Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost ntdetect.com, ntldr after gmer, blackright runs


  • Please log in to reply
4 replies to this topic

#1 EntropyReduction

EntropyReduction

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 07 December 2008 - 10:15 PM

I've got a puzzling situation. After reading

http://windowssecrets.com/2008/05/22/05-To...t-rootkit-spies

I downloaded Blacklight, then gmer, on an XP SP3 machine (Dell, bought a month ago or so, lots of stuff installed, no obvious symptoms of trouble, running comodo and avast at the time). No problems reported by either programme. But on reboot, NTDETECT.COM and ntldr had disappeared. Once I replaced them using recovery console, hal.dll was reported corrupt.

Ever heard to such a thing? I can imagine a hypothetical rootkit that wreaked revenge for daring to run rootkit detectors, but got no proof.

I'm hesitant about running gmer or Blacklight again, in case same story repeats. I now have McAfee installed, which reports no problems. However, I have reinstalled various programmes using the same installers I used the first time around
(stored on another computer which could, hypothetically be infected).

Thanks for any suggestions.


{Mod Edit: moving to XP rom AII forum,Non Malware issue~~boopme}

Edited by boopme, 07 December 2008 - 11:04 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:42 AM

Posted 08 December 2008 - 12:22 PM

Well...any number of situations can result in corrupted system (or other) files.

Power fluctuations, hard shutdowns, anything that interrupts or prevents a smooth shutdown, bugs in installed software, etc...the potential causes are varied.

Causes of Data Corruption - http://ezinearticles.com/?Causes-of-Data-C...n&id=817785

Data corruption and loss causes and avoidance - http://www.thexlab.com/faqs/datacorruption.html

File Corruption & Its Consequences - http://www.smartcomputing.com/Editorial/ar...3.asp&guid=

Louis

Edited by hamluis, 08 December 2008 - 12:24 PM.


#3 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 09 December 2008 - 03:37 AM

Hi EntropyReduction,

If your installation programs were from trusted sources, I doubt your new computer would be infected in that way. Since none of the scans you did turned up malware, hamluis's suggestion to look for other reasons for the corruption would be the best next step. Rerunning GMER and Blacklight is unlikely to give you a different result than what you already got. You may want to do some online scans for viruses, if you have reason to believe your computer could have been infected by contact with a second computer that was known to be infected. Those can be found in a link to preliminary instructions when you first click on the HijackThis and Malware Removal forum. Just note, that in most cases, it is more common for malware to add files than to corrupt existing ones.

Zllio

#4 EntropyReduction

EntropyReduction
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 10 December 2008 - 12:53 AM

Thanks for feedback. I'll try an online scan.

As I know I can do it in less than a day, tempted to just wipe machine and rebuild it,
observing strict hygiene along the way.

Thanks again for your help.

#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:42 AM

Posted 11 December 2008 - 09:13 AM

The benefits of a wipe and reinstall are that new Windows smell (sorta like the new car smell).
The benefits of fixing the installation are retaining your settings and data - and the satisfaction of fixing the problem yourself.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users