Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

un-bootable and unresponsive keyboard


  • This topic is locked This topic is locked
22 replies to this topic

#1 khoaa

khoaa

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 10 March 2012 - 10:40 PM

Hi, I have a HPE Elite - 110f desktop and currently having some major problems with it.
I believe I hit some kind of virus or trojan that my AVG thing tried to force remove. AVG then restarted my computer.
After that, I cannot boot into windows at all. It has a completely black greyish screen even before the cursor appears (computer stays on like this forever).

I tried to go into safe mode, or make a system recovery but pressing f8 and f11 repeatedly to do it at start up does not give ANY response; as if I pressed nothing. I know its not because of the keyboard because I switched to a new one.
THe only thing that the computer responds to is f10, to the BIOS setup.

Don't know what to do at this point. ANY help at all would be wonderful. Thanks in advance.

Edited by khoaa, 11 March 2012 - 09:19 PM.
Moved to Am I Infected from Win 7.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:51 AM

Posted 11 March 2012 - 09:27 AM

HI :).

I have moved your post to an appropriate malware forum and also placed it on our Unbootable list (one of our personnel will try to assist you). Help is on the way, pleaase be patient.

Louis

#3 khoaa

khoaa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 11 March 2012 - 09:11 PM

Thanks so much. sorry about the placement of the post, I'm new to the forums

I have tried asking some of my computer techie friends about my computer but they tell me it's dead lol
They tell me to replace the hard drive
I hope it doesn't get to that tho

Edited by khoaa, 11 March 2012 - 09:13 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:51 PM

Posted 12 March 2012 - 03:19 AM

Hello, lets see if we can find out a bit more about the problem. :)

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 khoaa

khoaa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 12 March 2012 - 07:54 PM

Ok, um I did all the steps until the last part.

•Remove the USB drive and insert it back in your working computer and navigate to mbr.bin

Putting the USB back into my laptop (laptop = working, desktop is the sick computer), my virus scanner immediately saw some kind of threat and it removed it. Opening the flashdrive I find it empty after the virus scan. I can't find the mbr.bin file.

I did the process the 2nd time and looked carefully, when putting in the usb in the laptop, the thing mbr.bin contained a trojan called "Rookit.Boot.Pihar.b" and my computer removed it.

Did I do something wrong?
Do I try this again and don't scan this time?

Thanks for your time

Edited by khoaa, 12 March 2012 - 11:25 PM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:51 PM

Posted 13 March 2012 - 03:27 AM

No worries, that answers the question of what the problem is. :)

Can you please disable your AV before putting in the flash drive? It only detects the file because it contains a dump of the infected MBR, this cannot actually harm your computer.

If that is not possible, then please let me know what version of Windows you have installed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 khoaa

khoaa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 14 March 2012 - 07:24 AM

Gah, my internet had some extreme problem yesterday..
was too tired to look into it, but it seems to be working now
But I am not at home right now, Sorry about this

About the version of Windows I think I have Windows 7 Home Premium (will send the MBR thing tonight)
Thanks

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:51 PM

Posted 14 March 2012 - 09:18 AM

Okay, I'll wait for the MBR.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 khoaa

khoaa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 14 March 2012 - 05:50 PM

Here it is




Oops forgot to attach

Edited by khoaa, 14 March 2012 - 05:54 PM.


#10 khoaa

khoaa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 14 March 2012 - 05:53 PM

Here

Please take a look at it

Attached Files

  • Attached File  mbr.zip   575bytes   3 downloads

Edited by khoaa, 14 March 2012 - 05:55 PM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:51 PM

Posted 15 March 2012 - 03:19 AM

Right click the following download link and select "save link/target as": xPUD_MBRfix
Save the file to your USB drive.
  • Boot the ailing computer to xPUD
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Double click on xPUD_MBRfix to execute the script
  • When asked "what boot code do you want to write?" type the letter indicated for Windows 7.
  • When asked "to which one do you want to write a new mbr?" type sda and press enter.
  • Type y and press enter to confirm your choices.
  • Press enter to close the window.
  • Upon finishing, its actions will produce a report (mlog.txt)
  • Post that report in your next reply

Restart your computer normally now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 khoaa

khoaa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 15 March 2012 - 05:40 PM

FINALLY, WOW. you are a genius :) !!!

It WORKS again, I've never been so happy about a computer before.

Took me days and nights to browse the web and tried to figure out what was wrong and tried to fix it myself (to no success whatsoever), and my techie friends had no clue either...I don't really know much about computers at all. A poor student like myself couldn't afford to buy a new computer. I'm so glad it is resolved now.

I really must thank you, Elise, and this forums, really owe you guys

THANKS SO MUCH :)

:)

Attached Files

  • Attached File  mlog.txt   406bytes   2 downloads

Edited by khoaa, 15 March 2012 - 05:57 PM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:51 PM

Posted 16 March 2012 - 03:09 AM

I'm glad to hear that. :)
Lets make sure nothing else is lurking there.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 khoaa

khoaa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 16 March 2012 - 10:52 AM

Ok, here they are.

Please have a look

Thanks

Attached Files



#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:51 PM

Posted 16 March 2012 - 11:14 AM

Hi again,

TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Norton.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users