Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Recovery Virus - Startup Problem after MBAM


  • This topic is locked This topic is locked
2 replies to this topic

#1 Joel.I

Joel.I

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 23 April 2011 - 09:47 AM

Hello All,

I am having terrible trouble with this malicious virus/malware.

My laptop was infected when my wife downloaded a file or browsing something on the web. I was delighted to find this helpful site after searching for a way to remove it. I followed the instructions as shown below:

http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery

It took a while but after disabling it with RKill, I downloaded MBAM onto a CD (had to do that on a separate computer as I did not want to connect to the internet). Anyway, MBAM found six problems which I removed as instructed. However, after the restart I was disappointed to find the Windows Recovery Virus still in situ. Assuming I may not be using the latest version of MBAM, I went throught the same RKill process but this time connected the laptop to the internet to get the latest version of MBAM. Anyway, after doing the scan it found 12 problems which I removed as per the instructions. After that as per the instructions I allowed the reboot. It was going OK and a blank blue screen appeared; after some time it started the start up process again. The message displayed is as follows:

We apologize for the inconvenience, but Windows did not start successfully. A recent hardware or software change might have caused this.

If your computer stopped responding, restarted unexpectedly, or was automatically shut down to protect your files and folders, choose Last Known Good Configuration to revert to the most recent settings that worked.

If a previous startup attempt was interrupted due to a power failure or because the Power or Reset button was pressed, if you aren’t sure what caused the problem, choose Start Windows Normally.

Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt
Last Known Good Configuration (your most recent settings that worked)
Start Windows Normally

Use the up and down arrow keys to move the highlight to your choice.
Seconds until Windows starts: 28


I have tried all the options listed above but nothing seem to work. It starts the process as normal, the Windows XP logo comes up and then it returns to the above screen. All options above result in the same process. Pressing F8 freezes the process.

I am desperate to get my laptop back (Compaq Presario 2710CA). I run a small business from home and all my accounting software and business information is held in this computer.

Can someone please please help me?

Thanking you in advance for your help.

Joel

Edited by Joel.I, 23 April 2011 - 09:48 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:59 PM

Posted 29 April 2011 - 02:06 AM

Hi Joel,

We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:59 PM

Posted 07 May 2011 - 10:23 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users