Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

E-mail Attack, Ran Combofix, Now Pc Won't Boot


  • Please log in to reply
3 replies to this topic

#1 koukikat

koukikat

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 14 November 2007 - 09:39 AM

Hello, this is my first post on here and I will try to get as much info in as possible.
My PC shut itself off the other night while I was asleep, when I turned it on in the morning when I awoke I began getting hundreds of Symantec E-mail scan notifications of e-mails being sent. I ran fully updated versions of Spysweeper, Spybot, Ad-aware, CCcleaner, Ewido, the regular Symantec scans, a virus scan at Microtrend, and deleted all bad files from my highjack logs until there was not a single thing being detected on any of these scanners. The e-mails did not stop, in fact they increased to a point where the computer would freeze up.
After all of this it was suggested to run combofix.exe as the next step and post my log. I followed all the directions, and after combofix completed all the stages and tried to reboot my computer it displayed a message that it was unable to reboot my PC, and froze completely. After an hour of letting it sit there to see if it was still thinking I had no choice but to kill the power.
So now when I reboot my PC it will not load windows, it goes to a black screen that has me choose to start windows normally, in safe mode or from last known good system point. No matter which one I try it then goes to a blue screen stating that there is a HIVE file missing and it cannot run windows, and to contact an administrator.
I fear my only option is to copy the files off my hardrive and then reformat, are there any other options?
Thanks for your help!

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:30 PM

Posted 14 November 2007 - 02:53 PM

Hello koukikat

Sorry to hear about your dilema.

...deleted all bad files from my highjack logs until there was not a single thing being detected on any of these scanners.

Are you trained in the use and investigation of the log this program generates? This is an advanced tool. Most of the log entries listed are required to run a computer and removing essential ones can potentially cause serious damage to your system. HijackThis relies on experts to interpret the log entries and determine what needs to be fixed.

After all of this it was suggested to run combofix.exe as the next step and post my log.

Where was this suggested?

Were you getting help from an expert at another site or Hijackthis forum?
Did you advise the person who was helping you what happened after running the tool?

Combofix is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

However, its difficult to determine what exactly caused the HIVE corruption. Bootup failure can be due to a variety of issues to include application faults, hardware failures, or malware. Startup failures that occur before the OS loader (Ntldr) starts could indicate missing or deleted files, or damage to the hard disk master boot record (MBR), partition table, or boot sector. If a problem occurs during startup, the system might have incompatible software or drivers, incompatible or improperly configured hardware, or corrupted registry/system files.

If your receiving help elsewhere, I suggest you inform the person who was assisting you and continue there. If your no longer receiving help, then see "How to recover from a corrupted registry that prevents Windows XP from starting".

Also see:
"Resolving Boot Issues with a Boot Floppy Disk"
"BC's Tutorial: Using a Windows XP bootable Floppy Disk"
"Langa Letter: XP's No-Reformat, Nondestructive Total-Rebuild Option"
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 koukikat

koukikat
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 14 November 2007 - 03:39 PM

Thanks for the reply.
Yes I am familiar with using highjack, in my haste to type that post it would not appear so. There were no bad entries that were really showing up in the highjack log, and I had run all the other scanners listed until I was no longer detecting any threats whatsoever, yet the dictionary attack through my e-mail was still occuring, to a point my machine would freeze.
I was on the spybot forums and was instructed to use combofix and post the log, combofix was a new tool that I am not familiar with but I followed the directions exactly, just once it came to the point it reboots the machine on it's own it could not do it and froze. Prior to this the machine was fully operational and booted fine, I just could not have the internet connected or it would get bogged down from all the emails going out.
I am just going to backup all the files off the hard drive an attempt to reformat, I was hoping there may be another way but it really appears something happened while running combofix.
Again, thanks for the reply
-Sean

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:30 PM

Posted 14 November 2007 - 03:51 PM

I gave you some suggestions that you can try before resorting to a reformat. I would give that a go first as you can always reformat if all else fails.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users