Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I tried to get rid of security tool and now my computer won't boot up


  • Please log in to reply
7 replies to this topic

#1 rhiaraye

rhiaraye

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 04 November 2010 - 05:28 PM

I run Windows XP Professiional.

I was having some pop-up problems and was trying to figure out what the problem was. I went out of town before I could fix the problem, and when I returned and tried to resume my repair, Security Tool popped up. I tried following the instructions on this website, and others, to get rid of it, but to no avail. I managed to get into safe mode today to back up some important files, then used the F8 menu on reboot to choose Directory Services Restore Mode, and it booted into safe mode. I couldn't get task manage to come up (all of my desktop icons and task tray are gone no matter which mode I'm in), so I restarted my computer. now, whichever mode I try to boot into, my computer will not come up. When I try to boot into safe mode, it looks like computer freezes in the middle of listing partitions.

Can I fix this myself, or do I need to see professional help? Let me know if more info is needed from me.

Thanks in advance if anyone can help.

Edited by Budapest, 04 November 2010 - 06:02 PM.
Moved from XP ~BP


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:15 PM

Posted 04 November 2010 - 06:57 PM

Do you have the XP Installation CD we can use to create a bootable CD?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 rhiaraye

rhiaraye
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 04 November 2010 - 07:08 PM

I think I have it somewhere, I'll find it.

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:15 PM

Posted 04 November 2010 - 09:08 PM

If found, lets give this a try throughout an External Environment, which simply means you will need to burn a boot CD with especial tools. You will also need a flash drive to move information from the troubled computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Please print this guide for future reference!

Step 1

  • Download the PE Builder to your desktop
    • Double-Click on the PE Builder that you just downloaded to your desktop.
    • Follow all of the instructions/prompts that come up.
  • Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
    • Double-Click on PE Builder.exe located on your desktop.
    • Click NO to Search for Windows Installation Files
    • Make the following selections from the Main Screen that pops up:
    • Builder
    • Source:(path to Windows installation files)
    • Enter the path to the drive where your XP CD is located.
    • You can click on the "..." button on the right to navigate to the path as well.
    • Custom: (include files and folders from this directory)
    • No information is necessary, leave blank.
    • Output:
    • Keep the default
  • Media output
    • Choose Create ISO image
    • Do not choose Burn to CD/DVD
    • Download the RunScanner plugin and save it to your desktop
    • Press the Plugin button on the PE Builder interface
    • Press the Add button and navigate to the location of the RunScanner plugin to install
    • Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner. This is important!!!
  • Please note: If you are using a Windows XP disc with sp2 then highlight RpsSS needs to launch DComLaunch and then press Enable
  • When your done press Close and the PE Builder interface will re-appear
[/list][*]Click on the "Build" button
  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run it's course
  • When the Build is finished you can click close, then exit
[*]Burn your ISO file to CD
  • Please Click Here for information on how to burn an ISO to CD.
[/list]
Step 2

From your clean computer, please download OTLPE.zip from any of the following links:

Link 1
Link 2

Save this file on your desktop, but extract its contents to the Flash Drive.

Plug your flash drive into your sick computer now and do as instructed below..

1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created
  • Insert the CD in the CD/DVD drive.
  • Restart your computer.
    • The computer should choose to boot from the CD automatically.
      Note : For information click here
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on No
  • After BART PE loads, you can chose your screen resolution that fits your monitor by following these steps:
  • Click on Go
  • Then on System
  • Then on Display
  • Then on Screen Resolution
  • Select the resolution that fits your monitor.
Then follow these steps to run OTLPE.
  • Click on Go
  • Select Programs
  • then A43 File Management Utility
In A43File Management you should be able to see your flash drive
  • Navigate to the OTLPE folder that you saved to your flash drive.
  • Open the OTLPE folder and double click Start.cmd.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in


      /md5start
      UXTHEME.DLL
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:15 PM

Posted 04 November 2010 - 10:08 PM

Just a note that I have moved this topic to here in Virus, Trojan, Spyware, and Malware Removal Logs,where it will stay.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 rhiaraye

rhiaraye
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 06 November 2010 - 12:13 PM

PE Builder said the ISO image was not created because I must fix the errors, but I don't know what any of them mean. Here are the errors and warnings from the log file:

PE Builder 3.1.10a
Copyright © 2002-2006 Bart Lagerweij. All rights reserved.
Running OS Version: 6.1.7600
Source product is: Windows XP Professional
CD-Rom name is: Windows XP Professional Service Pack 3 CD
Microsoft Product Code: 76487
Product channel ID is: OEM
Warning: building from an OEM version of Windows can mean trouble...
Source build: 2600
Build process started
Removing directory: C:\pebuilder3110a\BartPE2
Directory removed: C:\pebuilder3110a\BartPE2
Building registry
Directory created: C:\PEBUILDER3110A\BARTPE2\I386
Directory created: C:\PEBUILDER3110A\BARTPE2\I386\SYSTEM32
Directory created: C:\PEBUILDER3110A\BARTPE2\I386\SYSTEM32\CONFIG
Copying file "F:\I386\setupreg.hiv" to "C:\PEBUILDER3110A\BARTPE2\I386\SYSTEM32\SETUPHIV"
Opening/creating the registry hives
Removing existing hive files
Loading: C:\PEBUILDER3110A\BARTPE2\I386\SYSTEM32\setuphiv
Error: loadKey() failed:

Error: closeHive() failed: RegUnLoadKey (key="PEBuilder.exe-C:/PEBUILDER3110A/BARTPE2/I386/SYSTEM32/CONFIG/petmphive") returned error 0: Access is denied.

Error: DeleteFile() "C:\PEBUILDER3110A\BARTPE2\I386\SYSTEM32\CONFIG\petmphive" failed
Error: DeleteFile() "C:\PEBUILDER3110A\BARTPE2\I386\SYSTEM32\setuphiv" failed


Warning: File "iastor.sys" not found
Warning: File "A320RAID.SYS" not found
Warning: File "aac.sys" not found
Warning: File "cercsr6.sys" not found
Warning: File "afamgt.sys" not found
Warning: File "aarich.sys" not found
Warning: File "nvgts.sys" not found
Warning: File "nvrd32.sys" not found
Warning: File "symmpi.sys" not found
Warning: File "megasas.sys" not found
Warning: File "sisraid4.sys" not found
Warning: File "ahcix86.sys" not found
Builder has stopped because there are 2 build errors
ISO image is not created, you must fix the errors!
Building done...
There where 2 errors and 13 warnings

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:15 PM

Posted 06 November 2010 - 10:12 PM

The problem is due to the XP CD that is custom made for your computer. Lets try another tool to check the system's drivers:

You will need a USB drive and a CD to burn.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert it back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:15 PM

Posted 07 November 2010 - 10:44 AM

In regard to PE BUilder, please follow these steps:

Download and install ISO Buster. Run IsoBuster

  • Place your OEM install disc in the CD_ROM drive
  • In ISOBuster, choose the Iso disc
    Posted Image
  • Right click on it and select Extract (The name of the folder will appear also)
  • Point it to the desktop
  • Use this folder on your desktop as the source of the XP CD files in PEBuilder

Let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users