Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I have unruy d. trojan


  • This topic is locked This topic is locked
26 replies to this topic

#1 Peep2

Peep2

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 15 July 2010 - 01:34 AM

I have had an infected computer for going on two weeks now. I have been unsuccessful in fixing it. In reading up on the reported trojan, Bleepingcomputer.com seems to be the only site I have found that has been able to actually help anyone infected.

So here I am. I hope you can help me.

My problems and symthoms seem very similiar to the OP in this thread. http://www.bleepingcomputer.com/forums/lof...hp/t330090.html

I also have a clicking noise, turning down of the wave control on the volume setting, the message from malwarebytes that
Memory Processes Infected:
QUOTE
C:\System Volume Information\Microsoft\services.exe (Trojan.Cycler) -> Failed to unload process.
C:\System Volume Information\Microsoft\smss.exe (Trojan.Cycler) -> Failed to unload process.


I also was unable to run Gmer. I got a blue screen about an hour in, a crash, that told me

QUOTE
A problem has been detected and windows has been shut down to prevent damage to you computer.

The problem seems to be caused by the following file: kgtyapog.sys
PAGE_FAULT_IN_NONPAGED_AREA

Technical Information:
Stop: 0x000000050 (0xba287b30, 0x00000001, 0xa7256fa6, 0x00000000)

Kgttyapog.sys Adress a7256fa6 base at a724b000, datestamp 4b274f8d


My DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 3:26:12.09 on Wed 07/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1333 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237379095296
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\tp3n98nt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [2009-8-26 36512]
R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [2009-8-26 39456]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-3 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1352832]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-3-17 20160]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [2009-5-15 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [2009-5-15 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [2009-5-15 174720]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-7 532224]
S4 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);c:\documents and settings\administrator.carls-laptop\desktop\HitmanPro35.exe [2010-7-4 6110528]
S4 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-8-24 82432]

=============== Created Last 30 ================

2010-07-14 06:58:47 2 ----a-w- c:\windows\msoffice.ini
2010-07-14 05:39:18 0 d-----w- c:\program files\Yahoo!
2010-07-14 01:47:52 0 d-----w- c:\program files\RegWork
2010-07-14 01:37:09 0 d-----w- c:\program files\Sun
2010-07-14 00:33:46 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 06:37:02 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-13 04:44:59 0 d-----w- c:\program files\Microsoft Security Essentials
2010-07-13 04:01:21 0 d-sha-r- C:\cmdcons
2010-07-05 00:02:07 680 ----a-w- c:\windows\system32\.crusader
2010-07-05 00:02:07 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-07-04 23:05:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-04 23:00:19 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-04 22:58:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-07-04 22:57:58 0 d-----w- c:\program files\Hitman Pro 3.5
2010-07-04 22:56:52 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-07-04 22:54:56 0 d-----w- c:\program files\ESET
2010-07-04 20:42:37 0 d---a-w- C:\.Trash-999
2010-07-03 07:33:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-03 05:52:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-03 05:52:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-03 05:40:19 0 d-----w- c:\program files\Lavasoft
2010-06-27 15:04:39 124037 ----a-w- C:\MGlogs.zip
2010-06-27 15:04:37 0 d-----w- C:\MGtools
2010-06-27 15:03:03 0 ----a-w- c:\documents and settings\user\settings.dat
2010-06-27 14:36:14 98816 ----a-w- c:\windows\sed.exe
2010-06-27 14:36:14 77312 ----a-w- c:\windows\MBR.exe
2010-06-27 14:36:14 256512 ----a-w- c:\windows\PEV.exe
2010-06-27 14:36:14 161792 ----a-w- c:\windows\SWREG.exe
2010-06-27 06:17:19 0 d-----w- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2010-06-27 06:17:19 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-27 06:17:04 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-27 06:02:33 0 ----a-w- c:\documents and settings\user\defogger_reenable
2010-06-27 05:33:00 0 d-----w- c:\program files\CCleaner
2010-06-27 04:38:49 131 ----a-w- c:\windows\CRC.INI
2010-06-26 20:14:26 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-26 20:14:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-26 04:15:29 0 d-sh--w- c:\documents and settings\user\IECompatCache
2010-06-26 01:22:04 0 d-----w- c:\docume~1\alluse~1\applic~1\ZA_PreservedFiles
2010-06-26 01:11:42 0 d-----w- c:\program files\ZoneAlarm
2010-06-25 16:54:51 0 d-----w- c:\program files\PartyGaming
2010-06-23 15:48:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-16 20:29:00 411368 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-06-26 01:11:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-23 17:51:22 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 3:30:18.25 ===============
Attached File  Attach.txt   40.05KB   11 downloads

