Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard Drive failure or Boot failure?


  • This topic is locked This topic is locked
14 replies to this topic

#1 Goomba

Goomba

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 12 March 2012 - 06:47 PM

So, I had gotten up this morning and was on my computer fine and dandy for a couple of hours and left for class at around 1:30 PM. When I return at around 4, I turn on my monitor and there's a blinking underscore on the top right of my screen. I went ahead and made a startup repair disc for Windows 7, but it could not find anything wrong with the system. I then went into the ACER factory settings utility on the same disc and both options:

> Completely Restore System to Factory Defaults
Restore your PC to factory default status. All data on C: drive will be deleted.

> Restore Operating System and Retain User Data
Restore only the operating system of your PC to the factory defaults. Files from your user accounts will be transferred to C:\Backup. This option will not remove persistent viruses or malware.

Are grayed out. I assumed that this could only be because it wasn't detecting my hard drive? I went into the setup menu in the BIOS, and I see:

> IDE Primary Master [Not Detected]
> IDE Primary Slave [Not Detected]
> SATA7 [Not Detected]
> SATA8 [Not Detected]

However, when I start up the computer it says it's automatically detecting my SATA drives. I honestly have no idea what the difference between IDE and SATA mean, or if my computer not detecting the IDE drives even means anything. Maybe I never had IDE drives? I am a total noob in the hardware department.

Any help would be much appreciated.

Thanks,
Goomba.

BC AdBot (Login to Remove)

 


#2 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 12 March 2012 - 11:50 PM

Please post the complete computer model,details or specs. next time. Did you try loading default settings in your BIOS configuration?

Tekken
 


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,874 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:45 AM

Posted 13 March 2012 - 03:25 PM

It's not clear if you tried to boot into safe mode...or into Windows.

If you can:

Start/Run...type diskmgmt.msc and hit Enter.

Hit the Print Screen key.

You now have a screenshot of your Disk Management screen...which should reflect all attached, detected drives.

Post that, please.

How To Capture And Edit A Screen Shot - http://www.bleepingcomputer.com/forums/topic43088.html/page__gopid__2493350

Louis

Edited by hamluis, 13 March 2012 - 03:28 PM.


#4 Goomba

Goomba
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 13 March 2012 - 07:43 PM

Thanks for the quick replies.

I can't get into Safe Mode. I can only get to the BIOS screen and access the BIOS menu. I set everything to default (at least I think, I selected Load Optimized Defaults) and now it shows both SATA drives correctly, although now my computer sounds really frightening as it now sounds like a vaccuum. Also, I can view my latest restore points using my system recovery disc, so obviously the hard drive IS somewhat functioning. I assume it's just the operating system now. Perhaps I should reinstall. Your thoughts would be much appreciated.

#5 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:03:45 PM

Posted 13 March 2012 - 07:53 PM

Please describe exactly what you see, and what happens, when you attempt to start the computer:
  • normally
  • in Windows Safe Mode

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#6 Goomba

Goomba
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 13 March 2012 - 09:19 PM

Please describe exactly what you see, and what happens, when you attempt to start the computer:

  • normally
  • in Windows Safe Mode


When I start the computer, it goes to the BIOS screen and then goes to a flashing underscore on the top left of the screen. I can't start the computer into Safe Mode because it can't even make it to the prompt asking which mode to boot into.

Also, I had forgot to mention. My operating system is Windows 7 Home Premium.

#7 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:03:45 PM

Posted 13 March 2012 - 09:25 PM

It is likely a malware infection, namely an infection of the MBR (MasterBootRecord).
Let's have a look at the MBR.

Please try the following: You will need a USB drive/flashdrive and a new blank writable CD.

:step1: Please do the following on a working computer:
  • Download GETxPUD.exe to the Desktop.
  • Run GETxPUD.exe
    A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on get&burn.bat
  • The program will download xpud_0.9.2.iso, and when finished will open BurnCDCC ready to burn the image.
    Please be patient: This could take awhile - download file size 63MB.
  • Click on Start and follow the prompts to burn the image to a CD.
You will use this CD to boot the ailing computer from.


:step2: Boot the ailing computer with the xPUD CD.
  • (You may have to configure the Boot Menu or BIOS Setup Menu to boot first from the optical/CD/DVD drive.)
    A Welcome to xPUD screen will appear.
  • Click on File.
  • Expand the mnt icon on the left (click on the little arrow beside the icon).
    • sda1, sda2 etc. ...usually correspond to your HDD partitions
    • sdb1, sdc1 is likely to correspond to a USB flashdrive, external USB hard drive etc.
  • Click on the folder that represents your USB drive (sdb1 ?).
  • Click Tool on the top menu, and choose Open Terminal.
  • Type the following at the hash prompt:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

    • Note: Leave a space between the following:
      • dd ... the executable application used to create the backup
      • if=/dev/sda ... the device the backup is created from (the hard drive when only one HDD exists)
      • of=mbr.bin ... the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
      • bs=512 ... the number of bytes in the backup
      • count=1 ... says to backup just 1 sector
        It is extremely important that the if and of statements are correctly entered.
  • Press the <ENTER> key.
    After it has finished a file will be located on your USB drive named mbr.bin.
  • Remove the USB drive from the ailing computer.

:step3: On the working computer:
  • Insert the USB drive, and navigate to the file mbr.bin
  • Zip-up the mbr.bin file:
    • Right-click on the file and choose Send to .. > Compressed (zipped) Folder.
      A zipped folder will appear in the same location as the mbr.bin file.
  • Please attach the zipped file to your next reply.
    This will allow the MasterBootRecord of your drive to be checked to see whether or not it is infected.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#8 Goomba

Goomba
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 15 March 2012 - 05:49 PM

Alright, here it is. Sorry for the delay, was a bit busy these past couple of days.

Attached File  mbr.zip   585bytes   5 downloads

Edited by Goomba, 15 March 2012 - 05:50 PM.


#9 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:03:45 PM

Posted 15 March 2012 - 09:39 PM

Thanks: You did well!

The MBR is infected, as I suspected. This thing is certainly getting around!
  • virustotal result:
    Rootkit.Boot.Pihar.b (Kaspersky)
Please sit tight and be patient.

I have requested that an experienced helper who specialises in malware-related un-bootable computers respond to your topic.

Thank you.

Edited by AustrAlien, 15 March 2012 - 09:40 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#10 Goomba

Goomba
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 15 March 2012 - 10:01 PM

Ah, thanks a lot! I'll be patient, no rush. I have my netbook to keep me content for now.

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:45 AM

Posted 16 March 2012 - 06:56 PM

Download xPUD_MBRfix and save it in the USB drive.

  • Boot the ailing computer to xPUD
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Double click on xPUD_MBRfix to execute the script and wait.
  • Select sda and Windows 7 as your options if asked.
  • Upon finishes, its actions will produce a report (mlog.txt)
  • Post that report in your next reply
Boot in Normal Mode.

If successful, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:45 AM

Posted 16 March 2012 - 07:01 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Goomba

Goomba
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 16 March 2012 - 08:20 PM

WOW. Thank you sooo much! Computer is functioning 100% again. And to think I was that close to reinstalling Windows 7.

Here's the ComboFix Log.

Attached File  ComboFix.txt   62.96KB   5 downloads

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:45 AM

Posted 16 March 2012 - 08:43 PM

Lets check for remnants:

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:45 AM

Posted 02 April 2012 - 11:43 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users