Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot virus from nowhere....


  • Please log in to reply
No replies to this topic

#1 mrmatt2

mrmatt2

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 13 April 2011 - 07:17 PM

Hi, I am not sure from where this came from, - from what site, but here it sits on my computer..

I have a homebuilt computer, XP OS,
MotherBoardECS Elitegroup A790GXM-AD3

I knew I had a virus as it downloaded a bunch of nasty things, including it stopping MSE from running. There was also the virus "WIN 7 antivirus" running. I hit RKILL 2x to stop everything. I ran spybot, and Malwarebytes. Mal found over 50 items, spybot found a few. Even after this the MSE would not start. Running spybot again, it came up with the one same item as it tried to delete previously - something called MSE overide.

SOoo Malwarebytes told me to reboot, I did, now the computer cycles to boot, but will not boot completely, it goes up to the windows screen just for half a sec then the computer reboots itself. Upon reboots, I see a flicker of a blue screen which I think would give me some info on what is being halted, but is waaay to quick.
Any Safemode option does not work, tries to launch, but reboots. Because of this I cannot put up any log files, etc.

I believe I have a boot virus.

I am able to get to the recovery console, but never dealt with that.
Read the information on the recovery console here at this site, -and on the computer proceeded as far as to it asking "Which windows installation would you like to log onto?" I hit "1" as I only have one OS loaded. ( I do have 2 HD though)

I am thinking the next step would be to type "FIXMBR" then "FIXBOOT".

Is this correct? I need some help here, just a little nervous about doing it and am looking for confirmation.

I did find this comment from browsing - came from hardforum:

FIXMBR grabs the original MBR code from the drive's EEPROM chip and restores it, effectively wiping out anything that might be in there, be it LILO, GRUB, a Windows bootloader, and any possible traces of a virus, etc. When that command is finished, the MBR is as good as it was the moment the drive passed QA testing at the factory.

FIXBOOT restore the native ability for Windows to boot with the NTLDR file and bootloader, simply put.

There's also BOOTCFG which lets you modify boot time parameters just like you can inside Windows by modifying the boot.ini file under Advanced System Properties.

There's also a proper order for the commands if you need to use them from the Recovery Console:

FIXMBR first, then FIXBOOT right after that, then type exit and press Enter to reboot the 'puter.

Hope this helps...




I would greatly appreciate some help or input. You guys have helped me in the past, so to me you are the last word on what to do. If possible I would rather not loose all my data here.


I figure even when this gets fixed, the virus still may be lurking?...another prob.

Thank you very much!

Matt

Also during the infection, my WIN PATROL was telling me new programs were being added and I denied them all. Hopefully this was not a mistake having it delete pertinent things that exist already on my computer (!?)

Edited by mrmatt2, 13 April 2011 - 07:28 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users