Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a trojan, unsure of it's name.


  • This topic is locked This topic is locked
72 replies to this topic

#1 deadward

deadward

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 12 October 2010 - 12:48 AM

Hi there,

I started noticing symptoms of this thing earlier in the week. A "trial" of Antimalware Doctor started to appear on startup and "run a scan." Upon removal, it was replaced by Antivirus 2010 and an annoying "YOUR SYSTEM FILES ARE INFECTED" object on my desktop, which goes away when rkill ends the svchost process that this li'l bugger is hiding behind. AVG didn't catch it or find it on an active scan, and it has since managed to thwart my scanning attempts with Avast, MBAM, Super AntiSpyware, and GMER. Every time I try to scan with one of these programs, its running processes are terminated after about a minute, and the executables used to run them are renamed and replaced by fakes. The online scanner from Eset found and removed several infected objects, but the symptoms persist. At the request of a moderator with the handle boopme, I've moved the issue from the "Am I Infected?" forum to here. Any help would be greatly appreciated. Following and attached are the two log files produced by DDS.


DDS (Ver_10-10-05.01) - NTFSx86
Run by Edward at 22:17:24.42 on Mon 10/11/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2990 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\system32\wuauclt.exe
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Razer\Naga\NagaTray.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.netflix.com/MemberHome
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTuner.exe" /S
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [Razer Naga Driver] c:\program files\razer\naga\NagaTray.exe
mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: winsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227731620437
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\edward\applic~1\mozilla\firefox\profiles\tfw49lbk.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\tfw49lbk.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\tfw49lbk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-13 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-13 27784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-13 297752]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-1-27 10384]
R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2010-7-9 1053440]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-7-14 19720]
R3 RzSynapse;Razer Naga Driver;c:\windows\system32\drivers\RzSynapse.sys [2010-6-12 60032]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
S0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys --> c:\windows\system32\drivers\tclondrv.sys [?]
S0 wpwt;wpwt;c:\windows\system32\drivers\rweyw.sys --> c:\windows\system32\drivers\rweyw.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 gupdate1caa7acd3e196c;Google Update Service (gupdate1caa7acd3e196c);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 133104]
S3 DFBCFDBA;DFBCFDBA; [x]
S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-8-4 17149]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2009-9-12 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2009-9-12 218608]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2008-11-29 636502]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 SV;SV;c:\docume~1\edward\locals~1\temp\sv.exe --> c:\docume~1\edward\locals~1\temp\SV.exe [?]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\wpn111.sys --> c:\windows\system32\drivers\WPN111.sys [?]

=============== Created Last 30 ================

2010-10-11 04:26:47 -------- d-----w- c:\program files\ESET
2010-10-11 04:21:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 00:53:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-09 19:30:15 856 ----a-w- c:\docume~1\alluse~1\applic~1\.wtav
2010-10-09 03:53:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-10-08 06:13:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-07 22:27:57 -------- d-----w- c:\program files\Secunia
2010-10-07 21:07:07 133 ----a-w- c:\docume~1\edward\applic~1\asdsada.bat
2010-09-26 08:04:16 -------- d-----w- c:\docume~1\edward\locals~1\applic~1\My Games
2010-09-25 17:42:46 -------- d-----w- c:\program files\Heroes of Newerth
2010-09-20 05:33:15 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-09-20 01:19:36 -------- d-----w- c:\windows\system32\scripting
2010-09-20 01:19:34 -------- d-----w- c:\windows\system32\en
2010-09-20 01:19:34 -------- d-----w- c:\windows\l2schemas
2010-09-20 01:16:32 -------- d-----w- c:\windows\network diagnostic
2010-09-19 19:31:59 -------- d-----w- c:\program files\common files\Cisco

==================== Find3M ====================

2010-10-09 23:03:47 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 09:42:29 73728 ----a-w- c:\windows\system32\javacpl.cpl

============= FINISH: 22:18:19.34 ===============


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:41 AM

Posted 13 October 2010 - 02:30 PM

Hello and welcome,

could you please try to run MBRCheck for me next:
Please download MBRCheck.exe to your desktop.
  1. Double click to run it
  2. It will prompt you with some text
  3. Left click on title bar (where program name and path is written)
  4. From menu chose Edit -> Select All
  5. Now just click Enter key on keyboard to copy selected text
  6. Now paste that text here for me.

