recently been installed. Make sure that the harddrive is correctly configured and terminated. Run Chkdsk /F to check if the harddrive is damaged. Then restart the computer.

Best regards,
Tommy

Maybe I'm misunderstanding (it happens often)...

<<Throwing in the towel regarding malware removal, my focus now turned to reinstalling Windows XP...>>

Does that mean that you have a known malware situation...and are just overlooking it...and trying to effect a repair install on an infected system?

If so...a repair install will not overcome malware issues. The only files replaced by a repair instal...are system files, the malware files will continue to exist.

Louis

Actually, I thought that I would format C: and then reinstall windows, not just reinstall. Or what do you suggest I do? Should I continue battling the malware problem?

Well, I can tell you what I would do...it's your system, you decide your course of action.

If I had a known malware-infected system and I could not clean it myself to the point where I feel that system security is a reality...I would either do a clean install (where I delete the existing system partition as a first step) and then continue with the clean install...or I would seek assistance from the malware resources here at BC.

Maybe I misinterpreted (it happens)...but I saw comments re BSODS, error messages, and chkdsk /r...and I don't connect any of those to a clean install. One cannot run chkdsk on a blank drive because there is no Windows install to designate. If one gets BSOD issues when there is no Windows install, then I'd have to say it's a hardware problem.

I'm just following the drift of the posts and...that's why I asked the question.

Louis

How do I go about deleting the existing system parturition?

From what I see...that PC came with linux installed.

Soo...however you managed to get XP installed...will determine your options.

What particular model is your system?

Does it have networking capabilities?

Can you attach an external USB-optical drive and boot from it?

Louis

hamluis, on Apr 2 2010, 01:24 PM, said:

The model is a Asus EEE 1008HA. It came with Windows XP preinstalled and is SP3. I don't own an external USB-optical drive, and don't think any of my friends have one either. Do you recommend me buying one? Should I rather, at the moment, turn to the Anti-malware part of this forum, in order to get rid of the stuff, repair the system, and THEN try the format+reinstall?

Tommy

I would buy an external USB Optical Drive they are quite handy.

It's your decision.

A pertinent consideration (to me) should be the fact that you currently own no capability for using many computer tools or installing programs which come on a disc.

Another pertinent consideration is whether you actually have any media/means for installing XP easily.

Another consideration...when dealing with malware these days, many users wind up ultimately doing a clean install. Malware damages key files, files may become damaged in removal efforts...these things and more happen daily.

Just as the human body is able to suffer certain types of damage...at certain stages of life...and recover to the extent of gaining full or almost-full functional recovery...so it is with a computer system. But that only lasts for a certain period of a human life.

The major difference is that there is no "clean install" for us humans who become injured or ill at times when we are either more vulnerable or just incapable of overcoming whatever might be wrong.

We have a great malware staff here at BC, IMO. But, unlike some users, I don't expect magic out of them in dealing with malware...I do know that they will do their best and be honest with the poster.

Louis

Thank you everyone for help and advice! I have decided that I will turn to the people on the Malware forum for now, and see if I can get rid of the malware and then try to repair/clean my system best as I can. If all of this fails, I guess I will have to get a USB- optical drive.

Best regards,
Tommy

Once you get your log posted...please let us know.

You want to start Here and follow all administrative guidance posted at that forum, starting with Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html .

Louis

This post has been edited by hamluis: 03 April 2010 - 12:08 PM