Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How toidentify problem


  • Please log in to reply
9 replies to this topic

#1 permasite

permasite

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 11 August 2011 - 10:40 AM

My PC was attacked this morning. As soon as i spotted the problem I immediately shut off the PC. Now it will not restart. it gets to the windows splash screen and then stops and does a real fast blue screen flash with some text that i cannot read, and the restarts again. How do i proceed if i cannot get the computer started? I have tryed to restart under safe mode , but it does the same thing.

What to do?

John G.

BC AdBot (Login to Remove)

 


#2 bludgard

bludgard

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:06:41 PM

Posted 11 August 2011 - 11:41 AM

Do you by chance have your install media at hand and (optimally) an image backup of the drive?

#3 Allan

Allan

  • BC Advisor
  • 8,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:41 PM

Posted 11 August 2011 - 11:52 AM

Let's start at the very beginning. What do you mean your system was attacked? EXACTLY what happened and how did you shut it down?

#4 permasite

permasite
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 11 August 2011 - 12:48 PM

I advance, I would like to thank you for your help. You all are a valuable asset to those of us that dont have the high level of understanding that is required to undo the damages done by the darker side of internet usage. You are the front line against this bs.

To answer your question, and be specific, I was surfing on the internet, using two large flatscreen monitors sitting side by side. IE and Firefox open with multiple windows (and dozens of open tabs in each, across the machine systems normal, and stable). Suddenly I get a popup for one of those fake scan things. Which one, I don't know, I freaked, I have seen this befor.

I tried to close the open file, and that didn't work. I then forced a shutdown by holding in the power button for 5 seconds. The pc powered down in a forced shutdown. Now The CPU will not go through a full restart, and crashes before getting as far as a login screen. I have tried several times to get to safe start up, but I can't get there, to begin using the antimalware software to unscrew myself...

Now when I try to start the machine, I an stuck in this loop that will only get me as far as the windows splash scren for about ten seconds and then it flashes directly to a blue screen with text maybe about 100 word in white font that disappears so quickly that i cannot even begin to read what it says. Then the CPU begins another restart cycle.

I am realizing that I am to blame. I left the front door wide open. I think how the virus/root/whatever got in because my firewall was disabled. I had a trial copy of Dr. Web installed, used it for a month, and then dumped it. To install this, I had to disable other firewalls. Very recently, the trial copy expired, and I removed it from my system. I forgot to reestablish the other fireall(s).

Anyway, I am suddenly screwed. I try to keep the machine tight, but lately I got lax.

There seems to be a problem with the image, when I tried to go that route, it told me that the image was corrupted.

I know this is all bs, but I don't know how to undo where I am at.

I am digging for my software, I have a bunch, so I am not sure what came with this machine

I cannot afford to loose what is on the computer. Some of it is backed up, some is not.

#5 Allan

Allan

  • BC Advisor
  • 8,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:41 PM

Posted 11 August 2011 - 01:48 PM

When the system first boots start tapping the F8 Function key. When you get to the Advanced Boot Options Screen choose "Disable Restart on System Failure". Reboot. That blue screen error should now stay up. Post the entire contents here.

#6 permasite

permasite
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 11 August 2011 - 02:21 PM

Ok,done.

A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first.................
Check to be sure you have adequate disk space............
Check with your hardware vendor.................

Tech info:
*** STOP; 0x0000008E (0xc0000005, 0xb9E74CD4, 0xBA50AF00, 0x00000000)
*** iastor.sys - Address B9E74CD4 base at B9E6c000, Datestamp 44ad174b

can you translate?

#7 Allan

Allan

  • BC Advisor
  • 8,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:41 PM

Posted 11 August 2011 - 02:58 PM

Do you have an XP CD?

#8 permasite

permasite
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 11 August 2011 - 04:20 PM

I do, but I am not sure that is matched with the OS on the PC.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:41 AM

Posted 13 August 2011 - 03:19 AM

Hello again, lets have a look at the drivers here.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert it back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Allan

Allan

  • BC Advisor
  • 8,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:41 PM

Posted 13 August 2011 - 05:20 AM

Well, if you have the correct XP CD we can do a repair installation, but if your system is infected it will still be infected.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users