Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No access to OS, startup repair or Safe mode....


  • This topic is locked This topic is locked
14 replies to this topic

#1 aronszocs

aronszocs

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 26 February 2013 - 09:17 AM

Hi,



After thinking I had succesfully removed the pseudo government
ransomware that I was infected with a few weeks ago, I began
intermittently experiencing redirects and cookie issues on secure sites.
So I ran Malwarebytes last night, went through about 5 scans before it
apparently removed all detected objects. I then decided to do another
update after that and the next scan detected 15 objects. Upon reboot, I
now cannot enter safe mode or system repair - they both hang on loading
and then crash and reboot.



What can I do? and thanks in advance for any assistance.



BC AdBot (Login to Remove)

 


#2 aronszocs

aronszocs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 26 February 2013 - 01:16 PM

PS - running Windows 7.

 

FYI - Early on into the System Repair process - during 'Loading Windows Files'
- the screen goes black and my tv (monitor), flashes it's input
information;

"PC - Analog - 640x480hz" ; as if there was a video driver issue that
alters the signal to the tv - although I can hear the CPU still running
yet no sounds of new activity.

There seem to be no issues with video otherwise - 'Last known good
configuration' and 'Start Windows Normally' gets me to the Windows logo,
and then crashes and reboots. Safe mode crashes and reboots while
loading a CLBStor.sys file.



#3 aronszocs

aronszocs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 11 March 2013 - 12:54 AM

SPECS; Windows 7 - Gateway DX4822 - Acer G43T-AM Motherboard -
Dynex DX400WPS PS - 8GB DDR2 - ATI Radeon HD 4650 - 1TB HDD

Hi bleepingcomputer.com,

After thinking I had successfully removed some ransomware a few weeks ago, I began intermittently experiencing redirects and cookie issues on secure sites. So I ran Malwarebytes, went through about 5 scans before it apparently removed all detected objects - but a few days later, the next scan detected 15 objects. This time, upon reboot, I could not enter safe mode or system repair. A regular startup will get me to the Windows logo, and there's a subtle sound of a surge in the CPU fan, followed by a prompt reboot. Safe mode can't even get me to the Windows logo, and reboots while loading a CLBStor.sys file. And Repair either goes blank after 'Loading files' or when I switch to the recovery discs, it gets one step further and then hangs on the Gateway Recovery Console page before any steps are initiated.

I've tried reseating the CMOS battery and the RAM but all I noticed was the CPU Fan got louder after doing this. I've swapped the hard drive with an older relic (250gb) that had WinXp on it but that yielded the same booting/crashing problem. At the advice of a Future shop employee, I've purchased a new hard drive which is still sitting in the packaging after I failed to even access the older hard drive with XP on it.

Something to note; at the early stages of this crash/reboot problem, I briefly experienced some flickering with the monitor once it reached the Windows Logo and then it would crash. Also, I briefly experienced a beep sequence on startup 1-1-4, which went away after reseating the battery.

I'm really stuck here, and I'm not sure if this is a motherboard, hard drive or malware issue - or all of the above. Any help is greatly appreciated.

Edited by hamluis, 11 March 2013 - 12:18 PM.
Merged topics - Hamluis.


#4 aronszocs

aronszocs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 11 March 2013 - 09:32 AM

Any suggestions out there? Could really use your help? Thanks in advance!



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:17 PM

Posted 11 March 2013 - 12:17 PM

My apologies for the fact that no responded to your earlier post...but I am going to merge the two topics that you have initiated...and try to see that you obtain proper responses from appropriate personnel.

 

Please be patient :).

 

Louis



#6 aronszocs

aronszocs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 11 March 2013 - 04:03 PM

Please be patient :).

 

Louis

 

Will do , Thanks!



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:17 PM

Posted 11 March 2013 - 10:47 PM

:welcome:

 

If you have access to a working Windows 7 computer, create a Windows 7 System Repair Disc.

 

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.
 

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-

WTSRD1.gif
 

  • Put a blank rewritable  CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-

WTSRD2.gif
 

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

 

 

Boot the ailing computer with this CD. Let me know if you are able to reach the Command Prompt in the Repair Console.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 aronszocs

aronszocs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 11 March 2013 - 11:08 PM

Boot the ailing computer with this CD. Let me know if you are able to reach the Command Prompt in the Repair Console.

 

Hello and thanks so much for your help. Just a quick question....would the 'Gateway Recovery Disc' (provided by Future Shop) that I used and failed to boot from, not be the same as a Windows Repair Disc?

 

Repair either goes blank after 'Loading files' or when I switch to the recovery discs, it gets one step further and then hangs on the Gateway Recovery Console page before any steps are initiated.


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:17 PM

Posted 12 March 2013 - 11:31 AM


Boot the ailing computer with this CD. Let me know if you are able to reach the Command Prompt in the Repair Console.

 
Hello and thanks so much for your help. Just a quick question....would the 'Gateway Recovery Disc' (provided by Future Shop) that I used and failed to boot from, not be the same as a Windows Repair Disc?
 

