Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot reboot, start saftemode, or system restore


  • This topic is locked This topic is locked
18 replies to this topic

#1 rima017

rima017

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 13 March 2012 - 01:34 PM

I recently used Norton Internet Security to try to remove a virus but it came up clean and I was shown to try and use Norton Power Eraser which I did and it found a lot of different malware which I proceeded to remove through the eraser program and it asked me to restart which I did. But after attempting a restart my computer will not boot and I cannot get it to start in any safe mode option or get to an earlier time through system restore ( I get errors 0x800700b7 or 0x8000fffff). I don't have a Windows 7 CD either to completely reinstall it either. Any help would be much appreciated, thank you!!

Edited by hamluis, 14 March 2012 - 12:51 PM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 rima017

rima017
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 13 March 2012 - 03:12 PM

Sony VAIO model: PCG-7192L

#3 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:11:23 PM

Posted 13 March 2012 - 09:16 PM

Hello and :welcome: to the BC forums.

Please sit tight and be patient.

I have requested that an experienced helper who specialises in malware-related un-bootable computers respond to your topic.

Thank you.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#4 rima017

rima017
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 13 March 2012 - 09:25 PM

Okay thank you! I don't know if this will help or not but before using norton power eraser my computer was working fairly normally I was just trying to remove viruses/malware that was disrupting my internet and causing my computer to go into system repair every time I shut it down and turned it back on. But I was still able to get logged on (before power eraser) and use my computer; I didn't realize how strong the power eraser was.

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:23 AM

Posted 14 March 2012 - 07:30 PM

:welcome:

Lets give it a try. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:23 AM

Posted 14 March 2012 - 07:39 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 rima017

rima017
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 14 March 2012 - 09:23 PM

Thank you for helping! Heres the log from the farbar recovery scan ( I used the 64 bit).

Attached Files

  • Attached File  FRST.txt   49.94KB   24 downloads

Edited by rima017, 14 March 2012 - 09:24 PM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:23 AM

Posted 14 March 2012 - 10:44 PM

Download the enclosed file:

Save it in the USB drive, next to FRST.

Run FRST as you did before, except that this time around, click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

If successful, attempt to boot in Normal Mode. If able to, run Combofix as follows:


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 rima017

rima017
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 15 March 2012 - 12:06 AM

I didn't know if I was suppose to post from the computer I'm trying to fix or not but when I tired it was telling me I couldn't open any of my internet browsers after combo fix's log appeared, not sure if thats normal or not but just letting you know! Here are the logs

Attached Files



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:23 AM

Posted 15 March 2012 - 09:23 AM

None of the browsers work? Not even after a restart? I saw a bfe.reg fix in the log. What was this fix for?

  • Launch and update Malwarebytes' Anti-Malware.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Edited by JSntgRvr, 15 March 2012 - 09:26 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 rima017

rima017
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 15 March 2012 - 04:24 PM

After a restart, internet browsers are working thank you! The bfe.reg fix was because my windows firewall wasn't working and I couldn't turn it on because I kept getting the error 0x80070424 and on a microsoft forum I followed directions to fix that and a firewall.reg to allow me to start up the firewall again which worked. Everything seems to be back to normal, I really appreciate your time and help here thank you so much!! And thank you for replying quickly too!!

Heres the MBAM log:


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Rima :: RIMAPATEL [administrator]

Protection: Enabled

3/15/2012 6:14:26 PM
mbam-log-2012-03-15 (18-14-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192214
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:23 AM

Posted 15 March 2012 - 09:35 PM

Just one more scan to make sure is all cleaned.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 rima017

rima017
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 16 March 2012 - 12:09 AM

I'm not sure if this is the log file you need or not because this is the only thing that came up and there was no ESET file under program files after the scan finished. But here is what came up after the scan completed:

C:\ProgramData\Microsoft\Windows\DRM\EE87.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp10.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp11.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp12.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp13.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp14.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp15.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp16.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp17.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp18.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp7.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp8.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp9.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Users\Rima\AppData\Roaming\Mozilla\Firefox\Profiles\0j943yen.default\extensions\{106fb697-8635-4032-8ea2-7b54b5f6b06e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Rima\AppData\Roaming\Mozilla\Firefox\Profiles\0j943yen.default\extensions\{5175d2a8-8378-4368-9ae0-90f20d4c5372}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Users\All Users\Microsoft\Windows\DRM\EE87.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp10.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp11.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp12.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp13.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp14.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp15.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp16.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp17.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp18.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp7.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp8.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp9.zip Win32/Bagle.gen.zip worm

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:23 AM

Posted 16 March 2012 - 12:45 PM

Download the enclosed file.

Save it next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 rima017

rima017
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 16 March 2012 - 03:05 PM

Log for combofix 2nd run

Attached Files

  • Attached File  log2.txt   34.07KB   3 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users