Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP SP3 stops loading at fjgsdisk.sys


  • This topic is locked This topic is locked
2 replies to this topic

#1 Apricorn

Apricorn

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 24 August 2010 - 12:38 PM

I am the IT Admin at a small company
Today I was handed a laptop that had all the signs of the Google Redirect virus / malware
The owner of the laptop found in your forums that the ComboFix was likely the best way to solve this problem.
She ran combofix (without your assistance) and it appeared to clean the virus for several days, but on the 4th day the virus seems to have come back.
On the 5th day the laptop refused to boot in the morning.
When booting in safe mode the OS always halts at FJGSdisk.sys

I'm hoping that because she did install the recovery console, and I can boot into the recovery console, that someone at BC will be able to tell me how to leverage the power of the recovery console to get this OS to boot again. I'm thinking a restore point would work quickest, but your advice will be followed if there is a better way.

One last detail, I did boot the OS one time in Safe Mode Boot Logging, so the log file is in the systemroot if we need it.

Thanks in advance for any help you can offer at this point.

Apricorn

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:39 AM

Posted 24 August 2010 - 03:05 PM

Hello, could you please post me the bootlog? Please plug in a flash drive and enter the RC.

To do so, at the C:\windows> prompt, type the following and press enter:

map

Now look what driver letter your has assigned and note that down.

Then type the following and press enter:

set allowremovablemedia = true

set allowallpaths = true


Note - if you receive an error about set command not being enabled, just continue.

copy ntbtlog.txt <driveletter>:\ntbtlog.txt <-- replace <driveletter> with the letter you just found to be the drive letter of the flash drive.

The log should now have been copied to your flashdrive.

Edited by elise025, 24 August 2010 - 03:06 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:39 AM

Posted 30 August 2010 - 07:56 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users