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:17 AM

Posted 15 July 2010 - 05:39 PM

Good evening. smile.gif

Please download MBRCheck.exe by a_d_13 from here and save it to your Desktop.
  • Double click the file to begin the scan.
  • A Command Window will open and after the scan has completed you will be prompted to enter Y or N.
  • Enter n and then when prompted press <ENTER> to exit.
  • A text file called MBRCheck_date/time.txt can be found on the Desktop. I'd like you to post the contents in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Preformat.zip from here and save it to your Desktop. You will need to extract the file.

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


You should now see a folder with a .vbs file in it. Double click Preformat.vbs to run it and a text file called Preformat.txt should be created in the same folder - either that or you'll get an error message.
Please copy and paste the contents of the text file into your next reply and then you can delete both of the folders and their contents.

So long, and thanks for all the fish.

 

 


#3 Peep2

Peep2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 15 July 2010 - 10:52 PM

Good evening. Good to see you. smile.gif

QUOTE
MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

55 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Done! Press ENTER to exit...


Partition ID: Disk #0, Partition #0
Size: 55.88 GB

The computer boots from this partition.

~~~~~~~~~~~~~~~~~~~~~~~~

BIOS Manufacturer: Dell Inc.
Name: Phoenix ROM BIOS PLUS Version 1.10 A05
Status: OK

This is the primary BIOS.

~~~~~~~~~~~~~~~~~~~~~~~~


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:17 AM

Posted 16 July 2010 - 02:51 PM

Good evening. smile.gif

Can you tell me the make and model of your PC and also whether or not you can burn a CDRom as you will need a little something to deal with this nasty.

So long, and thanks for all the fish.

 

 


#5 Peep2

Peep2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 16 July 2010 - 04:42 PM

I have a Dell Latitude D620 Laptop.

Yes, I can burn a CD.

Thanks. As is to be expected after two weeks, my trojan and I have developed a relationship of sorts. I like the nickname "little nasty" for him. I would also like to see him DEAD.

Thanks again.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:17 AM

Posted 16 July 2010 - 05:26 PM

Dells usually come either with a recovery partition on them to allow a Factory Restore or a reinstallation disc - do you have either of these?

So long, and thanks for all the fish.

 

 


#7 Peep2

Peep2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 16 July 2010 - 09:13 PM

I do not have a reinstallation disc.

I do not know if I have a recovery partition. I did google "recovery partition Dell Latitude D620" and it seems like I might have one built in, but not sure. They discuss hitting "F12" and/or "F11" upon startup to find it.

I have never done that before.

What would you like me to do next?

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:17 AM

Posted 17 July 2010 - 03:55 PM

Good evening. smile.gif

Preformat.txt didn't show any partitions, recovery or otherwise, but I was wondering if perhaps you had backed it up to disc and then deleted it.

Go to Start > Run... enter compmgmt.msc and click OK. Double click Storage and then Disk Management (Local) in the window that opens.
You should now see a graphical representation of your hard drive in the lower pane on the right. Tell me how many rectangular blocks you see - I'm guessing that you only have one that says something like Windows (C:)

So long, and thanks for all the fish.

 

 


#9 Peep2

Peep2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 17 July 2010 - 04:03 PM

Yes, just "C".

