Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Tidserv.1!inf and Trojan.Bamital!inf infections


  • This topic is locked This topic is locked
67 replies to this topic

#1 princess1221792003

princess1221792003

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 PM

Posted 12 October 2010 - 06:28 PM

I have an older Gateway computer running Win xp that suddenly would not boot into windows or allow access to files.

I was able to remove the hard drive and use an external drive enclosure to save my important files and run a virus scan from my laptop computer.

The infected computer is listed as drive F on the "my computer" of my laptop

Norton 2011 found quite a few things and left 2 unresolved - Backdoor.Tidserv.1!inf and Trojan.Bamital!inf

Tried Norton Power Scrubber thing - didn't fix it
Tried Malwarebytes - did'n't fix it

Tried the Bootable virus detection disk from Norton on the Desktop (reinstaled the hard drive) and it still found the two infections - didn't fix it. Computer still will not boot...sometimes I can get to the recovery consol, sometimes not.

THe bootable disk said the infections are in:

C:\winnt\explorer.exe
C:\winnt\system32\drivers\imapi.sys

so I guess that if its in the drive enclosure, those C: would be F:

was advised to run TDSSKILLER but unable to run the scan the way suggested. I can't even start the computer with the infection. It will attempt to load windows and then go to a blank screen. The only way I have been able to access the drive is in a drive enclosure connected to another computer. So when the TDSSKiller ran - it only checked the C drive...which is not infected, because it belongs to another computer....in this setup, the infected drive is called F. I was not given an option to make TDSSKiller check the F drive. Regardless if I saved it on the Desktop of the C drive or the Desktop file of the F drive.

per this topicI was told to post these logs. I am unsure if the Logs contain any info from the effected hard drive (F) - being that hd F is in a drive enclosure connected to a working computer....


I have attached 2 GMER logs. I ran one with the selections requested in the directions and the second one with the F drive also selected...can't tell that it made a diffrence - but i'm no expert....

DDS (Ver_10-10-10.03) - NTFSx86
Run by Owner at 12:08:31.67 on Tue 10/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.189 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Webroot Internet Security Essentials *disabled* {2DB6657C-B970-44d3-AB42-6325A913CCC2}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.1.0.37\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x0994 -f video -m logitech -d 11.5.0.1145
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225920935656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226977086906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: dalusulo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli dalusulo.dll morugawe.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pjalk2sc.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-10-04 23:36:26 26600 -c--a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-04 23:36:26 107368 -c--a-r- c:\windows\system32\GEARAspi.dll
2010-10-04 23:32:51 -------- dc----w- c:\windows\system32\drivers\nbrtwizard\0301000.00B
2010-10-04 23:32:51 -------- dc----w- c:\windows\system32\drivers\NBRTWizard
2010-10-04 23:32:47 -------- dc----w- c:\program files\Norton Bootable Recovery Tool Wizard
2010-09-27 23:57:28 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 23:57:22 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 22:16:21 -------- dc----w- c:\docume~1\owner\locals~1\applic~1\NPE
2010-09-23 22:49:49 369072 -c--a-r- c:\windows\system32\drivers\nis\1201000.025\symtdi.sys
2010-09-23 22:49:49 331312 -c--a-r- c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys
2010-09-23 22:49:49 294448 -c--a-r- c:\windows\system32\drivers\nis\1201000.025\symnets.sys
2010-09-23 22:49:48 666672 -c--a-r- c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys
2010-09-23 22:49:48 50096 -c--a-r- c:\windows\system32\drivers\nis\1201000.025\srtspx.sys
2010-09-23 22:49:48 489008 -c--a-r- c:\windows\system32\drivers\nis\1201000.025\srtsp.sys
2010-09-23 22:49:48 339504 -c--a-r- c:\windows\system32\drivers\nis\1201000.025\SymDS.sys
2010-09-23 22:49:48 134704 -c--a-r- c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys
2010-09-23 22:49:04 -------- dc----w- c:\windows\system32\drivers\nis\1201000.025
2010-09-23 22:49:04 -------- dc----w- c:\windows\system32\drivers\NIS
2010-09-23 22:49:00 -------- dc----w- c:\program files\Norton Internet Security
2010-09-23 22:48:58 -------- dc----w- c:\docume~1\alluse~1\applic~1\Norton
2010-09-23 22:41:11 -------- dc----w- c:\program files\NortonInstaller
2010-09-23 22:41:11 -------- dc----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

