Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help to start my machine


  • This topic is locked This topic is locked
29 replies to this topic

#1 Lather3

Lather3

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 02 November 2012 - 12:33 PM

Help FBI virus on my dell laptop running xp professional tried to follow many topics on site to no avail. Will not start in safe mode goings right to blue screen. Have tried AVG download to flash have tried xPUD start up disk nothing has worked. Help!!!

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:19 PM

Posted 04 November 2012 - 11:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Posted Image

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.


Please post the logs and let me know if the problem persists.

#3 Lather3

Lather3
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 05 November 2012 - 01:18 PM

Hello thank you for responding. My laptop is completely dead will only boot to blue screen. Any downloads need to be a clean machine by flash or cd/DVD. Let me know what I should download!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:19 PM

Posted 05 November 2012 - 02:07 PM

This booting problem was reported to the experts in that field.
Someone will be with you ASAP.

#5 Lather3

Lather3
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 05 November 2012 - 02:08 PM

Thank you I will stand by!

#6 Lather3

Lather3
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 05 November 2012 - 06:02 PM

Somebody please!!!

#7 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:19 PM

Posted 05 November 2012 - 10:10 PM

Hello Lather3 :)


  • I will be helping with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

Let's begin:

Please follow these instructions for creating Kaspersky's Rescue CD and running WindowsUnlocker: http://support.kaspersky.com/faq/?qid=208285998

Let me know how it goes.

#8 Lather3

Lather3
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 06 November 2012 - 12:05 PM

Have run rescue cd to a flash drive and it is loaded

#9 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:19 PM

Posted 06 November 2012 - 02:15 PM

Have run rescue cd to a flash drive and it is loaded

Now run WindowsUnlocker as described in the link.

#10 Lather3

Lather3
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 06 November 2012 - 02:16 PM

here is a copy of the reports

Kaspersky Lab WindowsUnlocker, 2012
version 1.2.1 Sep 19 2012 08:04:02

Please, select command to execute:
1 - Unlock Windows
2 - Save boot sector copies
0 - Exit

(1) :> 1
Processing volume "/discs/C:"

Registry hive "/discs/C:/windows/system32/config/system" opened successfully
"AlternateShell" - OK
"AlternateShell" - OK
"AlternateShell" - OK

Registry hive "/discs/C:/windows/system32/config/software" opened successfully
OS Windows detected: Microsoft Windows XP Service Pack 3 ( 2600.xpsp_sp3_gdr.120821-1629 ) C:\WINDOWS
"Shell" - OK
"Userinit" - OK
Processing volume "/discs/File manager"
Processing volume "/discs/Kaspersky Rescue Disk"
Processing volume "/discs/sda1"
Processing volume "/discs/Web browser"
Processing volume "/discs/Kaspersky Registry Editor"
Processing volume "/discs/sdb1"

Registry hive "/discs/C:/Documents and Settings/LocalService/NTUSER.DAT" opened successfully

Registry hive "/discs/C:/Documents and Settings/NetworkService/NTUSER.DAT" opened successfully

Registry hive "/discs/C:/Documents and Settings/Michael Ainsley/NTUSER.DAT" opened successfully
"" : "c:\documents and settings\michael ainsley\local settings\temp\voooi0h2ans.exe" - suspicious value
- deleted

Registry hive "/discs/C:/Documents and Settings/Administrator/NTUSER.DAT" opened successfully

Please, select command to execute:
1 - Unlock Windows
2 - Save boot sector copies
0 - Exit

(0) :> 2
Processing /dev/sda
/dev/sda -> /var/kl/WUnlocker.1.2.1_06.11.2012_12.05.46_quarantine/krd0000.dta
Processing /dev/sda1
/dev/sda1 -> /var/kl/WUnlocker.1.2.1_06.11.2012_12.05.46_quarantine/krd0001.dta
Processing /dev/sda2
/dev/sda2 -> /var/kl/WUnlocker.1.2.1_06.11.2012_12.05.46_quarantine/krd0002.dta
Processing /dev/sdb
/dev/sdb -> /var/kl/WUnlocker.1.2.1_06.11.2012_12.05.46_quarantine/krd0003.dta
Processing /dev/sdb1
/dev/sdb1 -> /var/kl/WUnlocker.1.2.1_06.11.2012_12.05.46_quarantine/krd0004.dta
Processing /dev/dm-0
/dev/dm-0 -> /var/kl/WUnlocker.1.2.1_06.11.2012_12.05.46_quarantine/krd0005.dta

Please, select command to execute:
1 - Unlock Windows
2 - Save boot sector copies
0 - Exit

(0) :> 0

#11 Lather3

Lather3
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 06 November 2012 - 02:17 PM

I have updated rescue disk should I run it?

#12 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:19 PM

Posted 06 November 2012 - 02:20 PM

I have updated rescue disk should I run it?

Yes go ahead.
Afterwards, try rebooting into Windows normally (remove the CD from the CD tray and restart the computer).

Edited by thisisu, 06 November 2012 - 02:21 PM.


#13 Lather3

Lather3
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 06 November 2012 - 04:13 PM

Still Boots to blue screen. Note: Stop: 0x0000007b. (0xF78A6524, 0xC0000034, 0x00000000, 0x00000000)

#14 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:19 PM

Posted 06 November 2012 - 08:07 PM

Do you remember going into BIOS at all when you were troubleshooting?
Remember changing the hard drive controller type? Examples: SATA AHCI RAID IDE

Let me know please as it may just involve reverting that setting to its default value.

#15 Lather3

Lather3
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 06 November 2012 - 08:11 PM

Don't remember doing anything that would have changed the BOIS




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users