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:17 AM

Posted 17 July 2010 - 05:19 PM

OK, the situation you find yourself in is as follows - Your hard drive has an area on it that is known as the Master Boot Record. The nasty that you have picked up has altered the MBR and ideally we would undo the changes to solve the problem.
Unfortunately it isn't quite as easy as typing this and, as you don't have the installation disc, the only option we have available is to replace your MBR with a standard one, which may not be the end of your problems. Different computer manufactures can have different Master Boot Records and overwriting the MBR with a standard one may result in the PC becoming unbootable.
Sadly I can't say whether the fix will behave itself on your PC or not, so you'll have to decide what you want to do and let me know.

So long, and thanks for all the fish.

 

 


#11 Peep2

Peep2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 17 July 2010 - 08:11 PM

Thanks for the feedback Noviciate.

I am sadly travelling, do not have access to my regular computer store who sold me the computer.

But I am in a city of 750,000 (Edmonton Alberta) so I should be able to pick up a Dell Installation Disc somewhere no? Or can I download one from online?

Or I could call the wife and have here pick a Dell Installation Disc at my regular store and Corrier it out to me.

If we fail on the general MBR, I can still take the computer in and have it reformated? Or is it toast?

Edited by Peep2, 17 July 2010 - 08:16 PM.


#12 Peep2

Peep2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 17 July 2010 - 08:45 PM

Is this thing any good for me?

I found in through Google.

QUOTE
free dell latitude c640 restore cd
Dell Latitude C640 XP Restore Disk


-> Dell Latitude C640 XP Windows Restore Disk. This is an automated easy drivers windows restore disk. The drivers are supplied in a windows friendly format. This means that your Dell Latitude C640 XP laptop will automatically find the drivers you need every time and no exceptions. If you have just installed a new operating system and half of your laptop just wont work (with faults like no s


.....lots more free dell latitude c640 restore cd information here.

Download or CD Restore Disks Avaliable


http://restore-disk.com/restore/free/dellf...restore-cd.html

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:17 AM

Posted 18 July 2010 - 02:18 PM

Good evening. smile.gif

QUOTE
Is this thing any good for me?

The link that you posted is for a method of easily installing drivers on a machine that already has the Operating System up and running, so it is of no use in this case.

QUOTE
If we fail on the general MBR, I can still take the computer in and have it reformated? Or is it toast?

Simply put, when you boot your PC the MBR is read to give details to the machine of where to find the Operating System it should load and if the MBR points to the wrong location the machine won't find an OS to run. A PC without an OS is like a TV without a signal - electrically/electronically both are in perfect working order, but useless in the one way that they were designed to work in.

Should you go with the MBR fix and the PC becomes unbootable, then you will need to reinstall Windows, which will overwrite your existing installation and all the files on it. It is possible to recover files using a Linux boot disc, but it would be better for you to back-up anything you want before you start to play.

So long, and thanks for all the fish.

 

 


#14 Peep2

Peep2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 18 July 2010 - 09:59 PM

OK, I think I am prepared.

My son has a Windows XP Pro 32 bit CD with him (same Operating system as I have), and I have all my essential data backed up on a flash drive.

I have my XP number, so I can enter that after I reload Windows.

I think I am set to try it.

Let'er Rip!

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:17 AM

Posted 19 July 2010 - 02:50 PM

Good evening. smile.gif

That's the spirit! clapping.gif If you have the Windows disc, you can reset the MBR using the Recovery Console.

Step 1: You will need to set the CD-Rom as first boot device if it isn't already. There's a handy pictorial guide here. As long as you don't get too carried away, you won't do any harm and you should get the option to exit the BIOS without saving any changes if you are unsure what you did was right.
Obviously if you are sure, make sure that you exit with changes saved.

I've had a DELL lappy in the past and it was prettyeasy to get into the BIOS, unlike some, but you need to be awake as there is only a limited time when the PC will accept the key press at the start of the boot process. If you get the Windows loading page, you've missed it and you'll need to reboot and try again.

Step 2: Boot from the disc, access the Recovery Console and run the command fixmbr - handily, you get a walkthrough of both the Recovery Console and repairing the MBR here.

Step 3: Once you have rebooted the PC, run MBRCheck.exe again and let me have the log produced. Please make sure you post the latest log, the date will be in the file name, or we'll go round in circles until the end of time.

If I haven't made something clear, please ask BEFORE you begin.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users