Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Will not restart after using Norton Power Eraser, Help please


  • This topic is locked This topic is locked
17 replies to this topic

#1 Final Objective

Final Objective

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 23 July 2012 - 06:13 PM

Hello,



I recently was searching google on my desktop and I ended up getting a google redirecting virus... So after that I ran a couple of programs which ended up only finding a backdoor trojan, which was removed sucessfully. I was hoping that was the main problem, but then when I searched google again to verify the problem was dealt with, I got redirected again. After which; I got on my laptop and searched known solutions to the problem, one of which being norton power eraser tool.


I downloaded it and followed the directions, and it found and removed 8 items, 5 of which was my microsoft office programs. I let it do its thing though and followed through with it because they were marked as "bad", hoping maybe they were just decoy names. Once the computer restarted; my google search worked but as I suspected microsoft office was deleted.. So I went back into the power eraser tool and went through the prompts to undo the changes that have been made, and restarted my computer like it askes me to.



Now, my desktop is stuck at a black screen with a blinking white _ in the top left hand corner. I tried to boot it in safe mode by pressing F8 and bootup and it wont even load.



I would really appreciate a quick responce and solution to my problem, thank you for your time.



Sam

Edited by hamluis, 24 July 2012 - 06:52 AM.
Moved to Am I Infected from XP - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,399 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:10 PM

Posted 24 July 2012 - 06:58 AM

A llttle patience, please...your topic has already been placed on our Unbbotable list and one of the BC MRT personnel will assist you :).

Louis

#3 Final Objective

Final Objective
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 24 July 2012 - 10:14 AM

Thank you

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,928 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:10 PM

Posted 30 July 2012 - 04:31 AM

Hello and sorry for the delay!

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Final Objective

Final Objective
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 30 July 2012 - 01:04 PM

Thank you so much for helping, I thought you people forgot about me haha, heres the file.. My laptop (clean cpu) has trouble with USB drives..stupid thing. Anyways heres the file

Attached Files

  • Attached File  mbr.zip   506bytes   5 downloads


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,928 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:10 PM

Posted 30 July 2012 - 01:17 PM

Hi again, please download the following file and save it to your flashdrive (be sure to delete any file named mbr.bin from the flash drive): http://www.bleepstatic.com/fhost/uploads/1/118-mbr.bin

Now boot in xPUD and navigate to your flashdrive, make sure you see mbr.bin
Click Tool > Open Terminal and enter the following command:

dd if=mbr.bin of=/dev/sda bs=512 count=1

After that restart the computer and let me know if you can boot normally.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Final Objective

Final Objective
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 30 July 2012 - 01:43 PM

Omg, you're amazing! It is booting up normally!
What exactly did that file do if you dont mind me asking?
And I guess the power eraser also got rid of the virus.. yay! and I have microsoft office back..
time to uninstall power eraser, have you any idea how to get rid of it completely? Normally Norton is tricky about getting rid of its pain in the *** programs - edited
googled it and it turns out it never installs, its just a .exe file....

So is there any more follow up steps we need to do?

Edited by Final Objective, 30 July 2012 - 02:00 PM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,928 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:10 PM

Posted 30 July 2012 - 02:46 PM

What we did was replacing your MBR. Due to the rootkit infection, which was not correctly removed an extra entry remained in the partition table. While we coudl fix it using some tools, overwriting it with a fixed copy is simpler.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Final Objective

Final Objective
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 30 July 2012 - 03:13 PM

Here you go

Attached Files



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,928 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:10 PM

Posted 30 July 2012 - 03:46 PM

Hi again,

TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or McAfee.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Final Objective

Final Objective
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 30 July 2012 - 03:50 PM

Hey, just replying to let you know that I don't currently have McAffe installed on my computer.. Dont see any trace of it on control panel and I dont believe I've had it for several years... (so if you could help me remove it somehow, that'd be appreicated :))

Also, I have work in a few minutes so I will reply once I get out with the items you requested. Thanks for your patience! and for everything..!

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,928 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:10 PM

Posted 30 July 2012 - 04:35 PM

No problem, I'll wait for the combofix log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Final Objective

Final Objective
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 30 July 2012 - 07:15 PM

here it is! p.s. I downloaded the Mcaffe removal tool and got rid of it so yeah :)

Attached Files


Edited by Final Objective, 30 July 2012 - 07:16 PM.


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,928 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:10 PM

Posted 31 July 2012 - 01:49 AM

Your version of AVG is very outdated; please upgrade using the option in the program or alternatively download the latest version from here. Always be careful when installing, this product and/or the CNET downloader may come with sponsored offers (usually in the form of free toolbars). While these are pretty harmless then can be annoying when browsing and I recommend to uncheck/decline the installation of any special offers.


Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!


ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Do you have any problem left at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Final Objective

Final Objective
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 31 July 2012 - 11:44 AM

Well you got my computer working, which is all I asked for, so I'm extreamly appreciative of that! And you found a couple of viruses that I missed.. Thank you so much! Although, for my laptop (i know im not supposed to ask about seperate cases on the same forum...)..it makes a clicking noise like the fan is hitting something when it boots up and when i tilt it in any way...

But anyways thanks again! heres your file

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users