Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MS REMOVAL TOOL


  • This topic is locked This topic is locked
5 replies to this topic

#1 ornary

ornary

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 14 April 2011 - 07:07 PM

Hi ! I am now using my laptop to do this as my older desktop HP is really sick. Apparently it has the MS REMOVAL TOOL adware/virus/ whatever. I tried to do a system recovery several times and while the menu comes up for that and asks if I can hear music I don't hear music, but the next part is the problem. Menus ask where I am, United States, then something else, then when I click on the Next button the cursor turns into the little hourglass and that is that...all it does is that and it won't go any further. ANY HELP WILL BE GREATLY APPRECIATED, otherwise I think I will buy a black tuxedo and hold a mock funeral to the desktop! Oh, almost forgot, I used CCCleaner and Avast free version which apparently can't stop this malware. Hope to hear from someone with info, later, ornary

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:26 PM

Posted 14 April 2011 - 07:44 PM

Hello and welcome. I moved this to the Am I Infected forum.

Please follow our Removal Guide here Remove MS Removal Tool .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ornary

ornary
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 15 April 2011 - 07:48 PM

Hi! Well, I can't do anything with the computer now because all that comes up is something about 'System fail, insert boot disk and push enter'...I don't have boot disk. I tried recovery but the same thing comes up, can't do anything....thinking about taking it to Staples and letting their guys see if they can do anything with it, BUT will still take any and all advice on fixing it. I did Google boot disk for Windows XP but just can't get it to do anything but tell me to enter disk and push enter. Thanks for answering my post, hoping you are a 'computer guru' and can come up with something, anything, on this. ornary

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:26 PM

Posted 15 April 2011 - 07:58 PM

Ok, I will as someone to look here that specializes in when malware does this. Not sure if it will be tonight.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:26 PM

Posted 17 April 2011 - 10:42 AM

Hello,

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:26 PM

Posted 21 April 2011 - 01:22 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users