Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Issues


  • This topic is locked This topic is locked
21 replies to this topic

#1 rotarydude

rotarydude

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 21 July 2011 - 10:39 AM

I just got that same problem yesterday...I dont know if anyone realizes this, but u cant really do much when ur computer boots up becuz u LITERALLY only have less thn 3 minutes before it shuts down and restarts on its own. I tried running a quick scan but that didnt do much help. Im running out of idea's here...

Edited by hamluis, 21 July 2011 - 08:31 PM.
Split from different topic, sent PM to new OP.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:19 AM

Posted 21 July 2011 - 10:08 PM

Welcome aboard Posted Image

Will it stay up in Safe Mode?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 rotarydude

rotarydude
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 25 July 2011 - 04:51 PM

safe mode doesnt really help at all, i just get a blank dark screen with the safe mode letttering in the corners...when i leave it alone after a couple of moments tho, itll go back to normal desktop mode, but then i get hammered with 15 notifications saying that whatever application cant be completed becuz the system is shutting down, hence thats why its so had to do a virus scan when my desktop boots up because i only have about less than 3minutes until the computer shuts itself down and restarts itself on its own.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:19 AM

Posted 25 July 2011 - 08:08 PM

I'll report this topic to people who deal with this kind of situations.
Hold on there....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:19 AM

Posted 25 July 2011 - 10:01 PM

Hi, :welcome:

Lets give it a try.

We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.bin bs=512 count=1


    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.bin is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.bin
  • Plug the USB back into the clean computer, zip the mbr.bin, and except for the mbr.bin zipped file, post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.bin zipped file must be attached to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 rotarydude

rotarydude
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 25 July 2011 - 10:03 PM

Ok...For the record, i running a Windows XP operating system on a Samsung Q1 Ultra Tablet PC...

*Im

#7 rotarydude

rotarydude
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 25 July 2011 - 10:10 PM

Only one problem...My computer doesnt have a CD Drive, it only has a USB Drive...My other laptop does but my samsung tablet doesnt.

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:19 AM

Posted 25 July 2011 - 10:20 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • The computer must be set to boot from the USB drive
  • In some computers you need to tap F12 and choose to boot from the USB, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.bin bs=512 count=1


    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.bin is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.bin
  • Plug the USB back into the clean computer, zip the mbr.bin, and except for the mbr.bin zipped file, post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.bin zipped file must be attached to your reply.

Please note - all text entries are case sensitive

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 rotarydude

rotarydude
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 12 August 2011 - 11:43 AM

Hey, when i click on the link to download the xpud 0.9.2 it keeps telling me that internet explorer has encountered an error and needs to close =(

#10 rotarydude

rotarydude
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 12 August 2011 - 11:45 AM

Nevermind i got it...ill post u the results soon

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:19 AM

Posted 12 August 2011 - 02:01 PM

:thumbup2:

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 rotarydude

rotarydude
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 13 August 2011 - 09:48 PM

Ok, this is the problem that im having. I downloaded everything as requested, i boot up my sick laptop with the usb, i get to the xpud screen, it asks me what language do i want to proceed in, i put english, and then, afterwards, xpud boots up and goes into dos mode, i dont see a file button and it doesnt let me do any of the requested commmands you specified me to do. Can u help me?

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:19 AM

Posted 13 August 2011 - 10:02 PM

What Operating System is in the computer? 32 0r 64 bit?

At the language just press Enter. Any error message while booting to xPUD? In occasions it is a slow process. Give xPUD more time to boot.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 rotarydude

rotarydude
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 13 August 2011 - 10:12 PM

How could i tell if its a 32 or 64 bit?

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:19 AM

Posted 13 August 2011 - 11:09 PM

At the present state you wont be able to determine if it is 32 or 64 bit. Still having issue with xPUD?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users