Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Shield Virus, now missing or corrupt hal.dll. Please Help.


  • This topic is locked This topic is locked
44 replies to this topic

#1 GT335

GT335

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 28 May 2012 - 01:59 AM

As of right now i'm typing all this on Parted Magic after having run the hiren's boot cd.

Basically i somehow managed to contract the Security Shield Virus and using my phone and this website started to take steps to correct it. All seemed to be going well as i was following this guide: http://www.bleepingcomputer.com/virus-removal/remove-my-security-shield.

Right at the step where it asked me to delete '31 files' of malware and reboot i opted to go for the reboot as directed in the above instructions. Since then i have been unable to boot into the win7 OS. i get to the splash screen and it hangs for a minute and then there's a quick (too quick to really tell) flash of BSOD and then it throws me back out to the main menu asking if i want to system repair or start windows normally. naturally i want to repair this POS so i can get back into windows and replace those host files as again instructed above, which no doubt are making life very difficult for me right now. Except every time i go to repair the system hangs indefinitely on a black screen.

ok so i figured at least let me pull my files with parted magic and i'll bite the bullet and re-install. no dice. when trying to mount the drive with a lifetime's worth of stuff
inside, i get the error message:
Error <i>org.freedesktop.Hal.Device.Volume.UnknownFailure</i>.

ok so then i try to boot up in mini win xp which is godaweful slow only to find that i get the error message: windows root \system32\hal.dll corrupt or missing. needless to say i cant access files there either.
unfortunately as i'm currently on vacation and away from home for the next couple weeks i don't have my win7 cd handy to see if that could replace the missing files. although if the system repair hung up then i can only imagine if that would work anyway.

i'm nearly at my wits end and just about to try and find a computer repair store to deal with this, if they even can (i'm in the boonies right now). i'd really like to avoid that option as i'm really not crazy about anyone having the ability to browse through all my personal things at their leisure, that is if they could access them either.

I have little to no experience working on linux based platforms much less dealing with dos prompt commands.

please if there is anyone out there that can help me salvage from this terribly timed disaster in the middle of what's supposed to be a relaxing couple weeks, i would be really extremely grateful. Even if there's no way to recover the OS to working status without having to do a complete wipe, if there was just some way, any way to be able to save the years and years of pics/music/docs/etc that i had just already lost on my backup external literally 2 days ago, that would be more than enough to satisfy me.

For what it's worth the hard disc appears 'healthy?'


:(

Edited by hamluis, 28 May 2012 - 07:24 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:27 AM

Posted 28 May 2012 - 02:01 AM

With a LiveCD and Linux you can try and copy needed files over to a USB Thumb drive.

also have you tried safe mode with networking?


Hit F8 just after the BIOS and hit Safe Mode with Networking.

#3 GT335

GT335
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 28 May 2012 - 02:09 AM

i'll try safe mode again, although i remember it not working the first time.

for what it's worth i just got this error message from parted magic after attempting to get an overview about my partitions.

WARNING:

nftsresize v2011.4.12(libntfs-3g)
ntfs_attr_pread_i:ntfs_pread failed: Input/output error
Device name : /dev/sda3
ERROR (5): Couldn't get $Bitmap $DATA: Input/output error

unable to read the contents of this file system!
Because of this some operations may be unavailable

The cause might be a missing software package
The following list of software packages is required for nfts
file system support: nftsprogs



...why does this sound really bad...

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:27 AM

Posted 28 May 2012 - 02:13 AM

It doesn't sound bad I have used Linux before to read drives that windows couldn't.


So try downloading http://www.ubuntu.com and run it as a live cd. Copy and paste the contents to a thumb drive or external media.

#5 GT335

GT335
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 28 May 2012 - 02:21 AM

safe mode hung up loading the system32 drivers and failed. downloading ubuntu now.

#6 GT335

GT335
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 28 May 2012 - 03:19 AM

attempted to run ubuntu as liveCD. new error message.

udevd[140]: timeout: killing: '/sbin/blkid -o udev -p /dev/sda2 [452]

ntfs_attr_pread_i:ntfs_pread failed: Input/output error
Failed to read NTFS $Bitmap: Input/output error
NTFS is either inconsistent, or there is a hardware fault, or it's a softRAID/FakeRAID hardware.
mount: mounting/dev/sda3 on /cdrom failed: No such device.
stdin: I/O error

...basically every OS that's attempted to gain access from the main partition on C:, and all methods used to try and gain access to the disk have resulted in utter failure. seems like it's even saying there's not even a read/write function. this is really depressing.

Edited by GT335, 28 May 2012 - 03:31 AM.


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:27 PM

Posted 28 May 2012 - 04:36 AM

Hi,

Let me ask a malware response team member to help you

good luck

#8 JColt

JColt

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 28 May 2012 - 07:48 AM

You may want to take drive out and put in another pc as a slave then if you cannot read files use Recuva http://www.piriform.com/recuva/download to access files.

SOunds like quit a bit of damage done to os, So I'd re install after grabbing data.

#9 Mary in AZ

Mary in AZ

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Arizona
  • Local time:08:27 PM

Posted 28 May 2012 - 09:53 AM

The Security Shield virus attacked my laptop on Saturday ... VERY frustrating. I used my Smartphone browser to find RKill and bleepingcomputer. Am VERY grateful for this website and RKill. :thumbsup:

#10 GT335

GT335
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 28 May 2012 - 11:13 AM

@jcolt, the messed up drive is on a laptop which I'd really prefer not to try and take apart.

@mary, I did the same thing and all was going smoothly until I restarted...

#11 GT335

GT335
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 28 May 2012 - 07:50 PM

anyone have any updates? :'(

#12 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:01:27 PM

Posted 28 May 2012 - 09:14 PM

Don't panic: All is not lost. It seems very likely that the partition table is damaged, which means no operating system can read it. Re-writing the MBR and partition table (if that is the only damage sustained) should get things (Windows included) back to "normal". Then we can worry about the remaining malware.

narenxp has lodged a request for assistance from an experienced member of the Malware Response Team since the problem has been caused by malware/malware removal. Getting the attention of one of those members that is comfortable dealing with partition table damage may take a little time.

I am keeping an eye on this topic, and will assist you if help is not forthcoming from elsewhere within a reasonable time period. Let's give it another while longer, and if I haven't been able to rustle up some "malware expert" help for you within the next 24 hours, we'll get started on it. Feel free to PM me if you have any concerns, or are starting to feel neglected.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#13 GT335

GT335
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 28 May 2012 - 11:01 PM

thanks AustrAlien. that actually goes a long way to alleviating my concerns. love this forum

#14 GT335

GT335
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 28 May 2012 - 11:01 PM

thanks AustrAlien. that actually goes a long way to alleviating my concerns.

Edited by GT335, 29 May 2012 - 02:05 AM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,321 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:27 AM

Posted 29 May 2012 - 01:03 AM

Hello, can you enter the Windows 7 Recovery Environment? You can do this by tapping the F8 key on startup until the Advanced boot options come up. Select Repair Windows. Let me know if the RE successfully loads and if so, if you are able to open the command prompt there.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users