Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Corrupted OS. Can't Restore System/Repair/Backup.


  • This topic is locked This topic is locked
1 reply to this topic

#1 jinugy

jinugy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 27 October 2011 - 10:20 PM

I'm using Windows 7 Starter SP1, 32-bit. Here's my problem:

When I turned on my laptop yesterday morning, the screen was all black, like the system was hanging. So I decided to take out the batteries, put them back in, and turn the laptop on again (I do this everytime it hangs--no problem whatsoever). Upon turning back on, a black screen with "Windows is loading files..." appeared. When it was done, a blue background picture appeared (which was not my wallpaper, but looked Microsoft-ish), and Startup Repair started. This must've been because of a suspicious EXE file I accidentally ran the night before =(

Startup Repair started checking my system for probems. After it was done, it said that Startup Repair cannot repair this computer automatically. Sending more information can help Microsoft create solutions: 1) Send; 2) Don't send. I didn't send it, cause I can't bloody well connect to the Internet. The problem event name was StartupRepairOffline.

HP's Recovery Manager then popped up. From there, I had three choices: 1) Microsoft system restore, 2) Run computer checkup (I could also run Command Prompt from here), and 3) File backup program. I tried restoring to just before the problems appeared, but it failed. The I tried backing up, but it wouldn't allow me to click "Next" and proceed for certain file types like pictures & videos. I can only backup HTML files and file settings.

So I decided to run HijackThis from an external hard drive by opening Task Manager using Command Prompt. It ran and I saved the log (tell me if you need it). But when I run DDS, the window suddenly closes. When I run GMER, a window popped up, saying that "GMER has found system modification, which might have been caused by rootkit activity. Do you want to fully scan your system?" I clicked no. Then after unchecking "IAT/EAT" and checking "C:\," the app ran for around a minute, then an error message popped up:

"The instruction at 0x0040c676 referenced memory at 0x88e83d2e, The memory could not be read. Click on OK to terminate the program."

When I ran GMER again, a BSOD appeared. PAGE_FAULT_IN_NONPAGED_AREA. Technical information:

*** STOP: 0x00000050 (0x996A4000, 0x00000000, 0x90c69114, 0x00000000)

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:32 AM

Posted 01 November 2011 - 04:16 AM

User posted on other forum so I'll close this topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users