Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

boot up problem


  • This topic is locked This topic is locked
13 replies to this topic

#1 lspin

lspin

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 02 November 2011 - 06:42 PM

My computer contracted some malware and now I can't get the computer to bootup pass the blue windows XP screen to determine where the virus is. Please help.

Edited by hamluis, 02 November 2011 - 06:56 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:40 PM

Posted 07 November 2011 - 02:06 AM

Hi, can you please tell me what happens, does your computer reboot spontaneously or does it just lock up?
Do you have an XP CD?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 lspin

lspin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 08 November 2011 - 09:35 AM

It just stops at the blue Windows XP screen. I do have an XP disc. I have also ran the Avira Antivir Rescue System and removed the infected files and still no luck booting.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:40 PM

Posted 08 November 2011 - 10:20 AM

Hi again, do you mean the XP splash screen or the welcome screen that appears after the splash screen?

Do you remember what Avira detected (file or infection name)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 lspin

lspin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 08 November 2011 - 03:25 PM

After the black Windows screen. It was a trogan horse located in my docments and setting application and also adware in the temporary internet files.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:40 PM

Posted 08 November 2011 - 03:27 PM

Hi again, I'll move this topic to the malware removal forum.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 lspin

lspin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 08 November 2011 - 04:39 PM

ok

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:40 PM

Posted 08 November 2011 - 04:42 PM

Sorry, I forgot to move the topic. Can you please attach the resulting file?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 lspin

lspin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 08 November 2011 - 05:25 PM

I will do so once I get home.

#10 lspin

lspin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 08 November 2011 - 06:57 PM

no luck with the xpud disk. After it boots the screen is black.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:40 PM

Posted 09 November 2011 - 10:09 AM

You mean it doesn't boot from the CD? Are you sure you set the computer to boot from CD?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 lspin

lspin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 09 November 2011 - 11:42 AM

Yes and it gets to the xPUD home screen and says automatic boot will start in several seconds and it also says press tab for options. Soon as it boot the screen goes black and nothing happens.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:40 PM

Posted 09 November 2011 - 12:13 PM

In that case, can you please try the following?

Let's try to boot your computer using a Boot CD.

Please print this guide for future reference!

You will need a blank CD, your Windows XP install disc, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. Please tell me what error messages you got and/or what steps you got hung up on.

1. Download the PE Builder to your desktop

http://www.nu2.nu/download.php?sFile=pebuilder3110a.exe
  • Double-Click on the PE Builder that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on PE Builder.exe located on your desktop.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
    • Source:(path to Windows installation files)
    • Enter the path to the drive where your XP CD is located.
    • You can click on the "..." button on the right to navigate to the path as well.
  • Custom: (include files and folders from this directory)
    • No information is necessary, leave blank.
  • Output:
    • Keep the default
  • Media output
    • Choose Create ISO image
    • Do not choose Burn to CD/DVD
    • Download the RunScanner plugin and save it to your desktop

    http://www.paraglidernc.com/Files/RunScanner10025.cab

    Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner <--- Important!!!


    • Press the Plugin button on the PE Builder interface
    • Press the Add button and navigate to the location of the RunScanner plugin to install
    • Please note: If you are using a Windows XP disc with sp2 then highlight RpsSS needs to launch DComLaunch and then press Enable
  • When your done press Close and the PE Builder interface will re-appear
3. Click on the "Build" button
  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run it's course
  • When the Build is finished you can click close, then exit
4. Burn your ISO file to CD==========

Next........

From your clean computer..

Please download OTLPE.zip and save it to a flash drive.
http://oldtimer.geekstogo.com/OTLPE.zip
http://www.itxassociates.com/OT-Tools/OTLPE.zip

Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

==========

Plug your flash drive into your sick computer now and do as instructed below..

==========

1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created
  • Insert the CD in to one of your CD/DVD drives.
  • Restart your computer.
    • The computer should choose to boot from the CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on No
  • After it loads press the Go button in the lower left and do this....
    • Go
    • System
    • Display
    • Screen Resolution
    • 1024x768
    Next choose....
    • Go
    • Programs
    • A43 File Management Utility

==========

In A43File Management you should see your flash drive
Navigate to the OTLPE folder that you saved to your flash drive.

Open the OTLPE folder and double click Start.cmd.

  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTLPE should now start

    Change the following settings
    • Change Services, Drivers, Standard and Extra Registry to Use Safelist
    • Uncheck LOP and Purity check

    Please note: Stay with your computer during the course of the scan. If "Entry Point Errors" are encountered simply press "ok" and allow the program to continue. <-- Important!!
  • Push Posted Image
  • A report will open named "OTL.tx"t and another will be minimized to the system tray named "Extra.txt". Save both log's to your flash drive. Copy and Paste them in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:40 PM

Posted 22 November 2011 - 06:54 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users