Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black Screen, Flashing Cursor 2


  • This topic is locked This topic is locked
12 replies to this topic

#1 AndrewSe

AndrewSe

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 15 August 2012 - 02:18 PM

Mod Edit: Split from http://www.bleepingcomputer.com/forums/topic464825.html - Hamluis.

Hi

I had exact same problem and done all the tests as well listed by the poster. I've have the mbr zip but cannot attach it to the reply - says Error You aren't permitted to upload this kind of file?

Thanks

Andrew

Edited by hamluis, 15 August 2012 - 03:56 PM.
Split, PM sent new OP - Hamluis.


BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:12 PM

Posted 15 August 2012 - 03:43 PM

@ AndrewSe

Exactly what is the name (the extension) of the file that you are trying to attach here?
  • A file with a .zip extension can be attached here in the XP forum, so it should not be a problem, and you should not be receiving the "Error You aren't permitted to upload this kind of file" message when attempting to do that.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 AndrewSe

AndrewSe
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 15 August 2012 - 04:09 PM

Sorry it's a RAR file - that won't work will it?

Andrew

#4 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:12 PM

Posted 15 August 2012 - 04:12 PM

No, .rar is not allowed. Simply attach the mbr.zip file .... with the .zip extension.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#5 AndrewSe

AndrewSe
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 15 August 2012 - 04:14 PM

Ok here it is

Attached Files

  • Attached File  mbr.zip   612bytes   5 downloads


#6 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:12 PM

Posted 15 August 2012 - 04:17 PM

Thank you: I will have a look at it now and get back to you shortly.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#7 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:12 PM

Posted 15 August 2012 - 04:35 PM

Your system is infected and the MBR is being detected by Microsoft Security Essentials (my antivirus) as Trojan:DOS/Alureon.L

MBR Analyzer v1.1.0

File : C:\Documents and Settings\GEOFF\Desktop\AndrewSe_BC\mbr\mbr.bin

--------------------------------------------------------------

--OFFSET--  0-1-2-3-4-5-6-7-8-9-A-B-C-D-E-F-  0123456789ABCDEF

0x00000000  31C08ED0BC007C0E1F0E076660881600  1.м.|....f`...
0x00000010  7EC606047E1EB448BE047ECD13B0500F  ~..~.H.~.P.
0x00000020  827B01812E13041400A11304C1E006A3  .{..........
0x00000030  027E81EC0E0068100089E5BEA17DB905  .~...h...御}.
0x00000040  006631DBE8F800FF36027E078C46068C  .f1..6.~..F..
0x00000050  5E04E8090081C410006661061ECB6660  ^......fa..f`
0x00000060  5766FF36147E668F460866FF36187E66  Wf.6.~f.F.f.6.~f
0x00000070  8F460C668B451066406629460866195E  .F.f.E.f@f)F.f.^
0x00000080  0C8B4514894602B4428A16007E89EECD  ..E..F.B...~.
0x00000090  13B0520F82070131C0BA0404BEB27D88  .R....1..}.
0x000000A0  9F427EFEC375F88A8F427E0204E87E00  .B~u..B~..~.
0x000000B0  46FECE750429D688D6FEC375EA31C089  Fu.).u1.
0x000000C0  C38B5602C1E2098B7604FEC38A8F427E  .V...v...B~
0x000000D0  E85B0000E930ED89CF8A8D427E26300C  [..0...B~&0.
0x000000E0  464A75E65F668B4D18660FB7560481F9  FJu_f.M.f.V..
0x000000F0  FF7FB0530F87A60066FF751C6631C066  ..S...f.u.f1f
0x00000100  89451C66F7D0266732026642B30866D1  .E.f&g2.fB.f
0x00000110  E8730666352083B8EDFECB75F1E2E766  s.f5 .uf
0x00000120  F7D0665B6639D8B04375736661C300C8  f[f9ذCusfa.
0x00000130  89C78AAD427E88AF427E888D427EC366  ..B~.B~..B~f
0x00000140  60BF00808C4E06897E046689D8408945  `...N..~.f.@.E
0x00000150  14660FB706B67D66894510B82000E8FD  .f..}f.E. .
0x00000160  FE8B7E048B5518FC60F3A6817DFE5C00  .~..U.`.}\.
0x00000170  740EE30E6101C729C277EDB04EE91E00  t..a.)wN..
0x00000180  414E5F81C40E006089FEBF227E595789  AN_...`."~YW.
0x00000190  C1F3A461E303E9C5FF59576661C3F4EB  a..YWfa
0x000001A0  FD5C626F6F7400000000000000000000  \boot..........
0x000001B0  0000C625EF232C85E494E49400008001  ..%#,.......
0x000001C0  010007EFFFFF3F000000C152A8040000  .....?...R...
0x000001D0  00000000000000000000000000000000  ................
0x000001E0  00000000000000000000000000000000  ................
0x000001F0  000000000000000000000000000055AA  ..............U

---------------------------[ MBR ]----------------------------

MBR_CODE        : Possible MaxSS.sst MBR Code
MD5             : 11E829629259F6716B929DD004CAC281
SHA1            : EB04AE363ED2377D11D577298EF51EC9C4303B1D
PARTITIONS      : 1
DISK_SIGNATURE  : E494E494
SIGNATURE_ID    : AA55h

-----------------------[ PARTITION 1 ]------------------------

BOOTABLE        : YES
PARTITION_TYPE  : 0x07 ( NTFS / HPFS)
PARTITION_SIZE  : 37.26 Go
STARTING_SECTOR : 63
ENDING_SECTOR   : 78140160
TOTAL_SECTORS   : 78140097
Please sit tight and be patient for now:
  • I have requested that an experienced helper who specialises in malware-related un-bootable computers respond to your topic.
  • A suitably experienced helper will respond when they are available.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#8 AndrewSe

AndrewSe
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 15 August 2012 - 05:07 PM

Great, thanks for the help

Andrew

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:12 AM

Posted 19 August 2012 - 02:04 AM

Hello Andrew, my apologies for the delay!

Right click the following download link and select "save link/target as": xPUD_MBRfix
Save the file to your USB drive.
  • Boot the ailing computer to xPUD
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Double click on xPUD_MBRfix to execute the script
  • When asked "what boot code do you want to write?" type m for XP boot code and press enter.
  • When asked "to which one do you want to write a new mbr?" type sda and press enter.
  • Type y and press enter to confirm your choices.
  • Press enter to close the window.
  • Upon finishing, its actions will produce a report (mlog.txt)
  • Post that report in your next reply

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 AndrewSe

AndrewSe
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 22 August 2012 - 03:27 PM

Here you go

Attached Files

  • Attached File  mlog.txt   486bytes   7 downloads


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:12 AM

Posted 22 August 2012 - 03:56 PM

Please see if you can boot normally into Windows now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 AndrewSe

AndrewSe
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 30 August 2012 - 10:59 AM

Please see if you can boot normally into Windows now.


Hi

I have been testing the laptop for about a week now and everything seems to be ok. Please accept my thanks for doing this and I really appreciate the help in getting this fixed.

Andrew

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:12 AM

Posted 30 August 2012 - 11:31 AM

You are most welcome. :)

Please read the following advice on how to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users