Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SIrefef Win7 Constantly Rebooting


  • This topic is locked This topic is locked
11 replies to this topic

#1 CLECOL

CLECOL

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern U.S.
  • Local time:02:32 AM

Posted 14 August 2012 - 10:25 AM

I see that this issue has been covered before

http://www.bleepingcomputer.com/forums/topic461126.html

This situation is very similar, if not exactly the same as, mine. However, I noticed that some of the scripts which were used to resolve the issue were specific to that computer. So, I decided to start this post so as to get any scripts specific to my situation. BTW, I have Windows 7 Pro 64-bit.

Thank you in advance to anyone who can help!

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:32 AM

Posted 14 August 2012 - 02:29 PM

Good evening. :)

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC and then enter System Recovery Options.

  • To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

  • Select Command Prompt.
  • In the Command Window type in notepad and hit <ENTER>.
  • When a notepad window opens, under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and hit <ENTER>.

    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • A log, called FRST.txt, will be created on the flash drive - please copy and paste the contents in your reply.

So long, and thanks for all the fish.

 

 


#3 CLECOL

CLECOL
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern U.S.
  • Local time:02:32 AM

Posted 14 August 2012 - 07:09 PM

"Select the operating system you want to repair, and then click Next"

When I get to the screen where I would choose which operating system to repair, there are no operating systems listed in the white box in the center. There are two radio buttons.

1) Use recovery tools that can help fix problems starting Windows. Select an operating system to repair.

If your operating system isn't listed, click Load Drivers and then install drivers for your hard disks.

2) Restore your computer using a system image that you created earlier.

Option 2 was selected by default. I tried clicking the radio button for Option 1, but it did not make anything appear in the box.

I am still on this screen.

Edited by CLECOL, 14 August 2012 - 07:09 PM.


#4 CLECOL

CLECOL
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern U.S.
  • Local time:02:32 AM

Posted 14 August 2012 - 07:18 PM

Also, and I am not sure if this matters or not, when I was doing the "push F8" thing the first thing that came up was what I believe is the software for my motherboard. It gave me certain options such as Boot from USB Flash Drive, Boot from...etc. I cannot remember the others. It also said to hit Esc to boot normally. I hit Esc as there was nothing in your instructions to do anything on such a screen.

I have two HDD's in a RAID 0 set-up, so I don't know if maybe the software which first came up was the RAID software?

I just wanted to pass this piece of info along in case it affected the procedure.

#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:32 AM

Posted 15 August 2012 - 02:25 PM

Good evening. :)

Do you have the Windows installation disk?

So long, and thanks for all the fish.

 

 


#6 CLECOL

CLECOL
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern U.S.
  • Local time:02:32 AM

Posted 15 August 2012 - 02:48 PM

Yes, I believe that I do.

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:32 AM

Posted 15 August 2012 - 04:08 PM

Grand, will you try to access the Command Prompt via that - linky.

So long, and thanks for all the fish.

 

 


#8 CLECOL

CLECOL
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern U.S.
  • Local time:02:32 AM

Posted 15 August 2012 - 05:09 PM

I did this (via the Windows 7 disc). But again, when I get to the "System Recovery Options" screen I select the radio button next to the "Use recovery tools..." option (similar to the way the screenshot in the link which you provided appears) there is nothing listed in the white box in the center. The link shows a screenshot of: "Windows 7" "30717 MB" "(C:) Local Disk"...but I see nothing. Should I select "Load Drivers"? Is this due to my system having the aforementioned RAID 0 set-up?

I will await your instructions before proceeding.

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:32 AM

Posted 16 August 2012 - 02:50 PM

Good evening. :)

At this point in time, I don't know. I have had someone with problems running FRST before, but I don't recall them having a RAID setup, and i'm loathe to do something that could cause more trouble than it seeks to correct. I'll have to look into different options and i'll get back to you when i've got a better idea.

Just in case it proves useful, do you have a flashiness of at least 128Mb that you can wipe clean handy?

So long, and thanks for all the fish.

 

 


#10 CLECOL

CLECOL
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern U.S.
  • Local time:02:32 AM

Posted 16 August 2012 - 03:05 PM

Are you referring to a flash drive? I do have one. It is the one which I have been using with the FRST program on it. It is 4GB in size. I do have another which is 256 MB which I may be able to wipe clean if the whole drive needs to be data-free.

Edited by CLECOL, 16 August 2012 - 03:05 PM.


#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:32 AM

Posted 17 August 2012 - 02:23 PM

Good evening. :)

Are you referring to a flash drive?

Ah yes, the perils of trusting spell checkers - I think you deserve an award for making the connection.

I do have another which is 256 MB which I may be able to wipe clean if the whole drive needs to be data-free.

I was tempted to keep one with FRST on it, but as it hasn't be usable I don't see the point at the minute so use the same one for the below:


Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to your Desktop - it doesn't have to be the infected PC.
  • Insert your USB drive.
  • Click Start > My Computer, right click your USB drive and select Format > Quick format.
  • Double click the unetbootin-xpud-windows-latest.exe file that you just downloaded.
  • Click Run then OK - this will install a little bootable OS on your USB.
  • After it has completed, do not choose to reboot the clean computer; simply close the installer.
  • Next download http://noahdfear.net/downloads/driver.sh to your USB - directly or drag it there when it's downloaded.
  • If you are using a different PC to the sick one, remove the USB as this part is complete. If not, leave it where it is.

The next part is somewhat tricky as it differs on different machines. If you are lucky, then the following will work. If it doesn't, let me know and we'll go for a different angle.
  • If necessary insert the USB stick into the sick PC and then boot it.
  • You need to select the OS that is on the stick rather than let Windows take charge, so press F12 and choose to boot from the USB before Windows starts loading
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Click the File icon on the left.
  • Expand mnt by clicking the little arrow to it's left.
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Click Tool at the top
  • Choose Open Terminal - this will open the Linux equivalent of a Command Window in all it's fashionable black livery.
  • Type bash driver.sh -f and then <ENTER>
  • You will be prompted to input a filename - enter the following:

    • services.*
  • Press <ENTER>.
  • If done successfully, the script will search for copies of this file on your system.
  • After it has finished a report will be located in the USB drive as filefind.txt.
Please note - all text entries are case sensitive

Let me have the contents of the file, or let me know if you had any problems.

So long, and thanks for all the fish.

 

 


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:32 AM

Posted 24 August 2012 - 04:13 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users