Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Booting XP from USB on Asus EEE following Malware infection


  • Please log in to reply
14 replies to this topic

#1 TommyI

TommyI

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 01 April 2010 - 08:18 PM

Hello,

My problem started with a severe malware infection that I got yesterday. First tried Adware, which was unable to completely remove all of the infected files, then tried ATL and MBAM. MBAM showed several infected files, such as Backdoor.Bot, Trojan.Vundo.H, Trojan.Gootkit, Trojan.Downloader, Malware.Trace etc. I deleted all of these and restarted my computer. However, upon subsequent scan showed that these files had not been completely deleted (some being located among registry keys).

Throwing in the towel regarding malware removal, my focus now turned to reinstalling Windows XP. Having an Asus EEE complicated matters a bit, as it has no CD/DVD-drive. Thus, I made a USB pendrive into an XP boot using my other laptop, using some internet guides as help.

I then chose to boot from the USB, then 2 options game up, one being GUI and the other one being TXT. I chose TXT (which the guides describing how to create the USB XP boot had indicated) and eventually I got a blue screen error message stating that I should run the chkdsk /f command because apparently some files might have been damaged because of an earlier virus. The STOP message was: 0x0000007B (0xF7A22524, 0xC0000034, 0x00000000, 0x00000000)

I tried doing chkdsk /f, and also /r, but they came out clean (at least showed no indication that something might be damaged). Now, I still get the same blue screen error message when I try the TXT pathway.

Any ideas?
Best regards,
Tommy

BC AdBot (Login to Remove)

 


#2 Artellos

Artellos

    Bionic Boy


  • Security Colleague
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 02 April 2010 - 04:42 AM

Hello again Tommy,

Annoying that the chkdsk /r didn't work as hoped.
I would like you to upload some files for me (memory dumps)

Go into safe mode and browse to this folder:
C:\Windows\MiniDump

There should be some files.
Upload the latest files. That should shed some light on what is doing this.

Regards,
Olrik

Please do not PM me asking for support. Post on the forums instead so others might benefit too.
Please be courteous, polite, and say thank you. Being rude brings you nowhere.
Please post the final results, good or bad. We like to know!

Have I helped you and do you want to leave a kind message,
Please sign my guestbook here


Has it been a while since I replied to your post? Have I forgotten you?
Then please send me a reminding PM.


#3 TommyI

TommyI
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 02 April 2010 - 05:00 AM

I checked the C:\Windows folder but couldn't find a folder called MiniDump. I'm guessing it might have been removed with the ATL (i.e. deleting all the temporary files etc). Is there anything else that can be done?

#4 Artellos

Artellos

    Bionic Boy


  • Security Colleague
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 02 April 2010 - 05:00 AM

You could reproduce the blue screen, let it create a memory dump and then check the folder.

Regards,
Olrik

Please do not PM me asking for support. Post on the forums instead so others might benefit too.
Please be courteous, polite, and say thank you. Being rude brings you nowhere.
Please post the final results, good or bad. We like to know!

Have I helped you and do you want to leave a kind message,
Please sign my guestbook here


Has it been a while since I replied to your post? Have I forgotten you?
Then please send me a reminding PM.


#5 TommyI

TommyI
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 02 April 2010 - 06:47 AM

Posted Image

Was unable to locate the Minidump folder despite having all the settings for dump set as they should (default directory is system root/Minidump as you said earlier). Noticed also now that I am unable to open regedit (I thought I could do something about the dumping there), probably a result of the malware. However, I took a picture of the BSOD with my camera and uploading the picture now.

A rough translation of it: Control if the computer has any viruses. Remove all harddrives or harddrive-something-units that have recently been installed. Make sure that the harddrive is correctly configured and terminated. Run Chkdsk /F to check if the harddrive is damaged. Then restart the computer.

Best regards,
Tommy

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,113 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:47 PM

Posted 02 April 2010 - 09:39 AM

Maybe I'm misunderstanding (it happens often)...

<<Throwing in the towel regarding malware removal, my focus now turned to reinstalling Windows XP...>>

Does that mean that you have a known malware situation...and are just overlooking it...and trying to effect a repair install on an infected system?

