Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware prevents windows from starting


  • This topic is locked This topic is locked
30 replies to this topic

#1 fangorn99

fangorn99

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 14 November 2011 - 01:19 PM

Hello!

A few days ago, I was surfing on the internet when I encountered some type of malware. Firefox crashed, and the task manager wouldn't open. A bubble appeared in the lower right of my screen telling me that I was infected. I tried restarting my computer, and now Windows won't even start. I've tried Safe Mode, too, but all I get is a blue screen with the text: "UNMOUNTABLE_BOOT_VOLUME". I have a disc that can run Knoppix right from the disc, so I can access my files without logging onto Windows, but I don't know enough about Windows to know how to fix the problem and remove the malware. Is there anything you can do to help? I didn't include a DDS log, because I assume that won't run in Knoppix.

Thanks!

-Mike

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:49 AM

Posted 16 November 2011 - 12:46 PM

Hi Mike, what version of Windows is this and do you have your Windows install disk?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 fangorn99

fangorn99
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 17 November 2011 - 04:25 AM

I am running Windows XP, and no I do not have the Windows install disk. It's 300 miles away at my parents' house. It will be a month or two before I would be able to get it, and I was curious if there was another way of repairing Windows without that disk. Thanks!

-Mike

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:49 AM

Posted 17 November 2011 - 06:10 AM

Hi, we certainly have some options without an XP CD. :)

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 fangorn99

fangorn99
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 20 November 2011 - 06:08 AM

The only clean computers I have access to are the Macs at my school, running Mac OS 10.6.8. Is there a way I can get that ISO file without running an .exe? Since they are the public computers at my school, I also don't have access privileges to install programs on them. Thanks!

-Mike

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:49 AM

Posted 20 November 2011 - 06:31 AM

If you know how to burn an iso to a CD/DVD, that should be no problem.

The iso can be downloaded here: http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 fangorn99

fangorn99
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 21 November 2011 - 11:52 PM

Here it is! Thanks!

-Mike

Here it is, thanks!

-Mike

Attached Files



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:49 AM

Posted 22 November 2011 - 02:45 AM

Hi again,

Try this please. You will need a USB drive.
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB & xPUD CD and insert it in the sick computer
  • Boot the Sick computer with the xPUD CD.
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter
The first screen will present log options - press Enter to continue.

Posted Image

TestDisk will scan the system and show drive information.
If more than 1 drive, select the correct drive, make sure [Proceed] is selected then press Enter to continue.

Posted Image

Select [Intel] partiton and press Enter to continue.

Posted Image

Select [MBR Code] and press Enter to continue.

Posted Image

Type Y when prompted to write a new mbr code to the first sector, then confirm at the next screen by typing Y again.

Posted Image

Press Q repeatedly until TestDisk exits then reboot.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 fangorn99

fangorn99
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 22 November 2011 - 03:15 AM

I cannot extract the files from xPUDtestdisk.exe because my only functioning computer is a Mac at my school. Is there a way to get these files without having to run an .exe? Thanks!

-Mike

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:49 AM

Posted 22 November 2011 - 03:21 AM

Sorry, I forgot about that. In that case, download the following and save it to your flash drive.

http://www.cgsecurity.org/testdisk-6.13.linux26.tar.bz2

See if this will run from xPUD by double clicking it (this is a compressed file, it will need to be extracted, not sure if xPUD will offer you the option to do that or not). If it doesn't work, just let me know and I'll look into this.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 fangorn99

fangorn99
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 22 November 2011 - 03:39 AM

That was successful! I completely all the steps above for testdisk. Now what? Should I try rebooting Windows, or is there more first?

-Mike

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:49 AM

Posted 22 November 2011 - 03:45 AM

Yes, please restart windows normally now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 fangorn99

fangorn99
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 22 November 2011 - 03:49 AM

I tried restarting normally and in safe mode, but no luck: same problem. :/

-Mike

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:49 AM

Posted 22 November 2011 - 06:04 AM

What is the exact error code?

We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 fangorn99

fangorn99
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 22 November 2011 - 01:41 PM

UNMOUNTABLE_BOOT_VOLUME

STOP: 0x000000ED (0x8A3BCE30, 0xC0000006, 0x00000000, 0x00000000)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users