Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Start up Repair Virus?


  • This topic is locked This topic is locked
28 replies to this topic

#1 bjacks9

bjacks9

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 15 July 2012 - 07:25 PM

I think I got infected with the Windows Start up Repair Virus. I was using my laptop one day and all of a sudden, it shut off and when I went to restart it, it kept directing me to the Startup Repair. I have a Sony Vaio running on Vista. I'm not able to boot in safe mode at all and I haven't been able to start up normally at all. Can someone help me please?

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 20 July 2012 - 01:02 PM

Hi bjacks9,

That may be the legitimate startup repair based on your description. JUst reply back for now and let me know if you still need help and I'll be here waiting to help you.

-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 bjacks9

bjacks9
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 20 July 2012 - 04:26 PM

etavares,

I still need assistance with this issue. Would there be anyway I can backup my data without taking it in to get looked at?

Thanks,
Bianca

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 21 July 2012 - 05:37 AM

Hi bjacks9,

Yes, there are ways to get to your files. Do you have a blank USB flashdrive/pendrive/thumbdrive we can use?

Also, we can try to repair it. This will not overwrite your files.
  • When the computer boots and you see the Advanced Boot Options menu, select Startup REpair and press Enter.
  • Select a keyboard layout and click Next.
  • Select a user and enter the password for that user if prompted. If there is no password, just hit Enter.
  • In the System Recovery Options menu, click Startup Repair. It will run and prompt you if it finds anything. Let me know how this goes.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 bjacks9

bjacks9
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 21 July 2012 - 12:14 PM

etavares,

Yes, I have a USB flash drive and I have tried start up repair and it does not work. Every time I try this option, the computer restarts and never fully starts up.

Bianca

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 21 July 2012 - 04:49 PM

Hello, bjacks9.
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 bjacks9

bjacks9
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 22 July 2012 - 11:26 AM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 09-07-2012
Ran by SYSTEM at 22-07-2012 11:08:01
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2008-02-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [154136 2008-02-04] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [137752 2008-02-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-09] (Synaptics, Inc.)
HKLM\...\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [311296 2007-11-21] (Sony Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1 [679936 2008-02-29] ()
HKLM\...\Run: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [73728 2008-04-17] (Sony Electronics Corporation)
HKLM\...\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [290816 2007-08-27] ()
HKLM\...\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe" [20480 2007-10-17] (Sony Electronics, Inc.)
HKLM\...\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe [577536 2007-07-20] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2012-06-02] (RealNetworks, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

================================ Services (Whitelisted) ==================

2 avgfws; "C:\Program Files\AVG\AVG2012\avgfws.exe" [2391832 2011-11-22] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)
3 SOHCImp; "C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe" [104288 2008-03-04] (Sony Corporation)
3 SOHDms; "C:\Program Files\Sony\VAIO Media plus\SOHDms.exe" [350048 2008-03-04] (Sony Corporation)
3 SOHDs; "C:\Program Files\Sony\VAIO Media plus\SOHDs.exe" [63328 2008-03-04] (Sony Corporation)
3 SPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" [77824 2007-11-28] (Sony Corporation)
2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2007-11-09] (ArcSoft, Inc.)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe" [73728 2008-04-02] (Sony Corporation)
2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2008-02-21] (Sony Corporation)
3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [333088 2008-03-03] (Sony Corporation)
3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [279848 2008-04-02] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [184320 2008-04-02] (Sony Corporation)
2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [147456 2008-04-02] (Sony Corporation)
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
2 wuauserv; C:\Windows\System32\wuaueng.dll [x]

