Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to start Windows (XP SP3) Firewall or use an internet connection after rootkit/malware


  • This topic is locked This topic is locked
64 replies to this topic

#1 ifindsikeeps

ifindsikeeps

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California USA
  • Local time:07:00 PM

Posted 30 November 2011 - 11:19 PM

My mother called me today and she tells me her laptop isnt working. of course she tells me she doesnt know what happened. that it just stopped working. so i click on mozilla to load it up but avast asks me to open it in a sandbox so it basically told me something wasnt right. i went to load CCleaner and it wouldnt load either. I then ran a virus scan with avast and it stated i picked up a virus/malware and i should schedule a boot time scan. I did that and it detected several infected files. But once it restarted, i wasnt able to get on the internet. im getting the continuous acquiring the network address deal and it just wontt connect. also, the microsoft firewall wont load up. for some reason i decided to uninstall avast... but it didnt really change the situation better or worse.

So i did a google search and i stumbled on a post that was earily similar to my situation. it cant be found here: http://www.bleepingcomputer.com/forums/topic417464.html

to quote his troubles:

after i scanned the computer and got rid of the malware:

"I am unable to start Windows firewall (it's an XP SP3 machine), receiving the error: "Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service". When I try to restart the firewall from Administrative Tools/Services I get the following error: "Could not restart Windows Firewall/Internet Connection Sharing (ICS) service on Local Computer: Error 10050: A socket operation encountered a dead network".

Also, I cannot establish either a wired or wireless internet connection, it just says "acquiring network address" indefinitely.

It seems that whatever rootkit/virus/malware I had 'chewed on' something in Windows. This laptop doesn't have a CD drive, otherwise I would just do a repair installation of XP. I also don't have an SP3 disc."

upon reading it more... i feel like its exactly my situation. so i followed the troubleshooting steps, but alas my computer is still not fixed. So i decided to create my own thread and maybe someone can help me with my situation. i guess its different from his... or i may have done other things to my computer prior to the troubleshooting that prevented it from getting fixed.


===========================================================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Run by Mommy at 19:45:21 on 2011-11-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1526.1083 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Send to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mommy\application data\mozilla\firefox\profiles\dmtnakhw.default\
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-3-22 9472]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-3-22 157696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-22 1684736]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
.
=============== Created Last 30 ================
.
2011-12-01 02:14:21 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-01 01:33:38 98816 ----a-w- c:\windows\sed.exe
2011-12-01 01:33:38 518144 ----a-w- c:\windows\SWREG.exe
2011-12-01 01:33:38 256000 ----a-w- c:\windows\PEV.exe
2011-12-01 01:33:38 208896 ----a-w- c:\windows\MBR.exe
2011-11-30 23:52:22 -------- d-----w- c:\documents and settings\mommy\application data\SUPERAntiSpyware.com
2011-11-30 23:51:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-30 23:51:35 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-13 19:51:46 -------- d-----w- c:\documents and settings\mommy\local settings\application data\HandBrake
2011-11-13 19:51:09 -------- d-----w- c:\program files\Handbrake
2011-11-13 19:43:38 -------- d-----w- c:\documents and settings\mommy\application data\XMedia Recode
2011-11-13 19:35:38 -------- d-----w- c:\program files\XMedia Recode
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 17:15:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:45:52.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 ifindsikeeps

ifindsikeeps
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California USA
  • Local time:07:00 PM

Posted 01 December 2011 - 09:39 AM

So I got impatient and gave it another go myself and sadly didnt succeed. I guess i mustve changed my system so i rant the scans again. here is the updated status of my laptop.

===================================================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Run by Mommy at 6:23:26 on 2011-12-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1526.1138 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Send to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mommy\application data\mozilla\firefox\profiles\dmtnakhw.default\
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-30 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-30 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-30 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-30 44768]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-3-22 9472]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-3-22 157696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-22 1684736]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
.
=============== Created Last 30 ================
.
2011-12-01 13:50:08 -------- d-----w- C:\backup
2011-12-01 06:31:40 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-01 05:34:02 41184 ----a-w- c:\windows\avastSS.scr
2011-12-01 05:10:58 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-01 05:10:58 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-01 02:14:21 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-01 01:33:38 98816 ----a-w- c:\windows\sed.exe
2011-12-01 01:33:38 518144 ----a-w- c:\windows\SWREG.exe
2011-12-01 01:33:38 256000 ----a-w- c:\windows\PEV.exe
2011-12-01 01:33:38 208896 ----a-w- c:\windows\MBR.exe
2011-11-13 19:51:46 -------- d-----w- c:\documents and settings\mommy\local settings\application data\HandBrake
2011-11-13 19:51:09 -------- d-----w- c:\program files\Handbrake
2011-11-13 19:43:38 -------- d-----w- c:\documents and settings\mommy\application data\XMedia Recode
2011-11-13 19:35:38 -------- d-----w- c:\program files\XMedia Recode
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 17:15:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 6:25:59.53 ===============

