Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mup.sys hang + virus combo


  • Please log in to reply
1 reply to this topic

#1 dobraf

dobraf

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 04 February 2011 - 02:57 PM

Background:
A few days ago my fiancee tried to download a free ebook. She got a virus or two that wreaked havoc on her laptop (Dell Studio XPS). We tried a number of solutions suggested here and on other sites, such as anti-virus programs, anti-spyware programs, registry fixers, and so on. But the problem persisted. An online description of one of the trojans we found said that it runs in the background and downloads other trojans. This was so disheartening that we decided to just reinstall Windows.

The problem was that she had a ton of stuff that she wanted to keep. A large chunk of that was a twelve-DVD set of very very expensive professional videos that we don't have the originals for. The folder that had these videos was something like 32 gigs. We can't afford to lose those.

Yesterday, I consolidated all her files into three folders. I zipped two of them so I could transfer them safely to another comp. Then I zipped the large one which took about an hour. I wanted to see if zipping made it small enough to transfer onto my iPhone (using Macroplant's iPhone Explorer). So I right-clicked on the zipped file to go to properties. Only when I right-clicked, the computer locked up. I gave it 15 minutes to think about things, but nothing changed. So I hard-rebooted. That's when the mup.sys hang showed up.

Problem:

From powering on the computer, I only have a few roads I can take. Some of them fork into others. Here's the result of each road that I've traveled.

(I.) Do nothing at power-up - given five options
.....(a.) Safe Mode - mup.sys hang
.....(b.) Safe Mode with Networking - mup.sys hang
.....(c.) Safe Mode with Command Prompt - mup.sys hang
.....(d.) Most recent configuration that worked - stuck on windows splash screen
.....(e.) Start windows normally - stuck on windows splash screen

(II.) Press F12 at power-up
.....(a.) Press any key to boot from CD..
..........(1.) Do nothing - takes me to (I) above
..........(2.) Pressing any key - starts loading from CD
...............(A.) Do nothing - loads all the drivers for a few minutes then goes to Blue Screen of Death
...............(B.) Press F6 to load a RAID driver - pressing F6 repeatedly does nothing
...............(C.) Press F2 to run Automated Sytstem Recover - prompts me to insert Windows ASR disk

(III.) Press F2 at power-up
.....(a.) takes me to BIOS.

_______________________________

So I can't figure out a way out of this. The only NON-Dead End is the ASR disk option, which I don't have. My google searches tell me that I need a floppy drive anyway, so even this may be a dead end. Alas, I'm at my wits' end. Any help you can provide would be greatly appreciated.

EDIT: I'm aware that it was probably the registry cleaners that screwed up the registry. I'm also aware that I screwed up by not making a backup of the registry before "cleaning" it. However, I don't even see how I would now fix the problem even if I had a disk of all the backups in hand.

Edited by dobraf, 04 February 2011 - 03:01 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:21 AM

Posted 05 February 2011 - 04:13 AM

Hello,

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users