Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Issue - Computer Won't Boot


  • This topic is locked This topic is locked
86 replies to this topic

#1 plasma1

plasma1

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 11 August 2010 - 01:41 PM

I'd like to apologize for the issue at hand, as i found out about combofix while reading a completely different forum unrelated to computer security. The individual had picked up the same malware as i had, and removed most of it, as i had, but we had several annoying issues still existing. Someone recommended using Combofix, so i let him go ahead and it worked perfectly for him. I spoke with him and got the typical "it just worked" response, so i went ahead and ran it. My mistake was forgetting to turn off my antivirus software, or i'd probably be fine as well. Also, i did not realize this program could harm your computer, such as it did. Had i read around in this forum, i would have never ran it on my own.

With that said, I have a Dell Inspiron 6000, Windows XP. Essentially once the computer went to reboot itself, it started out fine, but once it's time to actually boot (passes the setup screen) the screen turns blank. I have read one thread here after this problem arose, and saw what that particular moderator wanted to know for information and the general process, but, of course my logs will be different and i didn't want to mess with anything else after this problematic brain fart. I'm currently job hunting and really need my laptop, badly. It has a lot of important files on it, along with irreplaceable photos, music, and other things alike.

I would greatly appreciate any help and support i can get, i'm "okay" with computers, i realize now i was way over my head, so i apologize for any headache this may cause. I don't want to start toying with partitions and such as i have no experience with that, so i need help finding my way around. Any help would be greatly appreciated!


Thank You...

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:25 AM

Posted 19 August 2010 - 06:22 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:25 AM

Posted 31 August 2010 - 02:00 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:25 AM

Posted 01 September 2010 - 02:09 PM

Reopened at the request of the user.

Have you tried to boot using your OS system CD?

Edited by suebaby41, 01 September 2010 - 02:15 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 plasma1

plasma1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 02 September 2010 - 08:12 AM

Thank you for reopening the topic, i greatly appreciate it. I used the XP SP2 disk to attempt to boot from it, it begins loading windows, then gives me three options, which are to either continue install from that disk (which i don't want since i'm attempting to retrieve my hdd data), or attempt to fix an XP installation, as well as "exit". I chose to attempt to fix a previous XP install, it then runs for another minute, asks which one i'd like to repair and i choose (1), then it asks for the admin password, i enter that, then get to a C:\Windows prompt and have no idea what to do from there dry.gif

What commands should i enter into the prompt to get to boot?

PS- I did change the boot order so that it would boot from CD first.

Thanks again!

Edited by plasma1, 02 September 2010 - 08:13 AM.


#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:25 AM

Posted 02 September 2010 - 02:03 PM

Before you decide to reformat, try a "Repair Install". In "Repair Install", Setup will continue as if it were doing a clean install, but your applications and settings will remain intact. A Repair Install will replace the system files with the files on the XP CD used for the Repair Install. It will leave your applications and settings intact, but Windows updates will need to be reapplied. A Repair Install will replace files altered by adware and malware, but will not fix an adware, malware problem.

Please read XP Repair install carefully and make sure you followed the warning links before initiating the Repair Install. You can print a text version for reference. repair.txt.
  1. Boot the computer using the XP CD. You may need to change the boot order in the system BIOS so the CD boots before the hard drive. Check your system documentation for steps to access the BIOS and change the boot order.
  2. When you see the Welcome To Setup screen, you will see the options below under This portion of the Setup program prepares Microsoft Windows XP to run on your computer:
    • To setup Windows XP now, press ENTER.
    • To repair a Windows XP installation using Recovery Console, press R.
    • To quit Setup without installing Windows XP, press F3.
  3. Press Enter to start the Windows Setup.
  4. Important: Do NOT choose "To repair a Windows XP installation using the Recovery Console, press R", (You Do Not want to load Recovery Console).
  5. Accept the License Agreement and Windows will search for existing Windows installations.
  6. Select the XP installation you want to repair from the list and press R to start the repair. If Repair is not one of the options, END setup. After the reboot, read Warning #2!
  7. Setup will copy the necessary files to the hard drive and reboot. [bImportant: Do not press any key to boot from CD when the message appears.[/b] Setup will continue as if it were doing a clean install, but your applications and settings will remain intact.
  8. Microsoft Security Bulletin MS04-011
    Reapply updates or service packs applied since initial Windows XP installation. Please note that a Repair Install using an Original pre service pack 1 or 2 XP CD used as the install media will remove SP1/SP2 respectively and service packs plus updates issued after the service packs will need to be reapplied.
    • Windows XP Service Pack 1
    • Service Pack 2
  9. For additional information, see
  10. Note: Do not immediately activate over the Internet when asked. Make sure that your Firewall and Antivirus program are enabled.
    You may enable the "XP firewall[" before connecting to the Internet. You can activate after the firewall is enabled by using
    • Control Panel - Network Connections
    • Right click the connection you use, select Properties.
    • There is a check box on the Advanced page.
  11. After getting on the Internet, immediately visit Microsoft Windows Update. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 plasma1