Repair either goes blank after 'Loading files' or when I switch to the recovery discs, it gets one step further and then hangs on the Gateway Recovery Console page before any steps are initiated.


Try to create a Recovery CD from another computer using the same version of of Windows 7.  If  it doen't work, try any of the following and let me know the outcome:
 
:step1:
 
We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download  GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to  tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.txt bs=512 count=1

    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.txt is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.bin
  • Plug the USB back into the clean computer and  post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.txt zipped file must be attached to your reply as it is a text file.
:step2:
 
Lets try the AVG Rescue CD:


"AVG rescue CD is basically a portable version of AVG anti-virus, which runs on linux distribution as bootable CD or bootable USB flash drive. This Rescue CD is equipped with AVG Antivirus , AVG Anti Spyware and some administrator recovery tool.


You can scan and remove computer virus without booting operating system first. It is suitable for recovering MS Windows and Linux operating systems (FAT32 and NTFS file systems) from virus and spyware attack. Meanwhile, Administrator toolset on AVG rescue disk are Windows Registry editor, a TestDisk utility for data recovering and lost partitions, a file browser for navigating folders, and a Ping tool for basic network diagnostics."

Please Note: Windows does not have to load for this scanner to work.

AVG Rescue CD Guide-check here

You can download  AVG rescue CD HERE.
It's also located on ThisPage, make sure you download the .iso file.

Here's how it goes:

Download and install Active@ ISO Burner
Click HERE  for ISOBurner Instructions.
Install the program, and follow the next set of steps.

After you install Active@ ISO Burner, put a blank cd-r in your burner and double click on the AVG Rescue CD.iso you downloaded and Active@ ISO Burner should automatically open up.....now click BURN.

The program is very easy to use, you'll just be pressing Enter most of the time but here's how it goes:

1. After the rescue cd is made, boot-up the sick computer, put the rescue cd in and then restart it.
Note: In order to do so, the computer must be set to boot from the CD first. For information on how to do that....click HERE.
2. At the Boot Menu: Choose AVG Rescue CD (1) and press Enter

3. Let it load, at the "Disclaimer Screen"... just choose I agree or not and press Enter

4. At the "Update Screen", choose Yes and press Enter

Next screen, Choose Update from Internet and press Enter

5. At the "Update Priority Configuration" window, choose Priority 2 Virus Database Update and press Enter

6. Let it update and when finished, Press any key to continue

7. You end up back at the "Update Screen", choose Return and press Enter

8. Your at the "Main Menu" screen, choose Scan, press Enter

9. "Scan Type Menu", choose "Volumes Scan - Selected Volumes" and press Enter

10. "Scan Volumes", choose "OK" and press Enter

11. "Scan Options", choose "OK" and press Enter

12. "Run Scan", choose "Yes" and press Enter

13. When scan is complete, Press any key to continue

14. "Info screen", choose "OK" and press Enter

15. To see the scan report, select "Report File" and press Enter
Please look over the list as some files can be crucial for the Windows system and deleting them can make it inoperative, if  in your not sure please Google the file or files.

16. "Scan Results Menu", use the up and down keys and choose "Select - Handle single or groups of infected files", press Enter
Go through the files and choose to Rename the infected file, don't choose Delete!
This is important....Rename<---

17. Read the "Warning Screen", "Yes" and Enter

18. Back to "Scan Results Menu", choose "Back or Return" to get to the "Main Menu" and then choose ---->Reboot System
Don't forget to take out the rescue cd.

19. All the malware files will be renamed to "_INFECTED.arl", to find all of these files....
Go to Start > Search > All Files and Folders > type "_INFECTED.arl" and click search.
  Example: malware.exe would be renamed to malware.exe_infected.arl

20. Note: If you find the cd doesn't load, it's most likely do to a bad download or bad burn, download the file again and burn it at a slower speed.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 aronszocs

aronszocs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 12 March 2013 - 03:59 PM

Thanks for the advice - I'm working on it! ;)



#11 aronszocs

aronszocs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 13 March 2013 - 04:17 PM

Looks like the hard drive is shot - Recovery gets stuck in a loop. :(



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:17 PM

Posted 13 March 2013 - 05:56 PM

xPUD should work independently from the OS and hard drive. Did you try it?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 aronszocs

aronszocs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 13 March 2013 - 08:38 PM

Well, I regret I made the hasty decision to leave it with the local repair guy. He seemed convinced the virus installed itself on the recovery partition of the HDD - resulting in the system repair loop and/or overclocked the HDD.

 

Anyway, he doesn't seem up to the challenge of tackling the infected HDD, and w/ two kids and no down time, I certainly have no energy for due diligence...so I just gave him the new HDD I bought to run a clean install. Looking at the steps you so kindly layed out above, I'll tell myself that it saves me some grief going w/ a new HDD - though I wish I'd thought it over one more day. Hey, you think it could of infected the mobo too?

 

Anyway, I appreciate your attention. Thanks a lot. :thumbsup2:



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:17 PM

Posted 13 March 2013 - 11:03 PM

Thanks for the feedback.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:17 PM

Posted 13 March 2013 - 11:04 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users