Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Vundo.H - can't boot up normally


  • Please log in to reply
5 replies to this topic

#1 Mickrick1

Mickrick1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 02 May 2009 - 07:07 AM

Hi there - my first post so hopefully I've done everything right beforehand.
I picked up Trojan.Vundo.H & Sheur2 from Lord knows where and it has mucked up my old computer good style.
I have tried MalwareBytes which spots it and quarantines it but it reappears on each start up.
SuperAntiSpyware also spots it but hangs during the removal process and I have to reboot.
Worst of all, I can now only boot into Safe Mode as, w/hen loading windows normally, there's a blue screen that flashes up for a millisecond before a reboot occurs (is there a way of pausing this so I can read it?).
AVG says there is a reading error on the partition table(MBR) which I assume is causing the boot problem. I ran fixmbr from the Windows Recovery Console but it made no difference.
I've downloaded Combofix, HJT and DDS but can't get the dds & attach.txt files off the old computer to attach here (old computer doesn't recognize USB memory stick, won't write to a CD-R and won't load external hard disk).
As you can imagine, I'd be eternally grateful for any help.
Mike

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:02:43 PM

Posted 03 May 2009 - 08:37 PM

Can you boot to and remain in safe mode? What about safe mode w/networking?
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Mickrick1

Mickrick1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 04 May 2009 - 04:27 AM

Thanks for replying.
I could boot into safe mode and remain there but things have deteriorated unfortunately. I have (had?) a dual boot system with an old Win98 system (that didn't work anyway) on a 40Gb drive and and XP on a separate 80Gb drive.
The 40Gb drive now seems to be fried and can't be read in the Windows Recovery Console. Consequently, I'm getting a NTLDR missing error message on start up (I presume it's looking on the old 40Gb drive which was set as primary) and can't get into safe mode.

I'm thinking that I should
1. Get a new HDD (would this have to be IDE if the old one was?) to replace the 40Gb.
2. Do a clean XP install on that.
3. Set the 80Gb to slave and try to salvage what I can.

A few questions with that.
1. Would the infection transfer to the new drive or could I prevent it somehow by setting it not to boot up & just hold data?
2. Any recommendations for a new HDD? I'm assuming it would have to be IDE and not sata due to the age of my motherboard.
3. Scrap the whole and get a new computer, put the old HDD's in some sort of external box and salvage what I can?

This was not what my Bank Holiday weekend was going to be all about!

Thanks for your interest.

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:02:43 PM

Posted 04 May 2009 - 07:00 PM

I can only assume that you motherboard is set up for IDE so that would be best to replace it with

As far as transferring files off the old one, that depends on how bad the infection is/was

I would definitely have the new one up and running so I could scan it with AV and malware tools
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 Mickrick1

Mickrick1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 05 May 2009 - 01:59 PM

Thanks - am getting a newly formatted drive tomorrow, 120Gb which I will
1. Partition C:32Gb D:88Gb (as I believe this is a better arrangement with C: for XP & apps and D: for data).
2. Will install XP on C: with both old drives out
3. Get AVG, Malwarebytes, Superantispyware, antirootkit etc installed on C:
4. Put old 80Gb back in as slave (E:)
5. Run checks on E:
6: Backup data onto D: partition

That look OK to you?

Thanks again.

#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:02:43 PM

Posted 05 May 2009 - 06:41 PM

Yes
Good luck to you
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users