Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dell dimension 4700 problems


  • Please log in to reply
28 replies to this topic

#1 nick2222

nick2222

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 14 March 2013 - 03:28 PM

When i woke up today my computer had shut off. When I turned it back on windows wont load up. Right now it keeps going to the screen asking me which safe mode I want to go to. When i dont hit anything the computer just keep rebooting and going back there. When I hit safe mode it goes to a blue screen or just keeps rebooting.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:47 AM

Posted 14 March 2013 - 11:03 PM

We need to know your Operating System.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 nick2222

nick2222
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 15 March 2013 - 12:31 AM

windows xp



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:47 AM

Posted 15 March 2013 - 02:53 PM

I will ask an expert in these non booters to look here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:47 AM

Posted 15 March 2013 - 05:55 PM

:welcome:

Lets give it a try.

We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.txt bs=512 count=1

    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.txt is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.bin
  • Plug the USB back into the clean computer, and post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.txt file must be attached to your reply as it is a hex file.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:47 AM

Posted 15 March 2013 - 08:24 PM

Hello, Just letting you know I moved this to the  Virus, Trojan, Spyware, and Malware Removal Logs forum,where it will stay.

 

Thank you JSntgRvr


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 nick2222

nick2222
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 16 March 2013 - 05:32 PM

Thanks for your reply I just wanted to let you know it will be a day or two before I can try your reply if thats ok with you?



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:47 AM

Posted 16 March 2013 - 08:37 PM

No problem. :thumbup2:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 nick2222

nick2222
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 19 March 2013 - 08:10 PM

I burned the cd now im just trying to get my usb flash drive to work. I have two of them but for some reason nothing is popping up when i plug them in like usual.



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:47 AM

Posted 19 March 2013 - 08:31 PM

Insert the flash drive once in xPUD. See if mounted.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 nick2222

nick2222
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 21 March 2013 - 02:06 AM

Ok i did all that but when I finish all I see on my usb are the filefind.txt and report.txt icons i dont see RegReport.txt or the mbr



#12 nick2222

nick2222
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 21 March 2013 - 02:15 AM

Search results for Winlogon.exe

22101a85b3ca2fe2be05fe9a61a7a83d  /mnt/sda1/Program Files/Malwarebytes' Anti-Malware/Chameleon/winlogon.exe
      211.4K Dec 14 22:49


Search results for volsnap.sys


Search results for explorer.exe


Search results for Userinit.exe


Search results for Exit


Search results for bash query.sh


Search results for dd if=/dev/sda of=mbr.txt bs=512 count=1

 

Thu Mar 21 03:59:02 UTC 2013


 



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:47 AM

Posted 21 March 2013 - 07:37 AM

Everytime a report is produced, close the Terminal Window and rename the report to Report1.txt, Report2.txt, Report3.txt, ....etc. Hopefully we may be able to get them all. I don't like what I see in the last report. Seems that some important files are missing.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 nick2222

nick2222
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 21 March 2013 - 11:13 AM

earch results for Winlogon.exe

22101a85b3ca2fe2be05fe9a61a7a83d  /mnt/sda1/Program Files/Malwarebytes' Anti-Malware/Chameleon/winlogon.exe
      211.4K Dec 14 22:49


Search results for volsnap.sys


Search results for explorer.exe
 

ote Registry Report

Hive </mnt/sda1/Documents and Settings/Administrator/NTUSER.DAT>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 1 values
  size     type            value name             [value if type DWORD]
    62  REG_SZ            <ctfmon.exe>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 0 subkeys and 1 values
     4  REG_DWORD         <NoDriveTypeAutoRun>     145 [0x91]
 

Hive </mnt/sda1/Documents and Settings/Mike/NTUSER.DAT>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 1 values
  size     type            value name             [value if type DWORD]
   116  REG_SZ            <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 0 subkeys and 1 values
     4  REG_DWORD         <NoDriveTypeAutoRun>     145 [0x91]
 
ÀŽÐ¼ |ûPPü¾|¿PW¹åó¤Ë½¾±8n |    uƒÅâôÍ‹õƒÆIt8,tö µ´‹ð¬< tü» ´ÍëòˆNèF s*þF€~t€~t ¶uÒ€FƒFƒV
 è! s ¶ë¼>þ}Uªt€~ tÈ ·ë©‹üW‹õË¿ ŠV ´Ír#ŠÁ$?˜ŠÞŠüC÷ã‹Ñ†Ö±ÒîB÷â9V
w#r9Fs¸» |‹N‹V ÍsQOtN2äŠV ÍëäŠV `»ªU´AÍr6ûUªu0öÁt+a`j j ÿv
ÿvj h |jj´B‹ôÍaasOt2äŠV ÍëÖaùÃInvalid partition table Error loading operating system Missing operating system                                                          ,Dc±±  € þÿÿ?                                                   Uª



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:47 AM

Posted 22 March 2013 - 12:14 PM

The MBR.txt file must be attached as it is a hex file.

All seems to indicate your Operating System is missing.

Something is terrible wrong. Lets check the Hard Drive.

Lets try TestDisk.
  • Download xPUDtestdisk.exe and save it to the USB device
  • In the working computer, double click xPUDtestdisk.exe within the USB drive to extract its contents.
  • Remove the USB and insert it in the ailing computer
  • Boot the ailing computer to xPUD
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter
  • You will now be at a scary looking text-based command window:

    Create_log.gif

  • Press Enter here to create a new log file.
  • TestDisk will now detect all local hard drives, and present them in a list like this:

    Select_disk_update.gif

  • Use the arrow (up and down) keys to highlight the disk called /dev/sda.
  • With /dev/sda selected, press Enter
  • Select Intel (even if you have an AMD processor) on the next window.

    Partition_table_type.gif

  • Press Enter.
  • Select Analyse and press Enter.

    Menus.gif

  • The next screen will list all found partitions.

    Analyse.gif

  • At this point exit by pressing Q and locate the log. Post it on your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users