Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blinking Cursor on boot up


  • This topic is locked This topic is locked
3 replies to this topic

#1 please_help

please_help

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 22 August 2011 - 11:34 AM

Hello folks,

Thank you firstly for any help on this - I'm at my wits end trying to sort it out.

DO NOT CLICK THIS LINK law-and-disorder.de/wp-content/themes/law-a/gerald393.php

Ok now that is out the way I'll begin!

I was checking back links to my website though yahoo's site explorer and the link above was there. As usual I always see who's linking to my website(s) and opened the link along with 3 or 4 others. This link was the last 1 I was checking and when I finally clicked the tab it was open on I saw looks of numerical figures and at the top of the screen it said ''WAIT... LOADING PAGE'' or something along them lines.

I knew straight away I had to get off it so I tried to open task manager to shut it down to no avail.

So I restarted the PC by the button on the front, and it starts to boot up.

It shows me as usual the Asus meotherboard boot page and I can choose DEL to enter setup.

After that is when I hit a brick wall.

I then go to the next screen which shows MAXTOR SMT and some numbers after - my hard drive?

And below is says press any key to continue.

Now is I press an key is goes to a black screen white blinking underscore in the top left corner - and if I press nothing it does the same - black screen white blinking underscore in the top left corner.

I've tried all F keys and nothing happens apart from F8 which brings up my BOOT MENU.

I can select Hard Disc - SCSI-0 : MAXTOR

or CDROM - 1st Master : ATAPI DVD

Entering either of those does nothing?

So this is where I am at.. as the username suggests... please help!

I have check out the link on norton safeweb and it returns the following info;

law-and-disorder.de
Summary
•Computer Threats:
5
•Identity Threats:
0
•Annoyance factors:

0


Total threats on this site:
5


•Community Reviews:

0
Safeweb Share

The Norton rating is a result of Symantec's automated analysis system. Learn more.
The opinions of our users are reflected separately in the community rating on the right.
General Info
Web Site Location Germany

Norton Safe Web has analyzed law-and-disorder.de for safety and security problems. Below is a sample of the threats that were found.

law-and-disorder.de
Threat Report

Total threats found: 5

Small-whitebg-red Drive-By Downloads (what's this?)

Threats found: 5
Here is a complete list: (for more information about a specific threat, click on the Threat Name below)
Threat Name: HTTP Fake AV Redirect Request
Location: http://www.law-and-disorder.de/ujl-qzwg-17971.htm


Threat Name: HTTP Fake AV Redirect Request
Location: http://www.law-and-disorder.de/ujl-2587-lwb.htm


Threat Name: HTTP Fake AV Redirect Request
Location: http://www.law-and-disorder.de/ujl-357872-uzj.htm


Threat Name: HTTP Fake AV Redirect Request
Location: http://www.law-and-disorder.de/ujl-kcp17.htm


Threat Name: HTTP Fake AV Redirect Request
Location: http://www.law-and-disorder.de/ujl-xp.htm



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:26 PM

Posted 22 August 2011 - 12:25 PM

Hi, :welcome:

Lets give it a try.

We will need to view the system status from an external environment. It will be good to know the Operating System installed as well as the specs of the computer. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.bin bs=512 count=1


    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.bin is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.bin
  • Plug the USB back into the clean computer, zip the mbr.bin, and except for the mbr.bin zipped file, post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.bin zipped file must be attached to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 please_help

please_help
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 22 August 2011 - 12:53 PM

Apologies for the hassle caused - managed to sort it.

Well not fixed but got the data off and reformatted.

Cheers anyway.

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:26 PM

Posted 22 August 2011 - 03:21 PM

Thanks for the feedback. :)

Will close the topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users