Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep Seeing Pop up for System Tools


  • This topic is locked This topic is locked
13 replies to this topic

#1 xseleven

xseleven

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 26 March 2012 - 11:11 AM

So I did all the steps leading up to the point of gathering the log files to try to get rid of the virus but the very last reboot left me without a system that would reboot. Best as I can tell, my motherboard is faulty. -what a lovely combination. :wacko: I have troubleshot that with power supplies, another HDD, RAM removals, pulled battery and shorted pins to clear reset BIOS, etc. and the system will not even boot to BIOS which makes me think the motherboard is bad. It really isn't worth the replacement cost as the pc is about 8 years old. I have pulled the HDD and would still like to remove the virus and declare the HDD "clean". Anyone have any tips? I have downloaded DDS and GMER. Can I run this on a drive connected as a USB drive and get what you need to tell me how to clean the drive? Please advise. Thanks!

Micah

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 28 March 2012 - 06:33 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 xseleven

xseleven
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 28 March 2012 - 07:11 PM

yes - I am hear. Just hanging out and waiting to see what to do next. :busy:

I have not done more than what is listed. I fear the HDD is still infected and would like to clear it up before moving forward in a new pc. I am subscribed and ready.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 29 March 2012 - 02:21 PM

Have you tried booting the machine with a different operating system?

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download dumpit to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

Posted Image
m0le is a proud member of UNITE

#5 xseleven

xseleven
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 29 March 2012 - 02:37 PM

Regarding the sick computer, the motherboard is failed so now all I have is a sick HDD. I attempted to repair the sick computer but it will not even boot to BIOS. No messages or anything - I can pull the power to all drives and still no boot to BIOS or a "No Operating System" message or anything on the sick pc. Not to degrade into a hardware discussion but I have tried pulling the RAM, swapping a power supply with no luck to revive the original sick pc. I am comfortable with pc work so booting off of the USB would not be a problem. Can I connect my sick HDD to a safe pc via USB, boot off of the USB flash drive and run those programs some way to snag that info from the HDD?

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 29 March 2012 - 07:29 PM

Can I connect my sick HDD to a safe pc via USB, boot off of the USB flash drive and run those programs some way to snag that info from the HDD?


You should be able to do that but the USB method for xPUD is notoriously fickle. The possibility of cleaning the hard drive will depend on the infection we are looking for and it may be difficult to diagnose that.
Posted Image
m0le is a proud member of UNITE

#7 xseleven

xseleven
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 30 March 2012 - 08:22 AM

I will certainly try to do that as soon as possible. I have scanned the drive connected to a clean pc via TrendMicro and it did see a couple of trojans that it cleaned out. That was before I got your website as a resource. I do notice that as another topic I have a question about is that most of my files were converted to hidden files. I must confess that I attempted to perform a attrib -h /s command from command line on the infected hdd and it was unsuccessful. What should I do about that? Can I perform something to do that as a usb drive connected to a clean computer as well?

#8 xseleven

xseleven
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 30 March 2012 - 11:02 AM

Can you advise if I can run the unhide.exe to the hdd drive when connected as a usb drive?

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 30 March 2012 - 08:50 PM

I am not sure but I don't see anything that would cause problems when doing it.
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 06 April 2012 - 07:11 PM

You still there?
Posted Image
m0le is a proud member of UNITE

#11 xseleven

xseleven
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 07 April 2012 - 09:08 AM

I am still here. I never was able to run unhide. I was not able to get unhide -h /s to work so I used windows / right click / properties to change the attributes on the drive. I am still however not sure I am clean on the HDD that I had to remove from the failed computer. What is the best way to scan it with it removed? I was out on business and did not try the dumpit with a usb boot on the usb drive. I can try that as soon as possible if that is all i can do?

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 07 April 2012 - 12:25 PM

I think the Dumpit option is the best option. See how it goes.
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 10 April 2012 - 06:32 PM

How's that going?
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 11 April 2012 - 07:08 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users