Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with PCEU virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 alic78

alic78

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 01 April 2012 - 02:43 PM

Hi, I hope someone can help, my laptop (Dell D630) has been infected with the PCEU virus. I have searched the forums and downloaded PCRegedit (on my PC that is working) burnt it to disk, changed boot priorities and it still doesn't work as I can't get to the run screen to type in the commands. The virus just blocks everything. I have attempted to open my laptop in safe mode, safe mode with networking and safe mode with command prompt but all result in the same outcome where a blue screen appears stating that a problem has been detected and to check hard drive running CHKDSK/F. When I open in normal mode and attempt to type in either CHKDSK/F or the config>software.... prompt that was outlined by Sundavis as the PCEU virus interrupts anything I do.

I have lots of pictures and work on my laptop that I have stupidly not backed up so would rather not wipe it. I don't have a driver disk but think I can download this right?

Thanks in advance.

Ali

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:49 AM

Posted 01 April 2012 - 05:11 PM

Good evening. :)

You have two issues, file recovery and PC cure, and i'll deal with one and point you in the right direction for the other.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll split this into parts to make it easier on the eye. If you have any questions, please ask before doing something stupid - you know that makes sense! :P

Step 1 - creating a boot disk with an alternative operating system on it.

Download lupu-525.iso from here and save it to your Desktop. It's a 128 Mb file, so it will take some minutes to download.

You then need to burn the .iso file to disk. My personal choice is InfraRecorder, available here, which is a free, GPL version 3, solution.

  • Run the program and select the Write Image option in the main window.
  • Navigate to the .iso file that you downloaded and double click it.
  • Insert a blank disc into the correct CD drive.
  • Click OK and sit back and relax.
  • The disc will be ejected when the task is complete so, unless you uncheck this option, mind the drawer!

Step 2 - change the boot order, if you need to, so that the PC boots from the new OS rather than Windows.

  • There's a handy pictorial guide here.
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

When you boot the PC, the boot order is the order in which the various possibilities of finding an operating system are checked by your system. Normally the hard drive is first in line as it is usually where the OS resides. By checking this one first the PC will boot in the quickest time possible.
By changing the order the PC will check the CD drive first, and if it finds a disk with an OS on, it will boot from it. If it doesn't find one, it then looks at the second device on the list, which should be the hard drive and it will boot from that.

I change the boot order on all my machines so that if ever I need to boot from a disk I can do so without needing to access the BIOS then and there - there's usually a problem that i'm trying to deal with and adding a second or two to the normal boot time is a price worth paying to be able to instantly boot from a disk rather than have to get into the BIOS when i'm already stressed by a sick PC.

Step 3 - boot from disk and recover files.

  • Insert the newly burned disk and reboot the machine.
  • Wait for Puppy to get it's little tail wagging and the Desktop to appear.
  • Once it's up and running, you'll have the opportunity to customise the keyboad and language settings, which is never a bad idea.
  • Allow the restart of the Desktop to finalise any changes, if you've made any, and that part is done.
  • In the bottom left hand hand corner you should see all the partitions that Puppy has found on your hard drive, which on my system are labelled sda1, sda2, etc..., and sr0 which is the disk that you booted from.
  • Left click each of the sda icons and you should see a window open and a green disk appear over the icon to indicate that it is now accessible.
  • This is the equivalent of Windows Explorer or My Computer depending on how you navigate your PC's file system.
  • Insert your flashdrive and it should autodetect and you'll see an icon appear with the others in the bottom left, mine's called sdb1.
  • Left click it, as with the other icons.
  • Now all you need to do is to find the files that you want to rescue and Copy and Paste them to your flashdrive just as you do within Windows.
  • Once done, click the "Puppy" icon in the bottom left hand corner of the Desktop and select Shutdown > Power-off Computer
  • When prompted to save the session, select <DO NOT SAVE> and the PC should shutdown.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For the cure you'll need to run some tools and pst some logs. Please go here, follow the instructions as best you can skipping those that you cannot run for any reason, and then start a new thread and post accordingly. Please include a brief description of your problem in the new thread, just to keep everything in one place, and somebody will be along as soon as they can to help.

As i'm a little overextended at the minute with logs I can't pick up another right now, which is why you're going to start a fresh thread - that way somebody else will see it and take an interest. As i've posted to this one nobody else will bother to look at it and you'll be left hanging.

If you have questions about the uase of Puppy, you can post them into this thread as it shouldn't take me too long to answer them, assuming they aren't too complex.

So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:49 AM

Posted 06 April 2012 - 03:27 PM

As this issue appears to have been resolved, at least a small part of it, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users