Attached Files



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 05 December 2011 - 11:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430168 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 ifindsikeeps

ifindsikeeps
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California USA
  • Local time:07:00 PM

Posted 06 December 2011 - 03:29 AM

it seems like i may have killed my moms laptop because im now getting the blue screen of death and it wont restart. its on a contiunous loop of restarting. i cant even start it in any of the safe mode settings... ive attached a picture of the blue screen. im thinking its irrecplaceble. its a netbook so it doesnt have a dvdrom drive and i dont really have the software for a reinstall. if theres any ways i can resolve this id be extremely grateful.

Attached Files



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:00 AM

Posted 07 December 2011 - 03:19 PM

Hello, we can still attempt to fix this. Do you have a working computer you can use and an empty USB drive?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 ifindsikeeps

ifindsikeeps
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California USA
  • Local time:07:00 PM

Posted 07 December 2011 - 04:43 PM

hello Elise. I was hoping you'd pick up the tab for my problem. I saw how you fixed the problem for the other member with a similar problem as me. however i was impatient and did further damage doing my own troubleshooting. I do hope the laptop is still salvageable.

I do have a working PC with an empty USB drive.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:00 AM

Posted 08 December 2011 - 03:07 AM

Hello, as the BSOD error points to a possible registry problem, lets first see if a registry restore will help here.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/rst.sh to the USB drive
  • Boot the Sick computer with the USB drive again
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located at sdb1 named enum.log
  • Plug that USB back into the clean computer and open it

Please note: If you have an ethernet connection you can access the internet by way of xPUD (Firefox). You can perform all these steps on your sick computer. When you download the download will reside in the Download folder. It can be found under the File tab also. You can similarly access our thread by way of this OS too so you can send the logs that way.

Please also note - all text entries are case sensitive

Copy and paste the enum.log for my review

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 ifindsikeeps

ifindsikeeps
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California USA
  • Local time:07:00 PM

Posted 08 December 2011 - 11:05 AM

hello elise. I'm stuck at the "Boot the Sick computer with the USB drive again" step. nothing is really happening when i boot from the flash drive. all i get is a blinking cursor on the the top left corner of a black screen.

Is this suppose to start right away or am i suppose to wait a while?

sorry for the late response... i think we have a 10 hour time difference.

Edited by ifindsikeeps, 08 December 2011 - 11:06 AM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:00 AM

Posted 08 December 2011 - 11:28 AM

Did you install xPUD to the flashdrive as instructed and then put rst.sh on that same flashdrive?
Did you manage to change the boot order to usb drive?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 ifindsikeeps

ifindsikeeps
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California USA
  • Local time:07:00 PM

Posted 08 December 2011 - 11:42 AM

i think i installed it correctly. heres a picture of the flash drive after the install..

also after i press F12 on the broken laptop to access the boot menue im able to select the USB flash drive.. but its stuck on the black screen.

Attached Files



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:00 AM

Posted 08 December 2011 - 12:27 PM

No, that is a CD rom device (external). Is your flashdrive 4 GB? If so, select the second option (HDD: SSD 4G)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 ifindsikeeps

ifindsikeeps
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California USA
  • Local time:07:00 PM

Posted 08 December 2011 - 12:33 PM

im pretty sure thats it because thats the name of the flash drive: creative nomad... its an old flash drive and its only 256MB. is it possible i didnt install it correctly?

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:00 AM

Posted 08 December 2011 - 01:11 PM

It looks like you created the USB drive correctly. Can you try to access the BIOS instead and alter the boot order there? Its a bit strange that only options 1, 5 and 6 show up in the screenshot you posted.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 ifindsikeeps

ifindsikeeps
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California USA
  • Local time:07:00 PM

Posted 08 December 2011 - 01:23 PM

i did it through there the first time around here is the picture of that setup.

Attached Files



#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:00 AM

Posted 08 December 2011 - 01:52 PM

Can you set USB FDD there as first boot device and try it again?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users