BleepingComputer.com: Trojan + Virus; Computer Unbootable, no C:

You mention this is an upgrade from XP. Do you still have the XP install CD? Is this a brand computer or custom made? If a brand computer, let me know the brand and model.

This post has been edited by JSntgRvr: 29 May 2011 - 11:49 AM

Hi JSntgRvr

This is a packaged computer which I bought from the shop. The specs are as follows:

CPUA99810 -AM3+ Phenom II x4 955 3.2Ghz
MBAAS99897 /s3/ ASUS M4N78-PRO DDR2
HDDHTC9899 Hitachi SATA 3.5" 1TB HDD (This one died a while ago, I bought and replaced it with a 2TB WD one )
RAM81203 Yeahdone(Hynix) 4GB Kit (2x2GB) DDR2 800
VGAPAHIS9879 HIS PCI-E 1GB HD4850
FDD01002 1.44MB Black Floppy Disk Drive
RWPN9899 Pioneer BDC-S02BK Combo Drive Blu-Ray Player
CASES99996-BK SHAW Tornado Black Tower Case
MTAS9650 ASUS 23" VH232H 5ms HD HDMI SPK WS

And yes, I still have the WinXP installation disc somewhere...

Worst case scenario, if there is no way for me to boot from the hard disk, is there a way for me to get some of the data off it before I wipe it clean?

This post has been edited by RayN81: 29 May 2011 - 06:29 PM

Something I noticed is that the drivers in the CD ends with the type of system is used for. For example, for a 64bit system:

nvrd64.sys
nvstor64.sys

For a 32bit system:

nvrd32.sys
nvstor32.sys

However, present in your system they appear:

nvraid.sys
nvstor.sys

Unless by catalog setup converts them, I dont see these in the CD.


If you have the XP CD, lets build a bootable CD that will allow us to run other tools. Chances are we may run into the same issue due to incompatible drivers, but is a good try. Follow these steps:

Please print this guide for future reference and save it in the USB drive!

You will need a blank CD, your Windows XP install disc and a flash drive.

Please follow the steps below and let me know if you were successful. Please tell me what error messages you got and/or what steps you got hung up on.

1. Download the PE Builder to your desktop

http://www.nu2.nu/download.php?sFile=pebuilder3110a.exe

• Double-Click on the PE Builder that you just downloaded to your desktop.
  
• Follow all of the instructions/prompts that come up.

2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive

• Double-Click on PE Builder.exe located on your desktop.
  
• Click NO to Search for Windows Installation Files
  
• Make the following selections from the Main Screen that pops up:
  • Builder
    • Source: (path to Windows installation files)
      • Enter the path to the drive where your XP CD is located.
        
      • You can click on the "..." button on the right to navigate to the path as well.
    
    
  • Custom: (include files and folders from this directory)
    • No information is necessary, leave blank.
    
    
  • Output:
    • Keep the default

• Media output
  • Choose Create ISO image
  • Do not choose Burn to CD/DVD
    • Download the RunScanner plugin and save it to your desktop
    
    http://www.paraglidernc.com/Files/RunScanner10025.cab
    
    Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner <--- Important!!!
    
    
    
    • Press the Plugin button on the PE Builder interface
      
    • Press the Add button and navigate to the location of the RunScanner plugin to install
      
    • Please note: If you are using a Windows XP disc with sp2 then highlight RpcSS needs to launch DComLaunch and then press Enable
    
    
  • When your done press Close and the PE Builder interface will re-appear

3. Click on the "Build" button

• You will see the Windows EULA message. Click on I Agree
  
• You will now see the Build Screen. Let it run it's course
  
• When the Build is finished you can click close, then exit

4. Burn your ISO file to CD

• Please see http://www.petri.co.il/how_to_write_iso_files_to_cd.htm on how to burn an ISO to CD.

==========

Next........

From your clean computer..

Please download OTLPE.zip and save it to a flash drive.
http://oldtimer.geekstogo.com/OTLPE.zip
http://www.itxassociates.com/OT-Tools/OTLPE.zip

Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

==========

Plug your flash drive into your sick computer now and do as instructed below..

==========

1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created

• Insert the CD in to one of your CD/DVD drives.
  
• Restart your computer.
  • The computer should choose to boot from the CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  
  
• Once the desktop appears, you will receive a message asking: Do you want to start Network support?
  • Click on No
  
  
• After it loads press the Go button in the lower left and do this....
  • Go
    
  • System
    
  • Display
    
  • Screen Resolution
    
  • 1024x768
  Next choose....
  • Go
    
  • Programs
    
  • A43 File Management Utility

==========

In A43File Management you should see your flash drive
Navigate to the OTLPE folder that you saved to your flash drive.

Open the OTLPE folder and double click Start.cmd.

• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTLPE should now start
  
  Change the following settings
  • Change Services, Drivers, Standard and Extra Registry to All
    
  • Uncheck LOP and Purity check
  
  
  Please note: Stay with your computer during the course of the scan. If "Entry Point Errors" are encountered simply press "ok" and allow the program to continue. <-- Important!!
  
  
  
• Copy and Paste the following code from your flash drive into the textbox. Do not include the word "Code"
  
  

  Quote

  C:\*.*
  C:\Program Files\*.*
  /md5start
  Explorer.exe
  userinit.exe
  Winlogon.exe
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  ntldr
  /md5stop
  C:\Windows\system32\drivers\*.sys /lockedfiles
  C:\Windows\System32\config\*.sav
  C:\Windows\*. /mp /s
  C:\Windows\system32\*.dll /lockedfiles
  C:\Windows\system32\drivers\*.sys /90
  
  
  
• Push
  
• A report will open named "OTL.txt" (C:\OTL.txt) . Save this log's to your flash drive. Copy and Paste this in your next reply.

I followed the above up until the start.cmd part - it asks me for a windows installation drive...

RayN81, on 29 May 2011 - 10:20 PM, said:

If the C: local drive is not visible, then we are experiencing the same issues, the lack of compatible SATA drivers.

Is there an option in the BIOS to change the Storage Configuration from SATA to AHCI?

Yes, there is. I'm looking at it now.

See if there is a change by changing this setting.

No change. :/

I really don't know what to do next. I have research up and right and found no solution to this SATA drive issue. And the way you became to this state got me stomped. I would recommend you open a topic in the software forum. I am sure you will be able to find experts in this field. Make sure you let them know it is an upgrade. Somehow I believe that makes a difference. Once you have resolve, then I can help you scan the computer for malware.

Here is the link:

http://www.bleepingcomputer.com/forums/forum167.html

Feel free to let me know the progress.

I actually upgraded to Win 7 over a year ago. Since then, I have reformatted my computer and the drivers have worked fine.

As mentioned in my earlier post, the computer went haywire due to a trojan I picked up somewhere. I'm beginning to think the desktop icons disappearing off my desktop (the second symptom I mentioned in my initial post) wasn't a second virus/trojan, but more symptoms of the first.

In any case, thank you for trying. I appreciate the help.

Copy the folder with the SATA drivers for XP to the USB drive, then boot with the XP install CD, and press F6 at the CD's startup. If you are able to load the SATA drivers for XP as we did before, then run CHKDSK /F at the prompt. That is also a good try.