Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected, windows won't boot


  • This topic is locked This topic is locked
38 replies to this topic

#1 spants

spants

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 30 January 2011 - 02:27 PM

Hi All,

I think I am having a similar problem as I had before, http://www.bleepingcomputer.com/forums/topic298744.html/page__p__1666869__fromsearch__1#entry1666869

Except I don't know what virus I have. My Internet Explorer was acting up. When I searched something on google and clicked on a result I was redirected. I ran Malware, Spybot, and had been running Avira.

I ran a number of scans which picked up some things but apparently not all. My PC went blank yesterday. I tried initiating explorer through Task Manager but wouldn't run. Now when I boot my PC it restarts when windows tries to load. Have tried Safe Mode and Last Known Good Configuration with no luck. Am running Windows XP Pro.
Steve

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,830 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:17 PM

Posted 04 February 2011 - 03:11 AM

Hello Steve,

We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 spants

spants
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 05 February 2011 - 10:10 AM

Elise,
1st, I want to thank you for responding.

2nd, good news/bad news: I remember what the virus was, it was dropping a messenger.exe file on my system and for some reason my antivirus and adware was unable to completely remove it. The bad news is I have also found the virus on the laptop I am using to write this.

3rd and in response to your request:

TOP: c000021a {Fatal System Error}
The Windows Logon Process system process terminated unexpectedly with a status of
0xc0000034 (0x00000000 0x00000000).
The system has shut down.

Best,
Steve

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,830 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:17 PM

Posted 05 February 2011 - 10:39 AM

Hi again, this is not related to messenger.exe, but most likely an infected explorer.exe and winlogon.exe

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -f
  • Press Enter
  • Type the following filenames (repeat the process for both files).

    explorer.exe
    winlogon.exe


  • Click the General tab and then click Power Off. Only after xPUD has shut down, remove the USB drive and insert it back in your working computer and navigate to filefind.txt

    Please note - all text entries are case sensitive
Copy and paste the filefind.txt for my review

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 spants

spants
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 05 February 2011 - 12:01 PM

I think there has been a problem. I followed the burn and download instructions just fine but the things you described didn't happen when I booted the sick computer. I pressed f12 and the PUD screen eventually came up with a list of languages to select. I wasn't able to toggle through or select anything. A note at the bottom read "automatic reboot in 1 seconds" It then seemed to boot differently, I'm assuming reading the USB. The last two lines read:
sh: no job control in this shell
sh-4.0# 56

FYI the clean computer is Windows 7 and the sick one is XP pro.

Edited by spants, 05 February 2011 - 12:04 PM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,830 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:17 PM

Posted 05 February 2011 - 12:12 PM

At the language screen you are not supposed to be able to move anything. Can you try to boot from the CD on your working computer and see if that works? If not, it may be a burn error.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 spants

spants
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 05 February 2011 - 12:47 PM

The clean pc had the language screen as well. Then it proceeded through that same modified boot process and seemed to get hung up at the same point. Ran entire process again. Burned new disc. After I press F12 there are no prompts. PUD Welcome screen appears with language options. Gets hung up at same point. No File or mnt options.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,830 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:17 PM

Posted 05 February 2011 - 12:55 PM

I think the program didn't correctly download the iso file. Try it like this instead (this will create a bootable USB drive instead of CD).

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 spants

spants
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 05 February 2011 - 01:08 PM

I followed your instructions and started the sick pc up with the USB in the drive but how to I get it to boot from the USB. Do I need that driver.sh still?

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,830 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:17 PM

Posted 05 February 2011 - 01:14 PM

Yes, the rest of the steps remain unchanged. So, you need to copy driver.sh to your usb drive.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 spants

spants
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 05 February 2011 - 01:23 PM

I press F12 and it continues to proceed to boot normally. Do I need a cd in the drive?

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,830 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:17 PM

Posted 05 February 2011 - 01:35 PM

Strange, didn't the boot menu options come up as earlier with the CD?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 spants

spants
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 05 February 2011 - 02:05 PM

I never received boot menu options. It just went to the PUD welcome screen. The only options I get now are which windows version to boot to (Safe Mode, etc.).

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,830 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:17 PM

Posted 05 February 2011 - 02:33 PM

I think your boot order was already set to CD. When the computer starts do you see something like "press X for boot menu"?

X can be F11, F12, Del for example.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 spants

spants
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 05 February 2011 - 02:45 PM

I see "press DEL to run setup" and "TAB to display BIOS POST message" at the flash screen when I first boot.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users