plasma1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 03 September 2010 - 12:33 PM

I will give this a try as soon as i get home from work, thank you very much once again.

#8 plasma1

plasma1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 04 September 2010 - 02:22 PM

Please, if anyone who reads this reply knows the answer to this question, please reply so i feel confident with what i'm about to do. I'm about to follow Suebaby's directions, but, i just want to ask one question real quick. I will not lose my data off of my hard drive by doing this, right? I REALLY need that data, as much as i need my computer.

Thank You.

Edited by plasma1, 04 September 2010 - 02:58 PM.


#9 plasma1

plasma1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 06 September 2010 - 03:49 PM

I followed the instructions several times and my computer still won't boot.

#10 plasma1

plasma1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 15 September 2010 - 10:52 AM

Can any of the other moderators possibly help me out, Suebaby41 hasn't been posting in ~2 weeks and i would really appreciate some assistance.

Thank you



#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:25 AM

Posted 15 September 2010 - 11:59 AM

Hi plasmal1,



suebaby41 is not available due to health problem. I will be helping you with the continued support.

I assume you had run ComboFix and your system should have installed Recovery Console. If that's the case, please do as instructed in the following:


Step1

1. Restart your computer.
2. Before Windows loads, you will be prompted to choose which Operating System to start.
3. Use the up and down arrow key to select Microsoft Windows Recovery Console.



4.You must enter which Windows installation to log onto. Type 1 and press enter.



5.At the C:\Windows prompt, type the following bolded text, and press Enter:

cd erdnt\subs

6.At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con



7.The erunt backups will begin copying.
8.At the next prompt, type the following bolded text, and press Enter:

exit

Windows will now begin loading.

Let me know how things went.

#12 plasma1

plasma1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 15 September 2010 - 02:01 PM

It's been about 2 weeks since i tried last, but i believe i tried that already and windows wouldn't load. I will give your directions a try as soon as i get home in a few hours and let you know. Thank you very much for the quick response!



#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:25 AM

Posted 15 September 2010 - 02:22 PM

Hi plasmal1,




QUOTE
but i believe i tried that already and windows wouldn't load

When? Did you receive help elsewhere? Anyway, please perform the instructions above.

If you are still unable to boot onto windows, rerun it and then replace cd erdnt\subs with the following command --> cd erdnt\hiv-backup, others remain the same.

Let me know how things went.






#14 plasma1

plasma1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 15 September 2010 - 05:21 PM

Okay, when I enter cd erdnt\subs it returns "the system cannot find the file or directory specified". My boot order is set to boot from my hdd, and I chose the recovery console as you directed, entered 1, and entered my admin password. I'll try the other cmd you had given me and see what happens.

Edit: tried the other way, ten files copied, then when prompted, i entered 'exit' and it attempted to reboot and I still got the same blank screen, no windows.

Edited by plasma1, 15 September 2010 - 05:30 PM.


#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:25 AM

Posted 15 September 2010 - 06:19 PM

Hi plasmal1,



I have sent a message to your pm box. Please do as instructed in that message accordingly.Thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users