Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defender Offline Removed alureon.a - No Boot, Flashing Cursor


  • Please log in to reply
28 replies to this topic

#1 bobgilbert

bobgilbert

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:18 PM

Posted 08 February 2013 - 03:52 PM

Hello!

 

I ran Windows Defender Offline on my firend's Windows XP machine and it removed a couple of viruses (including alureon.a) but when I tried to reboot all I get is a flashing cursor in the top left corner.

 

From what I have read it looks like it has created an issue in the MBR but I am not skilled, nor confident enough to fix it.

 

I have seen others with similar issues on here but I am afraid that their solutions were personalized enough that I was not able to duplicate the repairs suggested.

 

Thanks!



BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:09:18 AM

Posted 10 February 2013 - 03:41 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

Please try the following. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the Desktop of your clean computer.

  • Insert your USB drive.
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format.
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded.
  • Press Run then OK.
  • It will install a little bootable OS on your USB.
  • After it has completed do not choose to reboot the clean computer simply close the installer.
  • Remove the USB and insert it in the sick computer.
  • Boot the Sick computer.
  • Press F12 and choose to boot from the USB.
  • Follow the prompts.
  • A Welcome to xPUD screen will appear.
  • Press File.
  • Expand mnt.
  • sda1,2...usually corres.ponds to your HDD.
  • sdb1 is likely your USB
  • Press Tool at the top.
  • Choose Open Terminal.
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 bobgilbert

bobgilbert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:18 PM

Posted 10 February 2013 - 04:01 PM

Thanks for your response! I left the infected machine at my office but will be there tomorrow morning and will attempt this right away.



#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:09:18 AM

Posted 11 February 2013 - 12:10 AM

OK sounds good. :)


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 bobgilbert

bobgilbert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:18 PM

Posted 11 February 2013 - 10:28 AM

Well, I was able to boot to xpud via USB on the infected machine without an issue but when I look at the drives under File < mnt  there is only sda1 and sda2 neither of which is the USB drive.

 

It's strange because obviously the USB is working fine because I am booting to it but xpud seems to not be seeing it as a drive for some reason?

 

I will keep trying and see if I can figure anything out but if you had any ideas I would certainly appreciate it.



#6 bobgilbert

bobgilbert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:18 PM

Posted 11 February 2013 - 10:32 AM

I switched from the USB in the back of the machine to the USB in the front and it mounted the USB drive properly and I was able to copy MBRbackup.zip to the USB drive........who knows why   :)

 

Would you like me to go ahead and upload that file?

 

Thanks!



#7 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:09:18 AM

Posted 11 February 2013 - 03:29 PM

Hello bobglibert,

 

Yes, please do. :)


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#8 bobgilbert

bobgilbert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:18 PM

Posted 11 February 2013 - 03:30 PM

Here you go!

Attached Files



#9 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:09:18 AM

Posted 12 February 2013 - 12:52 AM

Good afternoon bobgilbert,
  • On your clean computer, download driver.sh to your USB drive.
  • Remove the USB & CD and insert them in the sick computer.
  • Boot the Sick computer with the xPUD CD.
  • The computer must be set to boot from the CD.
  • Gently tap F12 and choose to boot from the CD.
  • Follow the prompts.
  • A Welcome to xPUD screen will appear.
  • Press File.
  • Expand mnt.
  • sda1,2...usually corresponds to your hard drive.
  • sdb1 is likely your USB.
  • Click on the folder that represents your USB drive (sdb1 ?).
  • If you don't see sdb1:
  • Click on the Tool menu, and then click on Open Terminal.
  • In the Terminal window that opens, copy/paste each of the following lines, pressing enter after each one:

    mkdir /mnt/sdb1
    mount /dev/sdb1 /mnt/sdb1

  • Close the Terminal window.
  • Confirm that you see dumpit on your USB drive (sdb1).
  • Double click on dumpit.
  • It will create some MBR copies on the USB.
  • After it has finished press Enter to exit the Terminal window.
  • Remove the USB drive and insert back in your good computer, then locate on it an mbr.zip file and attach it to your next post.
    Note:
  • mbr.zip must be posted as an attachment.

    Note: All text entries are case sensitive.

Edited by The Dark Knight, 12 February 2013 - 12:57 AM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#10 bobgilbert

bobgilbert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:18 PM

Posted 12 February 2013 - 09:51 AM

Here is the MBR.zip, thanks!

 

*Edit: the attachment didn't work for some reason, trying again*


Edited by bobgilbert, 12 February 2013 - 09:57 AM.


#11 bobgilbert

bobgilbert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:18 PM

Posted 12 February 2013 - 09:57 AM

Here is the MBR.zip, thanks!

Attached Files

  • Attached File  mbr.zip   2.38KB   8 downloads
  • Attached File  mbr.zip   2.38KB   3 downloads


#12 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:09:18 AM

Posted 13 February 2013 - 04:25 AM

Good evening bobgilbert,
 
Thank you so far.
 
Please download GETxPUD.exe to the Desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.
  • This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Edited by The Dark Knight, 13 February 2013 - 04:26 AM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#13 bobgilbert

bobgilbert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:18 PM

Posted 14 February 2013 - 10:56 AM

Ok, I followed the instructions and saw the mbr.bin file from within xpud on the USB drive but for some reason I am not able to see the mbr.bin file when I plug the USB drive into a clean machine.....I am able to view all hidden files, system files, etc so I am not sure what is going on.


Edited by bobgilbert, 14 February 2013 - 10:56 AM.


#14 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:09:18 AM

Posted 14 February 2013 - 03:42 PM

Hey bobgilbert,

Please connect the USB drive to your sick computer and boot up.

Once you are booted up confirm you can see the mbr.bin file:
  • A Welcome to xPUD screen will appear.
  • Press File.
  • Expand mnt.
    • sda1,2...usually corresponds to your HDD.
    • sdb1 is likely your USB
    .
    Click on the folder that represents your USB drive (sdb1 ?).
    • Press Tool at the top.
    • Choose Open Terminal.
    • Type the following and press enter:
    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Now, please use xPud to use Firefox to upload the file.
  • In the sdb1? folder (which is the flash drive) find mbr.bin.
  • Right click on it and select rename.
  • Rename it mbr.txt.
  • Make sure you are connected to the internet via ethernet cable or setup the wireless to go online.
  • Click Menu, click Web Browser Firefox.
  • Navigate to BleepingComputer.
  • Make a reply.
  • Search to the flash drive for the file, click it to upload it.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#15 bobgilbert

bobgilbert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:18 PM

Posted 15 February 2013 - 06:28 PM

Here ya go!

 

Thanks again, I genuinely appreciate your time

Attached Files

  • Attached File  mbr.txt   512bytes   2 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users