Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 won't boot after using TDSS Killer - NEW (tried all options: repair, boot, chkdsk)


  • This topic is locked This topic is locked
44 replies to this topic

#1 mestacknow

mestacknow

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 February 2011 - 01:18 AM

Hi,

trying to start W7 after killing TDSS (similar to post with same topic), i am getting this message just before login screen (animation of w7 logo start) and than BSOD hit with message below:

-----------------------------------

A problem has been detected and windows has been shut down to prevent to your compter.

If this is first time you've seen this step Stop error screen, restart your computer. If this screen appears again, follow these steps.

Check for viruses on your computer. Remove any newly installed hard drives controllers. Check your hard drive to make sure it is properly configured and terminated.
Rub CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical information:

*** STOP: 0x0000007B (x80786B58,0xC000000D, 0x00000000, 0x00000000)

------------------------------------

had a fight on three laptops, and crash my new with w7 which really disappoint me big. well, last two days reading posts from microsoft, bcomputer etc. about this problem and frankly i am not sure what to do?

talking about problem on this machine: notebook lenovo g560 (0679), w7 home premium, 1 hdd, 1 dvd/cd

unfortunately didnot made recovery image :( i know it'll save my time and as my second lenovo this situation frustrating me because i think virus migrate from oldest laptop through 2nd lenovo to this new one, from xp through vista till w7! - anyway, following instructions on various posts i tried:

1.
startup repair

2.
system restore

3.
windows memory diagnostic (no errors)

4. (command prompt)
chkdsk /f /r /v on all partition

5.
boot check

6.
partition check


to summ, no errors, clusters, bad sectors ....etc - yes i have partitions with OS and drivers as well and seems to look everything ok, but i am not sure what i miss to check, my head is blowing at the moment because there is some work over my head and this problem ticking my time

there is one more option that i try, from command prompt i jump on partition x:\ and start setup w7 with both options:

A.
reach to install w7 screen try repair from there with no success

B.
try to install w7 from disk (pre-install partition x:\ ), successfully start setup but: ....ran into problem when asked for drivers for cd/dvd (see message below)

----------------------

A required cd/dvd drive device driver is missing. If you hve a driver floppy disk, cd, dvd, or usb flash drive, please insert it now.
note: if the windows installation media is in the cd/dvd drive, you can safely remove it for this step.

----------------------


if there is somebody to helpme ASAP or anytime soon to discuss this problem.

thanx

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:58 PM

Posted 28 February 2011 - 02:02 AM

Hi,

I'm going to assist you with your problem.

Do you have a Windows 7 x64 bit or x86 bit system?

Edited by elise025, 28 February 2011 - 05:34 AM.
Moved as requested


#3 mestacknow

mestacknow
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 February 2011 - 08:45 AM

windows 7 x32 home premium

sorry for delay wasn't here

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:58 PM

Posted 28 February 2011 - 11:49 AM

No worries about the delay.:)

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Boot Menu:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter.
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#5 mestacknow

mestacknow
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 February 2011 - 12:14 PM

thanx

i got it, i'll be back

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:58 PM

Posted 28 February 2011 - 12:23 PM

:thumbup2:

#7 mestacknow

mestacknow
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 February 2011 - 01:59 PM

okay did as you said, here is txt attached (way to big to post it)

i did check file as well, and now i am seeing that "KMservice.exe" is stil on the disk, .....i found on some article that is virus and one of the avirus soft that i ran report this as a critical threat. nesting in win root directory, and have few other connected/related "KMService; C:\windows\system32\srvany.exe" - (this one i can't remeber being reported by any of 4 avirus that i ran for days)

anyway, what next? :cold:

Attached Files


Edited by mestacknow, 28 February 2011 - 02:01 PM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:58 PM

Posted 28 February 2011 - 04:11 PM

Well done. :thumbup2:

Before doing anything please tell me the following:

trying to start W7 after killing TDSS (similar to post with same topic)

What do you exactly mean by killing TDSS, how do you know you had TDSS and how did you kill it?

#9 mestacknow

mestacknow
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 February 2011 - 04:34 PM

Thanx

I did w webroot scan, and got report "trojan gen tdss virus" after cleaning i had to reboot, which i did and i did scan again. Virus was stil there (checking path) try to delete straight-no success and change name/extension - no success. Than i dig on the net and find some small soft (cant rember name) that have 30 days full version n after you have to purchase. Test it n it work, reboot few times no prob. I left for a while machine n come back n since 26th my machine is down, mestack

#10 mestacknow

mestacknow
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 February 2011 - 04:37 PM

To add on the reported name of tdss "v4 virus" and cant remember exact this name but something like "arialius" i think

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:58 PM

Posted 28 February 2011 - 04:50 PM

Okay let's try this one first:

We need to fix some of the entries that FRST has found.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

cmd: bootrec /FixMbr
Disableservice: KMService

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Then reboot and tell me how far the system goes.

#12 mestacknow

mestacknow
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 February 2011 - 05:18 PM

i got it, thanx, follow instructions (plz see attachment), yeah we disable KMS

now, i reboot machine, and crash (reboot) at same point just before w7 logo ani finishing, BSOD....etc

hmmm, i am here B)

ps what we do about this file "KMService; C:\windows\system32\srvany.exe" (this is line from FRST.txt) - is this related to KMS, why i am asking? - i had some type of infection before this 'event' that i deleted partly manually and rest of via avirus soft til i got zero virus report. while i fight those i realize that viruses multiplying in "win\temp" and "win" i sucesfully delete all of them. i am afraid that KMS is not mother of those or one of those.

Attached Files


Edited by mestacknow, 28 February 2011 - 05:20 PM.


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:58 PM

Posted 28 February 2011 - 05:29 PM

Please post the fixlog.txt

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:58 PM

Posted 28 February 2011 - 05:31 PM

Please don't edit your post to avoid reposting and confusion. I saw the log. Thanks.

I'll answer all your question later on. This is a complicated situation after multiple infection, running many tools, deleting files, restoring with system restore, etc. :)

Okay we made sure of that even though the system goes far enough that the boot problem is not related to MBR.

We are going to disable all the extra security programs and reboot again.

We need to fix some of the entries that FRST has found.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Disableservice: Oasis2Service
Disableservice: SASDIFSV
Disableservice: SASKUTIL
Disableservice: szkg5
Disableservice: szkgfs
Disableservice: szserver
Disableservice: is3srv
HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE  (Microsoft Corporation)[262656 2009-07-13]
cmd: bcdedit /enum all

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now reboot and tell me how it went. In case the system didn't boot tell me if you have the Windows DVD.

#15 mestacknow

mestacknow
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 February 2011 - 05:53 PM

ok i got it,follow instr, no changes, everything same

no i did not get w7 DVD with machine, these models deliered with preinstalled w7 on hdd, (i think x:\ partition) and another partition are drivers (i think d:\ partition), not sure

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users