Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Hung


  • This topic is locked This topic is locked
5 replies to this topic

#1 blwa

blwa

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 16 June 2010 - 04:44 PM

It all started with Antimalware Doctor dialog box appearing...daughter first noted it on wife's desktop computer. I should have come here first but didn't...

Anyway, I started SUPERAntispyware free edition which was set to custom scan. I stepped away from computer since it was taking long. Upon returning half hour later, only thing on screen is desktop photo without any icons. System is dead. Here is what I did:

1. Push restart button and system reboots...setup BIOS displayed and scrolls, then I note message "PRIMARY SLAVE failure".

Seagate Barracuda 7200.7 (Model ST340014A)
P/N: 9W2005-371
HDA P/N: 100348956
Config: A4K-03
Firmware: 8.01
Date Code: 06073

2. Press F1 to continue and more setup info appears; BIOS notes the presence of Primary Slave drive, screen switches to blank dark screen and that's it. There is no cursor visible. Turn off system.
3. Press restart and system goes thru same thing.
4. Restart again and enter BIOS to change Primary Slave setting to NONE (it was on AUTO). System proceeds thru startup and hangs.
5. Disconnect power and IDE cable and physically remove HD from system and reboot but system still hangs.
6. Installed HD onto another system as Primary IDE Slave, BIOS reports "Primary Slave HD: SMART command failed". Pressing F1 to continue results in blank dark screen...sytem is hung.

Any ideas what is going on? Also, what steps can I take to revive system? One priority is to try and capture data/photos on second HD.

Again, as always, thank you in advance for your assistance. I await anxiously your advice on how and what to do.

Blaine

EDIT: Moved from XP to Am I Infected ~ Hamluis.

Edit ~ Moved again to Malware Removal ~Pandy

Edited by Pandy, 25 June 2010 - 08:35 AM.


BC AdBot (Login to Remove)

 


#2 blwa

blwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 17 June 2010 - 12:45 PM

I hope the steps I have taken thus far haven't doomed repairing this system. Do I need to do anything else or provide additional information to assist the experts in devising solutions to my dilemma? Thank you,

Blaine

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:23 AM

Posted 17 June 2010 - 08:22 PM

I am looking for someone that matbe can help you.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 blwa

blwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 18 June 2010 - 08:12 PM

Thank you I would appreciate that.

In the mean time, I have removed the primary master HD from my wife's system and installed it in another system as a slave HD. It shows up as G-drive. I ran MBAM and the log is as follows:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4211

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/17/2010 9:06:33 PM
mbam-log-2010-06-17 (21-06-33).txt

Scan type: Full scan (C:\|D:\|G:\|H:\|)
Objects scanned: 397251
Time elapsed: 2 hour(s), 22 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 46

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
G:\simplex.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
G:\Documents and Settings\All Users\Application Data\Update\seupd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Application Data\AD6F85439D96AC03B71B5DE7EFA141A9\setupupdater0000.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temp\39.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temp\4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temp\asxocrnmwe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temp\msupd_2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temp\uhedyvt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temp\ea7142e6.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temp\ejeny.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temp\Ik0.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temp\Ik1.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temp\jgmkw.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temp\rropyvnl.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temporary Internet Files\Content.IE5\74CKIMUU\gkbjdlwqlt[1].htm (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temporary Internet Files\Content.IE5\H98Y47Z0\ggbrzx[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temporary Internet Files\Content.IE5\KN12S15V\kksahc[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temporary Internet Files\Content.IE5\KT17D765\wzdytaicxe[1].htm (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temporary Internet Files\Content.IE5\KT17D765\uiptnmgovj[1].htm (Trojan.Clicker) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temporary Internet Files\Content.IE5\T09SY668\exe[1].exe (Adware.Adrotator) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temporary Internet Files\Content.IE5\T09SY668\setupupdater0000[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temporary Internet Files\Content.IE5\VPPFDO1P\kksaupwr[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temporary Internet Files\Content.IE5\XNFU1LH8\Install[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
G:\Documents and Settings\Joyce.MOM\Local Settings\Temporary Internet Files\Content.IE5\YS0XINOP\mvfstk[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\Program Files\$NtUninstallWTF1012$\elUninstall.exe (Adware.EZLife) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{7CC991F6-8EC4-45E5-9360-BED6DFD1A2A5}\RP625\A0078023.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{7CC991F6-8EC4-45E5-9360-BED6DFD1A2A5}\RP625\A0078024.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{7CC991F6-8EC4-45E5-9360-BED6DFD1A2A5}\RP625\A0078025.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{7CC991F6-8EC4-45E5-9360-BED6DFD1A2A5}\RP625\A0078026.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{7CC991F6-8EC4-45E5-9360-BED6DFD1A2A5}\RP625\A0078028.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{7CC991F6-8EC4-45E5-9360-BED6DFD1A2A5}\RP625\A0078029.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
G:\WINDOWS\Icytia.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
G:\WINDOWS\chchenp.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
G:\WINDOWS\oximowapupiyecif.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\dmxsfsbyvq.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\emdqg.dll (Trojan.AdClicker) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\imdqg.dll (Trojan.AdClicker) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\maysrnuq.dll (Adware.AdShot) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\vmdqg.exe (Adware.Adshot) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\ktuclews.exe (Adware.Lifze) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\yohvntqfgqc.dll (Trojan.AdClicker) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\_yohvntqfgqc.dll (Adware.Adrotator) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\eshkxsic.dll (Adware.Lifze) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\WINDOWS\Temp\3A.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
G:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.EZLife) -> Quarantined and deleted successfully.

After completion, I reinstalled it in my wife's system but it would still not boot. The point at which it terminates or hangs is after the BIOS has scrolled and where one would expect the WIN XP to display start up. I am able to access and copy folders and files contained in Documents and Setting for all user's. With the exception of these actions, I have not removed or altered the Primary Master HD from my wife's system.

As for the Primary Slave HD, I would like to determine if it is a mechanical failure/HD crash or whether any malware has destroyed or damaged the ability to retrieve/access data. The drive does appear to spin up when installed as I can detect what maybe subtle vibrations from the rotating platters.

I await further assistance. Thank you,

Blaine

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:23 AM

Posted 25 June 2010 - 07:35 AM

Hi Blaine,

Please update me on the current condition of your computer to see if we can recover the system.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:23 AM

Posted 30 June 2010 - 04:46 AM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users