Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot boot into win 7 after combo fix


  • This topic is locked This topic is locked
23 replies to this topic

#1 edhuddl

edhuddl

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 16 May 2012 - 02:36 PM

I ran Malewarebytes in safe mode,which found 18 viruses and trojans.Normal mode found 6. Another scan found 0. tds killer found 1 backdoor trojan. I ran Combofix. The files deleted tells me I have a zero access root kit. I tried to create a restore point but registry key is marked for deleation. I restarted and I cannot boot into windows 7 home ultimate 64 bit. I restored the system to before combofix. Fire wall will not come on before combofix but will after combofix. Please help.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:58 PM

Posted 16 May 2012 - 06:08 PM

Hi,

Please do the following:


For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 edhuddl

edhuddl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 17 May 2012 - 09:39 AM

Thank you for the quick reply. Before your reply I reatored computer to last know config. I used Avg to remove same problems combofix did. Here is the log. Thnak you.

Attached Files

  • Attached File  FRST.txt   41.02KB   7 downloads


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:58 PM

Posted 17 May 2012 - 07:48 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
script removed
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.



NEXT


Please re-run ComboFix > allow it to update if it asks to do so

Edited by CatByte, 03 July 2012 - 08:50 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 edhuddl

edhuddl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 18 May 2012 - 09:15 AM

I ran the fix and it started up. I knew it would work because you guys are the shizniz.I am running Combofix as I type. Thank you.

#6 edhuddl

edhuddl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 18 May 2012 - 09:18 AM

Here is the fixlog.
After combofix the firewall is now on but defender will not start access denied error 0x80070005

Attached Files


Edited by edhuddl, 18 May 2012 - 10:23 AM.


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:58 PM

Posted 18 May 2012 - 01:55 PM

Hi,

Can you please post the ComboFix log, it should be located at C:\ComboFix.txt

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 edhuddl

edhuddl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 18 May 2012 - 03:42 PM

here is the combofix log

Attached Files



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:58 PM

Posted 18 May 2012 - 04:04 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 edhuddl

edhuddl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 18 May 2012 - 06:01 PM

Nothing came up on the Malewarebytes scan. The eset is going as I type.

Attached Files



#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:58 PM

Posted 20 May 2012 - 09:06 AM

did the eset scan complete? Were there any threats found?

Also, please run the following:


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

NEXT

Please run the "FixIt" button to see if that will correct Windows Defender:

http://support.microsoft.com/kb/931849

Edited by CatByte, 20 May 2012 - 10:05 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 edhuddl

edhuddl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 21 May 2012 - 08:46 AM

First thing this morning I will do what is requested.

#13 edhuddl

edhuddl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 21 May 2012 - 02:44 PM

Nothing showed up on the scans. Fixit will not run. I get an error fixit does not apply to my os version or application version. I set defender to auto start but I still cannot get in.

Attached Files

  • Attached File  FSS.txt   2.34KB   1 downloads

Edited by edhuddl, 21 May 2012 - 02:46 PM.


#14 edhuddl

edhuddl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 21 May 2012 - 02:55 PM

I check in program, it does not show windows defender listed.

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:58 PM

Posted 21 May 2012 - 03:01 PM

Norton Internet Security may have been the culprit,

Please run the following:


Click WinKey + R to open a run box > type notepad into the open run box > OK > this will open Notepad

Click Format and make certain that Word Wrap is NOT checked.

Copy/Paste the text inside of the code box into the open Notepad

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000000


Now go to File > and click Save As,
From the drop down menu at the top of the box choose Desktop as the location to save this file.
Go down to the File Name box and type in fixme.reg as the file name, then choose All Files as the save as file type.
Then click the save button.

Once you have clicked the save button, close Notepad.

You should now see a file on your desktop that looks like this:

Posted Image

Locate the fixme.reg icon on your desktop and double click it, an information box will pop up asking if you want to merge the information in the file into the registry, click YES.

Once the file has run, the information will have merged with your registry so you can delete fixme.reg from your desktop as you won't be needing it any more.



NEXT


Open Windows Defender by clicking the Start button, clicking All Programs, and then clicking Windows Defender.

Now click Tools, and then click Options.

Under Administrator options, select the Use Windows Defender check box, and then click Save.

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Let me know if that turns it back on, also, please advise if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users