If so...a repair install will not overcome malware issues. The only files replaced by a repair instal...are system files, the malware files will continue to exist.

Louis

#7 TommyI

TommyI
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 02 April 2010 - 11:05 AM

Actually, I thought that I would format C: and then reinstall windows, not just reinstall. Or what do you suggest I do? Should I continue battling the malware problem?

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,113 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:47 PM

Posted 02 April 2010 - 12:04 PM

Well, I can tell you what I would do...it's your system, you decide your course of action.

If I had a known malware-infected system and I could not clean it myself to the point where I feel that system security is a reality...I would either do a clean install (where I delete the existing system partition as a first step) and then continue with the clean install...or I would seek assistance from the malware resources here at BC.

Maybe I misinterpreted (it happens)...but I saw comments re BSODS, error messages, and chkdsk /r...and I don't connect any of those to a clean install. One cannot run chkdsk on a blank drive because there is no Windows install to designate. If one gets BSOD issues when there is no Windows install, then I'd have to say it's a hardware problem.

I'm just following the drift of the posts and...that's why I asked the question.

Louis

#9 TommyI

TommyI
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 02 April 2010 - 01:10 PM

How do I go about deleting the existing system parturition?

#10 hamluis

hamluis

    Moderator


  • Moderator
  • 56,113 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:47 PM

Posted 02 April 2010 - 01:24 PM

From what I see...that PC came with linux installed.

Soo...however you managed to get XP installed...will determine your options.

What particular model is your system?

Does it have networking capabilities?

Can you attach an external USB-optical drive and boot from it?

Louis

#11 TommyI

TommyI
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 02 April 2010 - 02:05 PM

From what I see...that PC came with linux installed.

Soo...however you managed to get XP installed...will determine your options.

What particular model is your system?

Does it have networking capabilities?

Can you attach an external USB-optical drive and boot from it?

Louis


The model is a Asus EEE 1008HA. It came with Windows XP preinstalled and is SP3. I don't own an external USB-optical drive, and don't think any of my friends have one either. Do you recommend me buying one? Should I rather, at the moment, turn to the Anti-malware part of this forum, in order to get rid of the stuff, repair the system, and THEN try the format+reinstall?

Tommy

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:47 AM

Posted 02 April 2010 - 02:57 PM

I would buy an external USB Optical Drive they are quite handy.

#13 hamluis

hamluis

    Moderator


  • Moderator
  • 56,113 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:47 PM

Posted 02 April 2010 - 03:25 PM

It's your decision.

A pertinent consideration (to me) should be the fact that you currently own no capability for using many computer tools or installing programs which come on a disc.

Another pertinent consideration is whether you actually have any media/means for installing XP easily.

Another consideration...when dealing with malware these days, many users wind up ultimately doing a clean install. Malware damages key files, files may become damaged in removal efforts...these things and more happen daily.

Just as the human body is able to suffer certain types of damage...at certain stages of life...and recover to the extent of gaining full or almost-full functional recovery...so it is with a computer system. But that only lasts for a certain period of a human life.

The major difference is that there is no "clean install" for us humans who become injured or ill at times when we are either more vulnerable or just incapable of overcoming whatever might be wrong.

We have a great malware staff here at BC, IMO. But, unlike some users, I don't expect magic out of them in dealing with malware...I do know that they will do their best and be honest with the poster.

Louis

#14 TommyI

TommyI
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 03 April 2010 - 11:10 AM

Thank you everyone for help and advice! I have decided that I will turn to the people on the Malware forum for now, and see if I can get rid of the malware and then try to repair/clean my system best as I can. If all of this fails, I guess I will have to get a USB- optical drive.

Best regards,
Tommy

#15 hamluis

hamluis

    Moderator


  • Moderator
  • 56,113 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:47 PM

Posted 03 April 2010 - 12:03 PM

Once you get your log posted...please let us know.

You want to start Here and follow all administrative guidance posted at that forum, starting with Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ .

Louis

Edited by hamluis, 03 April 2010 - 12:08 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users