Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsure if virus, operating system problem, or hardware problem


  • This topic is locked This topic is locked
52 replies to this topic

#1 bytecross

bytecross

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 10 February 2012 - 11:33 AM

Hi, I'm in need of figuring out if my laptop was infected by a trojan, the operating system went kapoot and i need to reinstall it, or if its hardware failure. I used it last night and my AVG caught a "small trojan horse" called cryptbase.dll and after removing it i believe is where it began. My computer restarted and ended up starting up with the acer splash with me able to click f2 for setup. But f8 doesn't work and causes a long beeping noise if i leave it alone it goes to a black screen with a underscore blinking at the top left. i've done some research but, im unsure which route to take without taking some advice for my own laptop. My laptop is a Acer Aspire 5741-3541, Windows 7,intel core i5-450 processor, 4 GB DDR memory, 500 GB HDD. if you need more information please ask because im unsure with what is needed to fix the problem. The solutions i've heard is reinstalling windows 7, or it might be a HDD problem. Thank you.

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 70,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:26 PM

Posted 10 February 2012 - 03:29 PM

Let ma ask someone to look here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bytecross

bytecross
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 10 February 2012 - 04:02 PM

Ok ty

Edited by bytecross, 10 February 2012 - 04:31 PM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 PM

Posted 11 February 2012 - 06:44 AM

Hello, bytecross.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 bytecross

bytecross
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 11 February 2012 - 12:16 PM

hi,i downloaded the 64 bit farbar recovery tool. Although i couldnt get to part 2 which is to get to the system recovery options. If i keep tapping f8, nothing happens and i return to the black screen with a underscore blinking at the top left. If i hold down f8 i hear a loud beeping noise. The process is black screen underscore at top left, then Acer splash with ability to press f2 for setup(This works), then back to the black screen underscore at top left.

Edit: I don't own the windows 7 installation disk, My laptop came with windows 7, and i only have the upgrade for vista to windows 7, although i am able to get windows 7 online from download through a site that's affiliated with my school.

Edited by bytecross, 11 February 2012 - 12:27 PM.


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 PM

Posted 11 February 2012 - 08:33 PM

Hello, bytecross.

OK, your MBR or boot settings are corrupted since it's hanging there. Let's start with the MBR.

You can overwrite your FRST flash drive if you want.

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Copy/paste the following command and press enter:

    dd if=/dev/sda of=mbr.txt bs=512 count=1
  • When done a file, mbr.txt, will be created on your USB drive. Please attach that file to your reply.

Please note - all text entries are case sensitive

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 bytecross

bytecross
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 12 February 2012 - 02:22 AM

I have a question, i have system recovery disks from when i first got my laptop, i was wondering if this method your showing me will allow me to keep my files. If not will using the disks work or be faster than the nethod you're currently showing me?

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 PM

Posted 12 February 2012 - 06:15 AM

The system recovery disks will overwrite the data on your hard drive and restore the computer to factory state...the way it was when you unpacked it out of the box. The method I'm using will allow us to get your computer booting again and access your files. If worse gets to worse, you can use xPud to copy your files to a USB flash drive or hard drive so you don't lose them.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 bytecross

bytecross
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 12 February 2012 - 03:43 PM

Ok so, i got to the welcome to the Xpud part, and pressed enter for English. After it says boots then ready and then it goes to a blank black screen. If you wait it says it will automatically boot and the same thing happened. I couldnt press F12, so i went to the Setup and changed the boot sequence to make it go to the USB first then the Hard drive. Im now stuck at a blank black screen.

#10 bytecross

bytecross
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 12 February 2012 - 06:03 PM

To specify it says welcome to xpud and if i press enter or wait it leads to a black screen. I could take photos off my phone if needed

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 PM

Posted 13 February 2012 - 06:35 AM

It is trying to boot into xPud so the boot order is fine. What files/folders are on the xPud flash drive? IT may be a corrupted download/install. IT does happen from time to time.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 bytecross

bytecross
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 13 February 2012 - 07:48 AM

Microsoft word documents
DOC files
Read Me HTML documents
Powerpoint document
FRST Application
syslinux.cfg
vesamenu.c32
boot
opt
Microsoft Office Download Setup Files (i.e. Excel,Publisher,Enterpriser)
setup application
VLC Media file
autorun setup information

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 PM

Posted 14 February 2012 - 06:06 AM

Did you format the flash drive? There are other things besides xPud on there. I would save the other files somewhere else, delete everything, then reinstall xPud following the instructions above. We could also create a boot CD of xPud if you have a CD burner and a blank CD. I can give you instructions for that if needed.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 bytecross

bytecross
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 14 February 2012 - 11:05 AM

So i formatted my USB, and did it again, and the same thing happens. It goes to the xpud screen, onto a black screen where it says its booting xpud, and then goes to a blank black screen. I will submit photos when possible. Also is there a time besides 6 o clock am est that you're usually on, because i often check like once every hour from when i wake up and when i go to bed. I know its not your job but it'll be easier for me to check up on times you'll most likely be around. My phone is my only way onto the internet. ( Besides using a desktop who belongs to another person )
Edit:Sorry i feel like im rushing you, but i have some of my files that i require to homework with and if i cant retrieve the files, i'll have to start all over which i'd prefer not to do but if i must i must :(. P1

P2

P3

Edited by bytecross, 14 February 2012 - 03:02 PM.


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 PM

Posted 15 February 2012 - 06:22 AM

I'm usually on around then, but only for a bit. I'm usually on about 12 hours later too, but my daughter has been sick so I'm limited to once a day.

If we could boot xPud, we could get to your files. That's not working, at least by flash drive. IT may not support your particular hardware, but I'm very surprised FRST wouldn't run. First, try FRST again, but using your Vista to 7 Upgrade CD. That may still have recovery options to allow you to run FRST.

We can also try another flavor of Linux called Ubuntu. Follow these instructions to create a bootable Ubuntu USB or flash drive. This will give you access to your files if it boots.

http://www.ubuntu.com/download/ubuntu/download


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users