Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista: Trojan corrupted hard drive, continually reboots


  • This topic is locked This topic is locked
56 replies to this topic

#1 WillN

WillN

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 12 December 2010 - 11:20 AM

Specs:
Gateway FX541S - Tower - 1 x Core 2 Quad Q6600 / 2.4 GHz - RAM 3 GB - HDD 1 x 500 GB - DVD?RW (?R DL) / DVD-RAM - GF 8600 GT - Gigabit Ethernet - Vista Home Premium - 32 bit

These are the specs I got of Amazon because I cant even boot up this computer right now. They sound right.

Last night my antivirus(advira)popped up saying I had a Trojan and immediately started a full system scan. A few seconds later Windows crashed and when I rebooted I got these Errors:

Critical Error
Damaged hard drive cluster detected. Private data is at risk.

Critical Error
RAM memory usage is critically high, RAM memory failure.

Critical Error
Hard drive not found. (The rest of the Error is illegible to me, i took a bad picture. It looks like: Locating hard drive)

Then I get a pop up from windows saying: Windows a hard disk problem. It tried to repair it; windows later crashed again. I tried to get the computer into safe mode by pressing F8 at the start up, but safe mode wouldn't boot up when I clicked it. It just booted up in normal mode. I went into the boot up menu, and did a system restore, using a restore point from about 5 days back. It worked and I thought everything was fine; there were no more error pop ups. Then I tried addressing the problem of the virus. I ran MSconfig, put the computer into safe mode. This is where my problem now lies. The computer keeps on trying to boot up, but returns to the original page, just as if I had restarted the computer. It stops at the windows loading screen and then the boot process starts all over again.

Is there a fix for this or am I looking at dropping 200 bucks for windows 7. Will that even help? Please get back to me. Thanks.

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:01 AM

Posted 13 December 2010 - 02:13 PM

Hi WillN,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

Please tell me if you can use F8 key to get to Advanced Boot Options.
Also tell me if you have a Windows Vista installation DVD.

#3 WillN

WillN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 13 December 2010 - 05:26 PM

Farbar,
F8 did direct me to the standard Advanced Boot screen. To my knowledge I do not have a Vista installation CD and worse, my CD drive doesn't currently work, although I will buy one if it allows me to fix the problem.
Thanks

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:01 AM

Posted 13 December 2010 - 06:20 PM

F8 did direct me to the standard Advanced Boot screen.

So far so good. Please tell me if you this option is listed there:

Repair your computer

If yes and you can select it to boot to the System Recovery Options, from there we can fix it and don't need a Vista DVD.

Edited by farbar, 13 December 2010 - 06:22 PM.


#5 WillN

WillN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 13 December 2010 - 06:26 PM

Ok, it's there. Click on it?

#6 WillN

WillN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 13 December 2010 - 06:43 PM

After reading your last post again, I clicked on it, selected a US keyboard, and now I have an option asking what account i should log on to. I assume mine since i don't have a admin password to log in with.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:01 AM

Posted 14 December 2010 - 05:45 AM

Sorry I waited for your reply for a while but got to go to sleep as it was too late over here.

We can do many things from there.:)

We are going to make a back up of the boot file to play it safe just in case we wanted to restore it and then remove the safe boot value from the boot file.

Select your account and go to next to get the System Recovery Options.
Select Command Prompt.
Type in the following lines one by one in the command window exactly as it is and press Enter after each line . Make sure you type them right and make sure of the spaces. (after pressing Enter you should get notified that operation completed successfully):

bcdedit.exe /export c:\bcdback
(Note the space between bcdedit.exe and /export and c:\bcdback)

bcdedit.exe /deletevalue safeboot
(Note the space between bcdedit.exe and /deletevalue and safeboot)

Close the command prompt and restart. You should be able to boot to normal mode.
Let me know if you are there and we clean the computer from there.

#8 WillN

WillN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 14 December 2010 - 11:03 AM

The first operation was completed successfully. However when I entered bcdedit.exe /deletevalue safeboot, it says, 'An error occurred while attempting to delete the specified data element. Element not found.'

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:01 AM

Posted 14 December 2010 - 11:18 AM

OK. Now try this one please:

bcdedit.exe /deletevalue {current} safeboot

#10 WillN

WillN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 14 December 2010 - 02:08 PM

Same error message as before.

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:01 AM

Posted 14 December 2010 - 02:37 PM

I had to sort this out. This time it should work:

bcdedit.exe /deletevalue {default} safeboot

After reboot tell me if you want me to assist you to remove the infection.

#12 WillN

WillN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 14 December 2010 - 02:55 PM

It booted up! Thank you. I would like help in cleaning up my computer.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:01 AM

Posted 14 December 2010 - 03:01 PM

Well done and you are welcome. :thumbup2:

We need a set of logs.

  • Please perform the following scan:
    • Download DDS by sUBs from the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run. When done it will open two logs:
      • DDS.txt
      • Attach.txt
    • Copy and paste the logs to your reply.
  • Download the GMER Rootkit Scanner exe file from here and save it to your desktop.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
    • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
    • Save the file as gmer.log and copy/paste the contents in your next reply.


#14 WillN

WillN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 14 December 2010 - 03:16 PM

I will post it tonight but it might be late because of the time difference. Thank you.

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:01 AM

Posted 14 December 2010 - 05:28 PM

No problem. I'll look the logs over tomorrow. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users