Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't boot after running TDSSkiller


  • Please log in to reply
15 replies to this topic

#1 Alfador

Alfador

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 09 November 2010 - 04:12 PM

Hey guys. I am having this same exact problem. After running tdskiller and "curing" the issue it asked to reboot so I did. Now it BSODS every time. I made the same attempts as Oniamian to no avail. I also tried the bootrec/fixmbr with no effect.

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:05 PM

Posted 09 November 2010 - 04:23 PM

Hi, did you run these steps?

Type the following and press enter after each line. Make sure to put the space between bootrec and /fixmbr

c:\

bootrec /fixmbr

exit

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Alfador

Alfador
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 09 November 2010 - 05:13 PM

Firstly sorry for the breach of etiquette. I was merely trying to raise awareness or lend credibility to the issue or something.

When I type c:\ it says it is not recognized as an internal or external command etc. C is my primary drive name. When I type h:\ it says it can't find the drive specified. I don't have an h drive I just wanted to see if it said something different.

Thanks for the help!

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:05 PM

Posted 10 November 2010 - 03:09 AM

Try this:

cd c:\

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Alfador

Alfador
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 10 November 2010 - 07:48 AM

Darn it didn't work. It accepted cd c:\ but didn't return anything and was still in x:\ afterwards. Went ahead and tried the bootrec command and it said "the operation completed successfully" but same problem upon restarting.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:05 PM

Posted 10 November 2010 - 08:11 AM

Please type map and press enter. Let me know what is returned.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Alfador

Alfador
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 10 November 2010 - 08:24 AM

Just "map" in the x:\? When I just type map it says it isn't recognized as a command.

#8 Alfador

Alfador
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 10 November 2010 - 11:48 AM

Reading some other threads it seems that mbr has been hijacked and the way others have fixed it is with testdisk but I am unsure of how to run/get testdisk on my system in the state it is in.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:05 PM

Posted 10 November 2010 - 12:16 PM

Hi, lets try testdisk and get a log first.

Try this please. You will need a USB drive and a CD to burn.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Download xPUDtestdisk.exe and save it to the USB device
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • In xPUD, click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter
  • The TestDisk command window will open
  • Choose Create and press Enter
  • TestDisk will now detect all local hard drives
  • Use the arrow (up and down) keys to highlight the disk called /dev/sda if it represents your primary hard drive and press Enter
  • If your not sure then note everything you see and post it for my review
  • Select [Intel] and press Enter
  • Select [Analyse] and press Enter, then press Enter again to run a [Quick Search]
  • When complete, press Enter to continue, then select [Deeper Scan] and press Enter.
  • When the deeper search completes, press Q repeatedly until TestDisk closes.
  • Close the Terminal Window
  • Remove the flash drive and put it back in the working computer, then post the contents of (or attach) the testdisk.log file on the flash drive.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Alfador

Alfador
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 10 November 2010 - 01:03 PM

When I type testdisk/testdisk_static it says no such command what am I doing wrong?

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:05 PM

Posted 10 November 2010 - 01:05 PM

Make sure you are in the folder where the Testdisk files are extracted when accessing the terminal.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Alfador

Alfador
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 10 November 2010 - 01:16 PM

Never mind. I needed to extract the testdisk files on my good computer. Wouldn't do it in xpud.

#13 Alfador

Alfador
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 10 November 2010 - 03:22 PM

Attached File  testdisk.log   3.64KB   7 downloads

I have made the problem more interesting now by rewriting the mbr from testdisk. This log is from after that action was taken. Now when it tries to boot it gives the code 0xc00000e and just asks for the repair disk to be installed. Not the most brilliant move on my part. What next?

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:05 PM

Posted 10 November 2010 - 03:40 PM

At what point does this happen? Do you see your HD (usually sda1 or sda2 in xpud)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Alfador

Alfador
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 10 November 2010 - 03:52 PM

Yeah it is still there. Can still see the files and everything. Instead of the Windows logo before blue screen now it goes to a black and grey screen saying that Windows can't boot and to insert the repair cd.

I generated the log after I rewrote the mbr. I can still get into the BIOS and xpud just fine.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users