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2008-01-30] (ArcSoft, Inc.)
1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47968 2011-05-22] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134736 2011-07-10] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [23120 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24272 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [16720 2011-10-04] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [230608 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [40016 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [295248 2011-07-10] (AVG Technologies CZ, s.r.o.)
1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
3 R5U870FLx86; C:\Windows\System32\Drivers\R5U870FLx86.sys [73472 2008-02-12] (Ricoh)
3 R5U870FUx86; C:\Windows\System32\Drivers\R5U870FUx86.sys [43904 2008-02-12] (Ricoh)
3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [818688 2007-11-15] (Texas Instruments)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]
1 MpKsl81591b8b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{662C6F61-0352-4E70-BEE7-5E252EE9D846}\MpKsl81591b8b.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 RDPWD; [x]
4 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-10 19:47 - 2012-07-10 19:47 - 00153143 ____A C:\wubildr
2012-07-10 19:47 - 2012-07-10 19:47 - 00008192 ____A C:\wubildr.mbr
2012-07-10 19:46 - 2012-07-10 19:46 - 00000000 ____D C:\ubuntu
2012-07-09 21:33 - 2012-07-09 21:33 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-07-09 19:25 - 2012-07-09 19:25 - 00000000 ____D C:\FRST

============ 3 Months Modified Files ========================

2012-07-10 19:47 - 2012-07-10 19:47 - 00153143 ____A C:\wubildr
2012-07-10 19:47 - 2012-07-10 19:47 - 00008192 ____A C:\wubildr.mbr
2012-07-10 19:46 - 2006-11-01 22:25 - 00000010 _RASH C:\config.sys

========================= Known DLLs (Whitelisted) ============

C:\Windows\System32\IERTUTIL.dll is missing
C:\Windows\System32\URLMON.dll is missing
C:\Windows\System32\WININET.dll is missing

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3061.81 MB
Available physical RAM: 2635.93 MB
Total Pagefile: 2835.65 MB
Available Pagefile: 2703.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1990.35 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:225.11 GB) (Free:100.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (Recovery) (Fixed) (Total:7.77 GB) (Free:0.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (My Passport) (Fixed) (Total:698.6 GB) (Free:694.64 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 993 KB
Disk 1 Online 699 GB 993 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 7957 MB 1024 KB
Partition 2 Primary 225 GB 7958 MB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 7957 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 225 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 699 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F My Passport NTFS Partition 699 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-06 21:21

======================= End Of Log ==========================

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 22 July 2012 - 02:27 PM

Hi bjacks9,

Please open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Last Boot: 2012-07-06 21:21

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options as before.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Please then try to reboot and let me know if it boots.

-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 bjacks9

bjacks9
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 23 July 2012 - 12:43 AM

etavares,

I was not able to start my laptop properly. My laptop gives me the Windows Error Recovery message.



Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-07-2012
Ran by SYSTEM at 2012-07-22 20:29:51 Run:2
Running from F:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 23 July 2012 - 07:42 PM

OK, so it's not a registry issue as we restored the registry to the last time it fully booted. Exactly what happens when you try startup repair? You said it restarts and goes back to startup repair. When exactly does it reboot? What options are you selecting? I have another approach in mind, but want to make sure I understand this before we start.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 bjacks9

bjacks9
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 23 July 2012 - 08:58 PM

When I run startup repair, I get a message saying that the problem was not able to be fixed and it restarts and goes back to startup repair. I reboots after it attempts to run Windows and it looks like it's about to startup but it just restarts. I have been choosing to do startup repair or just run Windows normally. No matter which I choose, I am never able to startup.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 24 July 2012 - 07:27 PM

Hello, bjacks9.

Try this please. You will need a USB drive...you can delete FRST and reuse that flash drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Copy/paste the following command and press enter:

    dd if=/dev/sda of=mbr.txt bs=512 count=1
  • When done a file, mbr.txt, will be created on your USB drive. Please attach that file to your reply.

Please note - all text entries are case sensitive

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 28 July 2012 - 05:38 AM

Still there?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 bjacks9

bjacks9
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 29 July 2012 - 01:10 PM

I'm sorry, I am here. I actually have been having trouble with my USB flash drive so I need to go out and purchase another one. I should have this completed tomorrow.

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 29 July 2012 - 07:08 PM

OK, thanks for the update. I'll keep an eye out for your reply.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users