I have a homebuilt computer, XP OS,
MotherBoardECS Elitegroup A790GXM-AD3
I knew I had a virus as it downloaded a bunch of nasty things, including it stopping MSE from running. There was also the virus "WIN 7 antivirus" running. I hit RKILL 2x to stop everything. I ran spybot, and Malwarebytes. Mal found over 50 items, spybot found a few. Even after this the MSE would not start. Running spybot again, it came up with the one same item as it tried to delete previously - something called MSE overide.
SOoo Malwarebytes told me to reboot, I did, now the computer cycles to boot, but will not boot completely, it goes up to the windows screen just for half a sec then the computer reboots itself. Upon reboots, I see a flicker of a blue screen which I think would give me some info on what is being halted, but is waaay to quick.
Any Safemode option does not work, tries to launch, but reboots. Because of this I cannot put up any log files, etc.
I believe I have a boot virus.
I am able to get to the recovery console, but never dealt with that.
Read the information on the recovery console here at this site, -and on the computer proceeded as far as to it asking "Which windows installation would you like to log onto?" I hit "1" as I only have one OS loaded. ( I do have 2 HD though)
I am thinking the next step would be to type "FIXMBR" then "FIXBOOT".
Is this correct? I need some help here, just a little nervous about doing it and am looking for confirmation.
I did find this comment from browsing - came from hardforum:
FIXMBR grabs the original MBR code from the drive's EEPROM chip and restores it, effectively wiping out anything that might be in there, be it LILO, GRUB, a Windows bootloader, and any possible traces of a virus, etc. When that command is finished, the MBR is as good as it was the moment the drive passed QA testing at the factory.
FIXBOOT restore the native ability for Windows to boot with the NTLDR file and bootloader, simply put.
There's also BOOTCFG which lets you modify boot time parameters just like you can inside Windows by modifying the boot.ini file under Advanced System Properties.
There's also a proper order for the commands if you need to use them from the Recovery Console:
FIXMBR first, then FIXBOOT right after that, then type exit and press Enter to reboot the 'puter.
Hope this helps...
I would greatly appreciate some help or input. You guys have helped me in the past, so to me you are the last word on what to do. If possible I would rather not loose all my data here.
I figure even when this gets fixed, the virus still may be lurking?...another prob.
Thank you very much!
Also during the infection, my WIN PATROL was telling me new programs were being added and I denied them all. Hopefully this was not a mistake having it delete pertinent things that exist already on my computer (!?)
Edited by mrmatt2, 13 April 2011 - 07:28 PM.