Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Does't Start After Combofix Run


  • Please log in to reply
4 replies to this topic

#1 Laska

Laska

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 23 March 2008 - 06:02 PM

Hello ,

sorry,I know, I had to ask for expert advise earlier, but here it goes:

I had my Windows XP pro SP2 infected with Virtumonde malware
and after my unsuccessful attempt to remove it using FSecure I
decided to try Combofix to fix it and Iím now totally terrified by the result
as the XP doesnít start, OS loader appears, but later I can see only
a black desktop.
In the end of Combofix clean there were a few error messages regarding windows security
files back-up and smth else, but I cannot recall them exactly.

I did not swith antivirus (FSecure) and did not install XP recovery console before running ComboFix.


I'm terrified by the thought that I 'll lose all the files on my harddrives. Please help me if you can!

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:06 AM

Posted 24 March 2008 - 01:41 PM

Atriad, your new topic is here:

http://www.bleepingcomputer.com/forums/t/138002/help-restoring-registry-backups-after-running-combofix/

Laska, please be patient while we get someone to help you.

#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:06 AM

Posted 24 March 2008 - 01:59 PM

Hi, Laska :thumbsup:

Welcome to Bleeping Computer.

In order to restore your computer, we will need the XP Installation CD to boot the computer to the Recovery Console.

Boot the computer using the XP CD. You may need to change the boot order in the system BIOS so the CD boots before the hard drive. Check your system documentation for steps to access the BIOS and change the boot order.

At boot, you will be prompted with the following options:

A. To setup Windows XP, press Enter.
B. To repair Windows XP installation using recovery console, press R.

Choose the option, "To repair the Windows XP installation using recovery console", press R. If an Administrator Password have been established, you will be prompted to type it in. If no Administrator Password exists, just press ENTER.

You will be presented with the following:

Microsoft Windows® Recovery Console

The Recovery Console provides system repair and recovery functionality.
Type EXIT to quit the Recovery Console and restart the computer.

1: C:\WINDOWS

Which Windows Installation would you like to log onto
(To cancel, press ENTER)?


Press the number 1 on your keyboard and hit Enter.

At the command prompt, type the following command and press Enter:

cd erdnt\hiv-backup

At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

The erunt backups will begin copying.

Type exit when finished, and then press ENTER to quit Recovery Console. Remove the CD and let the computer start.

Let us know how it goes.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 Laska

Laska
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 25 March 2008 - 05:58 PM

Hi JSntgRvr :thumbsup:
thanks a lot for this , you made my day! I did as instructed and everything seems to be running fine now
and those nasty Virtumonde pop-ups went away :flowers: ,
but I keep getting 2 strange error messages on the start up though:

RUN DLL
Error loading C:\WINDOWS\system32\gytjjrhx.dll

The specified module cannot be found

RUN DLL

Error loading C:\WINDOWS\system32\joycsaio.dll

are they related to the infection? and how can I check that my machine is 100% clean now?

Many thanks again for your help!

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:06 AM

Posted 25 March 2008 - 06:11 PM

Hi, Laska :thumbsup:

You are welcome!

I would suggest you open a topic in the Malware forum and have that computer check by one of the authorized team members (You must include a Hijackthis log when posting):

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Best wishes! Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users