Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI moneypak - cannot boot in safe mode


  • This topic is locked This topic is locked
22 replies to this topic

#1 jdoo

jdoo

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 22 November 2012 - 07:58 PM

I am unable boot my computer in safe mode (any of the safe mode options). When I turn my computer on, a screen appears with "Windows Error Recovery" at the top.
It continues:

"Windows failed to start. A recent hardware or software change might be the cause.

If Windows files have been damaged or configured incorrectly, Startup Repair can help diagnose and fix the problem. If power was interrupted during startup, choose Start Windows Normally.
(Use the arrow keys to highlight your choice.)

Launch Startup Repair (recommended)
Start Windows Normally

--when launch startup repair is highlighted--Description: Fix problems that are preventing Windows from starting
--when start windows normally is highlighted--Description: Start Windows with its regular settings.

ENTER=Choose"

If I choose Launch Startup Repair, it just takes me immediately back to this screen.
If I choose Start Windows Normally, it tries to boot (the initial boot up screen) and then comes back to this Windows Error Recovery screen.

What do I do? How do I get remove this virus?
Any help would be greatly appreciated, especially as it is Thanksgiving.

Edited by Orange Blossom, 23 November 2012 - 02:56 AM.
Moved to Log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:59 PM

Posted 22 November 2012 - 11:09 PM

Welcome aboard Posted Image

I'll report this topic to appropriate helpers.
Hold on there...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:59 PM

Posted 23 November 2012 - 02:43 AM

Welcome to the forums, jdoo :)

Please create the CD and run the WindowsUnlocker program as described here: http://support.kaspersky.com/faq/?qid=208285998

Let me know how you progress.

If boot was unsuccessful, let me know if you have your Windows Vista/7 install CD (not to reinstall, but to troubleshoot).

Edited by thisisu, 23 November 2012 - 02:45 AM.


#4 jdoo

jdoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 24 November 2012 - 07:21 PM

I got to the step where it said to "Insert the disk into the CD/DVD ROM drive or connect the removable USB device" using the Kaspersky WindowsUnlocker. My computer is now showing "Missing operating system" on the screen.

I do have the Windows Vista operating system CD.

Please help.

#5 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:59 PM

Posted 24 November 2012 - 08:02 PM

I got to the step where it said to "Insert the disk into the CD/DVD ROM drive or connect the removable USB device" using the Kaspersky WindowsUnlocker. My computer is now showing "Missing operating system" on the screen.


So you never got to this screen (see below)

Posted Image

Is this correct?

Did you create the CD successfully? Is the computer BIOS set to boot from CD//DVD first? Check these options first please.

Edited by thisisu, 24 November 2012 - 08:03 PM.


#6 jdoo

jdoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 24 November 2012 - 08:08 PM

I couldn't view the image, so not sure what screen you're talking about. But, yes I created the CD successfully and set the BIOS to boot from CD/DVD.

#7 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:59 PM

Posted 24 November 2012 - 08:12 PM

I couldn't view the image, so not sure what screen you're talking about. But, yes I created the CD successfully and set the BIOS to boot from CD/DVD.


The image path is here: http://support.kaspersky.com/images/home/krd_4470_2_en.png
I embedded it into my previous message not sure why you are unable to see it.

Did you ever get to execute WindowsUnlocker?
I ask because you mentioned:

I got to the step where it said to "Insert the disk into the CD/DVD ROM drive or connect the removable USB device"

That's only about half way through the instructions on the Kaspersky website.
Did you ever get to this step?: 3. How to launch Kaspersky WindowsUnlocker and disinfect the registry

__

If you are still having trouble running WindowsUnlocker using the Kaspersky Rescue Disk 10 CD, then try the following please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Edited by thisisu, 24 November 2012 - 08:20 PM.


#8 jdoo

jdoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 24 November 2012 - 08:27 PM

I tried again and am running Kaspersky Rescue Disk now.

#9 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:59 PM

Posted 24 November 2012 - 08:30 PM

Ok :thumbup2:

#10 jdoo

jdoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 24 November 2012 - 08:30 PM

FYI, I clicked on the link you gave for the image path and received a server error - 404 - File or directory not found. The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable. Guess that's why I couldn't see the image.

#11 jdoo

jdoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 24 November 2012 - 08:39 PM

Kaspersky Rescue Disk automatically checks the boxes next to Disk boot sectors and Hidden startup objects to scan. Should I scan anything else (C:, D:, sda1, sda5)?

#12 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:59 PM

Posted 24 November 2012 - 08:40 PM

Yes place a checkmark in everything :)

#13 jdoo

jdoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 25 November 2012 - 01:38 AM

I finished scanning with Kaspersky Rescue Disk and quarantined or deleted the problem files like it said. Then I restarted. The same Windows Error Recovery screen keeps showing up, after the initial boot screen.

#14 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:59 PM

Posted 25 November 2012 - 03:08 AM

Let's try a different route.

Posted Image Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply.

Edited by thisisu, 25 November 2012 - 03:08 AM.


#15 jdoo

jdoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 25 November 2012 - 04:29 AM

I had to use my installation disc (was not able to repair computer through BIOS Advanced Boot Options menu). I attached the log. Please let me know if have any problems viewing it and I can copy and paste it. Thanks!Attached File  FRST.txt   20.92KB   5 downloads




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users