Posted 24 February 2012 - 01:07 PM
As this seems to be a corporate computer, please consider the following:
- There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
- Any infection could jump terminals in a computer network.
- There may also be legal issues regarding any loss of business data that I do not wish to deal with.
- Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
- There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for lawsuits.
- Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
- The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
- In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.
If despite the above you wish to continue with this topic, please do the following:
to the desktop of your clean computer
- Insert your USB drive
- Press Start > My Computer > right click your USB drive > choose Format > Quick format
- Double click the unetbootin-xpud-windows-latest.exe that you just downloaded
- Press Run then OK
- Select the DiskImage option then click the browse button located on the right side of the textbox field.
- Browse to and select the xpud-0.9.2.iso file you downloaded
- Verify the correct drive letter is selected for your USB device then click OK
- It will install a little bootable OS on your USB device
- Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
- After it has completed do not choose to reboot the clean computer simply close the installer
- Next download http://noahdfear.net/downloads/xPUD_userinit_fix to your USB (without a file extension, you may have to right click on the link and click on Save Target As, and make sure that "All Files" is selected)
- Remove the USB and insert it in the sick computer
- Boot the Sick computer
- Press F12 right as the computer is initially starting up, and choose to boot from the USB
- Follow the prompts
- A Welcome to xPUD screen will appear
- Press File
- Expand mnt
- sda1,2...usually corresponds to your hard drive
- sdb1 is likely your USB
- Click on sdb1 (this is your USB drive)
- Confirm that you see xPUD_userinit_fix on your USB drive (sdb1)
- Double click on xPUD_userinit_fix
- After it has finished a report will be located on your USB drive named UserinitReport.txt
- Click on the Home tab, click on Power Off, and then click on Turn Off
- Remove the USB drive and insert back in your working computer and navigate to UserinitReport.txt
Please note - all text entries are case sensitive
Please copy and paste the UserinitReport.txt
for my review.
"Now faith is the substance of things hoped for, the evidence of things not seen."
Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome
Malware analyst @ Emsisoft