Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS Removal and XP won't Boot


  • Please log in to reply
15 replies to this topic

#1 bezaki

bezaki

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 24 November 2010 - 12:29 PM

Hello,

My computer running XP picked up TDSS problem. I used TDSS removal tool from Symantec, which appeared to take care the problem; but after using tool now computer will not boot completely. It starts and I get to the Start Up Dell screen with F2 Setup and F12 Boot Menu options, and then it goes to screen that shows Bios version and system, gives a "Diskette drive 0 seek failure" (computer doesn't have a diskette drive) and hangs.

Help!

Thanks!

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:39 PM

Posted 24 November 2010 - 03:38 PM

An expert Malware Response Team member will be along to assist you when possible.

Sit tight and please be patient.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:39 AM

Posted 25 November 2010 - 05:57 AM

Hi bezaki, do you have your XP install CD?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 bezaki

bezaki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 21 December 2010 - 06:38 PM

Hi Elise,

Sorry for delayed response...away for Thanksgiving.....But home for Christmas/New Years!

Yes, I have XP install CD.

Bill

#5 bezaki

bezaki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 03 January 2011 - 03:51 PM

Just checking in. It's been quite awhile since my last response (12/21). Is Elise on holiday?

Thanks!
Bill

#6 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:39 PM

Posted 03 January 2011 - 04:02 PM

You have been very patient!

I will PM Elise on your behalf to make sure she is aware that you are still waiting.

Sit tight.

Edit: In future, please feel free to PM a staff member if you appear to have been neglected.

Edited by AustrAlien, 03 January 2011 - 04:04 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#7 bezaki

bezaki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 03 January 2011 - 04:04 PM

AustrAlien,

Many thanks!

Bill

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:39 AM

Posted 03 January 2011 - 04:22 PM

I'm so sorry, because my last reply in this topic was more than a month ago (25 november), this topic did no longer show up in My Content. Hence I did not see your reply.

  • Insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.

  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your XP-CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
  • When prompted to choose a windows installation, type 1 and press enter.
  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open
Type fixmbr and press enter

Type exit and press enter to reboot. Let me know how things are running now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 bezaki

bezaki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 03 January 2011 - 04:26 PM

NP, thanks for getting right back to me. I figured it was something like that; or maybe that you were able to get away for the holidays! I'll give it a try and let you know.

Thanks!
Bill

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:39 AM

Posted 03 January 2011 - 04:34 PM

Okay! :thumbup2:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 bezaki

bezaki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 03 January 2011 - 04:59 PM

Elise,

Everything works great up to the point for the Admin password; which unfortunately I can't remember (it's not blank, as I tried hitting enter) Do you have any brillant way to figure out what an admin password is?

Bill

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:39 AM

Posted 04 January 2011 - 02:44 AM

How did you normally log on to your computer? Did you have to type a password?

Edited by elise025, 04 January 2011 - 02:45 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 bezaki

bezaki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 04 January 2011 - 08:36 PM

Hey Elise,

Yeah, I figured that out last night. Although I didn't remember an Admin password, I figured my user must have admin rights; and that did work!

I'm happy to report that your instructions were right on the mark! Computer now boots corretly; and although the tool from Symantec did a little more than I bargained for; it did take care of the re-direct issue.

You are awesome, Elise! Thanks for your help!

Bill

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:39 AM

Posted 05 January 2011 - 03:08 AM

Hi Bill, in fact the command we executed did fix the infection: most likely the computer's Master Boot Record was infected with the TDL4 rootkit. The fixmbr has overwritten the malicious code, and thus the redirects are gone.

Please let me know if you need any more help.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 bezaki

bezaki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 05 January 2011 - 12:42 PM

Hi Elise,

Interesting to know....I'm just glad that you are smarter than me on all this stuff!

Many thanks!
Bill




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users