==================== Find3M ====================

2010-09-23 22:50:11 60808 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-17 13:17:06 58880 -c--a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 -c--a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 -c--a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 12:09:56.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 20 October 2010 - 06:59 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 princess1221792003

princess1221792003
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 PM

Posted 21 October 2010 - 09:37 PM

I haveattempted to "subscribe" to this topic. I hope it worked.

I do hope we can solve my computer troubles!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 22 October 2010 - 03:42 AM

I'll do my best. There are two nasty malware terms in your title, both TDSS and Bamital work together to make the PC quite difficult to work. We need to try and remove one of these before we can attempt the removal of the other.

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 princess1221792003

princess1221792003
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 PM

Posted 22 October 2010 - 08:54 AM

Been there - tried that. Could not make it scan the infected drive.....

Remember, I can't even boot the computer that has the infections. The only way I have found to access the hard drive is to place it in an external hard drive enclosure and access it as F: Drive from a working computer.

When I ran that TDSSKiller, it only scans the C drive - which is the no effected computer. It never looks at the F drive - which is the infected hard drive.

Click here to see more info on this link...

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 22 October 2010 - 04:54 PM

Okay, sorry I missed that. So, the rootkits have already made it non-bootable.

Please do the following so we can set up a recovery console

You will need a USB drive.
  • Download UNetbootin to the desktop of your working computer.
  • Download xpud-0.9.2.iso from noahdfear.net and save it to the desktop as well.
  • Once the download(s) have completed, double click the unetbootin-xpud-windows-387.exe file to run the installer.
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file
  • Verify the correct drive letter is selected for your usb device then click OK
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface.
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
Posted Image
m0le is a proud member of UNITE

#7 princess1221792003

princess1221792003
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 PM

Posted 23 October 2010 - 03:13 PM

F12 did not give me a chance to choose usb to boot

still trying to run the usb stick on the sick computer....it said there was no boot filename recieved. Then goes to a blank screen

Edited by princess1221792003, 23 October 2010 - 03:16 PM.


#8 princess1221792003

princess1221792003
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 PM

Posted 25 October 2010 - 03:08 PM

Can't get it to work..

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 25 October 2010 - 06:44 PM

Have you got the original XP disks?
Posted Image
m0le is a proud member of UNITE

#10 princess1221792003

princess1221792003
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 PM

Posted 25 October 2010 - 07:45 PM

Pretty Sure I Do!!!! I can locate them and list the lables. We gonna start from scratch? LOL

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 25 October 2010 - 07:51 PM

No :lol: , we're going to use them to boot the PC into a safe environment so we can try and fix the probable cause of the non-boot.

Let me know when you have them and list the disks contents too. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#12 princess1221792003

princess1221792003
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 PM

Posted 25 October 2010 - 08:01 PM

Guess that could work too! See how little i know. But I'm still willing to start from scratch if we must.

#13 princess1221792003

princess1221792003
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 PM

Posted 26 October 2010 - 07:14 PM

Found the disk

Operating System - use this CD to reinstall your operating system

system Restoration kit - (says disk 2) operating system restoration program

Applications - use this cd to reinstall selected applications

microsoft works suite 2001 (says disk 4)

intervideo dvd software - for back up purposes

Not sure if the other disk are disk 1, 3, etc..not labled as such

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 27 October 2010 - 06:07 PM

Wait a minute, I wonder if we can first try xPUD on CD instead of using the USB. Maybe your boot order isn't right.

Try this please. You will still need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Click on File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Expand your USB (sdb1)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • If succesful, the script will check all your drivers
  • After it has finished a report will be located in the USB drive as report.txt
Attach the report.txt for my review
Posted Image
m0le is a proud member of UNITE

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 31 October 2010 - 07:52 PM

Hi,

I have not had a reply from you for 5 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users