BleepingComputer.com: black hole exploit on my winxp machine

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

black hole exploit on my winxp machine now it won't boot, need 1st step confirmation

#1 User is offline   beauzeau 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 04-April 11

Posted 04 April 2011 - 09:28 AM

Hello.

My Win XP pro sp2 machine is apparently infected with something. Yesterday, whenever I would go to google and click on any link from the page of results, I was redirected all over the place. I had avg free on the machine. It had warned me about something, when I went to check (can't remember what it was, sorry), it said it was related to the black hole exploit 1384. I uninstalled and reinstalled avg, did a scan, it came up with nothing. rebooted my computer, and it would not boot back up.

Anyway, I read through the preparation guide, which really seemed to not be relevant, as I cannot boot my machine to install the programs needed. I wanted to confirm what my first step should be. Should I start with the recovery console tutorial?

Thanks in advance for any knowledge you can impart.

This post has been edited by hamluis: 04 April 2011 - 10:17 AM
Reason for edit: Moved from XP to Am I Infected.

#2 User is online   hamluis 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 31,449
  • Joined: 03-September 05
  • Gender:Male
  • Location:Killeen, TX

Posted 04 April 2011 - 10:19 AM

I will ask for assistance from the more knowledgeable...be patient :).

Louis

Placed on unbootable thread.

This post has been edited by hamluis: 04 April 2011 - 10:22 AM

Am I Infected, What Do I Do?
Preparation Guide, Malware Log Topics
Using The Report Button
Misplaced Malware Logs
Discussion Forum Rules

#3 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,999
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 05 April 2011 - 02:13 AM

Hello,
Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1


  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and upload it here: http://www.bleepingcomputer.com/submit-malware.php?channel=105


This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users