Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

data erased - boot device


  • This topic is locked This topic is locked
3 replies to this topic

#1 grey area

grey area

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 06 February 2011 - 10:43 PM

Ok, my data was completely erased or at least i hope not. when I was scanning for a rootkit with gmer.exe, all of a sudden it said on the side bar that all my data for local drive C was lost and it shutdown on me. All i was doing was doing step 6-9 for Preparation Guide For Use Before Using Malware Removal Tools and Requesting Helpwhich was for to get help with the redirect virus. now everytime i turn it back on there is no device to boot. I knew i had the google redirect virus and a rootkit that did not want to be found. i tried to scan for rootkits with spyware doctor but all i got was error messages. When I used gmer.exe the scan wouldn't finish and when i tried to scan it again with gmer.exe that's when hell broke loose, my entire computer gone with an instant. Is my data still retrievable? I know there must have been a hacker. Even though my data is loss do they still have access to my data? do i have to go to the extent of changing our social security number? right now im worried about my personal information. i am changing all my passwords now. im not sure what kind of root kit it was but all i know is that is started with damn redirect virus. is there any advice or information anyone can give me? i will take any answer PLEASE. For anyone with the redirect virus NEVER ASSUME just because the symptoms are gone that you are fine. get a very indepth analysis from a professional. i don't know how they were erase my data, i hope its still retrievable for me and anyone with advice PLEASE REPLY.

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,835 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:17 PM

Posted 10 February 2011 - 02:38 AM

Hello, while I can give no guarantee, we can at least try and see if things can be fixed. :)

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,835 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:17 PM

Posted 23 February 2011 - 06:29 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,835 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:17 PM

Posted 23 February 2011 - 06:40 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users