If you can not launch MBRCheck.exe, please delete the copy and download a fresh copy, renaming it fun.com before saving it. Try to run that one.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 deadward

deadward
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 13 October 2010 - 03:18 PM

Thank you for the help, myrti. Here's the ouput from MBRCheck:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000002d

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000001f`ff588800 (NTFS)

Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
Press ENTER to exit...


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:41 AM

Posted 14 October 2010 - 05:02 AM

Hi,

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
    Note: There is a blanke between mbr.exe and -t.
  • press Enter.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\). The file will not open automatically, you need to go to C:\mbr.log yourself and open it.
  • Copy and paste the results of the mbr.log in your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 deadward

deadward
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 October 2010 - 03:28 PM

Here is the log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xBA14D11B]<<
kernel: MBR read successfully
user & kernel MBR OK

#6 deadward

deadward
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 October 2010 - 03:33 PM

Also, this just showed up on my desktop in a file called "I Love You!.TXT":

Hi!
I very sorry, but i forget how your name Edward or Mike.
Why you killed Antimalware Doctor 2010 ?
Please run Rkill not once,but several times.
if all will be ok we fly to the Denmark.


:/

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:41 AM

Posted 14 October 2010 - 04:15 PM

Hi,

I would like to use a live-cd or flash drive for the next step. Do you have the possibility to burn a CD or do you know if your PC can boot from flash drive?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 deadward

deadward
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 October 2010 - 04:33 PM

I'm pretty sure my PC will boot from a flash drive, which I have available. If not, I have a DVD-RW drive and blanks DVD5s, or could go out and purchase blank CD-Rs.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:41 AM

Posted 14 October 2010 - 04:45 PM

Hi,

that's great. Let's try the flash drive then smile.gif


Download http://unetbootin.sourceforge.net/unetboot...dows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Still in the terminal type: dd if=/dev/hda of=MBRbackup.zip bs=512 count=1 and hit Enter.
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
Please attach MBRbackup.zip to your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 deadward

deadward
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 October 2010 - 05:05 PM

I created the disk as per your instructions. When I try booting from the disk, using any of the four USB boot options in my BIOS, I see the following three lines instead of any xPUD prompts.

SYSLINUX 3.72 2008-09-25 CBIOS Copyright 1994-2008 H. Peter Anvin
Could not find kernel image: linux
boot: |

I will try remaking the disk in a few hours after I return from class. If you can pinpoint what went wrong, that may help out.

Edited by deadward, 14 October 2010 - 05:06 PM.


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:41 AM

Posted 14 October 2010 - 05:08 PM

Hi,

I had one case where the person had overlooked the necessity to download the iso from which to install the operating system. That wouldn't happen to be the case here?

Otherwise I would have to look further.

Have fun in class, I'll see you tomorrow then.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 deadward

deadward
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 October 2010 - 05:37 PM

Nope, the ISO is on my desktop and was the disk image I selected with the xPUD installer. I'll try again this evening, hopefully it works.

Thanks again, I hope we can resolve this.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:41 AM

Posted 14 October 2010 - 06:00 PM

Hi,

have a look here: http://www.pendrivelinux.com/error-could-n...el-image-linux/

This is the general advice given for your error message. Your bootable flash drive does contain these files and folders?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 deadward

deadward
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 October 2010 - 07:30 PM

Walked through the solution steps in that article. Syslinux.cfg exists on the root of the drive, and points to kernel and initrd paths that look valid to me. I guess I'll just format the drive and try again.

Edit: Remade the rescue disk. Still giving me the same error.

Edited by deadward, 14 October 2010 - 08:13 PM.


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:41 AM

Posted 15 October 2010 - 06:51 AM

Hi,

I asked around and another suggestion that cropped up was that maybe the iso you downloaded has been incomplete and that is why the install isn't working correctly.

Could you try to download the iso again and see if you then can create the flash drive successfully? Could you give me a list of the files in your flash drive?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users