Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Ransome - Cannot start in safe mode


  • This topic is locked This topic is locked
106 replies to this topic

#1 jimmyp68

jimmyp68

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 24 March 2013 - 10:10 PM

I have developed the FBI ransome virus and I cannot start the computer in safe mode.  I run XP SP3 and will need a bit of hand-holding to walk me through the process.  I also have little experience using forums.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:31 PM

Posted 27 March 2013 - 02:54 PM

Hello, let's try to fix Safe mode and then use our Guide.
 
We Need to Repair Safe Mode

  • Please download Safe Boot Key Repair and save it to your desktop.
  • Open desktopicon.png on your desktop.
  • Copy and paste the resultant log here in your next reply.

Now try the Guide
Remove the FBI MoneyPak Ransomware or the Reveton Trojan


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jimmyp68

jimmyp68
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 27 March 2013 - 05:20 PM

I placed it on the desktop, ran it and it returned the following"c:\documents and settings\james peters\local settings\application and data\duS_nMjtMtx.exe" is not recognized as an internal or external command, operable program or batch file.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:31 PM

Posted 27 March 2013 - 05:27 PM

lets try again after this..
 
Download FixExec.exe to your desktop. Double click on the downloaded file to run the fix. When the program has finished, it will generate a log on the desktop called FixExec.txt. Post the log in your next reply. NOTE: If for any reason you're not able to execute FixExec.exe rename it to FixExec.com, FixExec.pif or FixExec.scr.

Edited by boopme, 27 March 2013 - 05:28 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jimmyp68

jimmyp68
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 27 March 2013 - 07:14 PM

Here is the log.  I do want to tell you that I am doing this from another computer with a flash drive.  I only have what seems to be a matter of minutes when I boot up the infected computer.  Also, I have not been able to connect to the internet on he infected computer.

 

 

FixExec by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about FixExec can be found at this link:
 
Program started at: 03/27/2013 08:02:48 PM in x86 mode.
Windows Version: Windows XP
 
Checking for processes to terminate before fixing executable associations.
 * No processes found to kill.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
 
Program finished at: 03/27/2013 08:03:07 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:31 PM

Posted 27 March 2013 - 09:10 PM

Go to the removal Guide see if you can run the tools there..If you do not have safe use normal..

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 jimmyp68

jimmyp68
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 28 March 2013 - 05:27 PM

How do I do that?  When I boot up in safe mode or safe mode with networking, I get a blue screen that says

 

"A problem has been detected and windoes has shut down to prevent damage to your computer

 

If this is the first time you've seen this Stop error screen, restart your computer.  I this screen appears again, follow these steps:

 

Check for viruses on your computer.  Remove any newly installed hard drives or controllers.  Check your hard drive to make sure it is properly configured and terminated.  Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

 

Technical information:

 

***STOP: 0x0000007B (0xF789E524, 0xC0000034, 0x00000000, 0x00000000)"

 

I cannot get on my computer to do the things you suggest.  all of the virus removal tutorials assume i have access to the computer.  i do not.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:31 PM

Posted 28 March 2013 - 07:22 PM

Ok now it;s different you cannot boot it in either mode. In the first post I thought it was only a Safe Mode issue.

 I cannot start the computer in safe mode

I need to ask another to look here as we need to approach this differently now.

You will need access to a flash drive or CD and another PC.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 jimmyp68

jimmyp68
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 28 March 2013 - 07:46 PM

I have that



#10 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:31 PM

Posted 01 April 2013 - 04:39 PM

Hello Jimmyp68,

 

Thanks for being patient. I am here now to help you try to resolve this issue if you still wish to proceed.

 

Using a CD or USB, please create a HitmanPro.Kickstart cd/USB disc using these instructions: http://www.surfright.nl/en/kickstart

 

Let me know how you progress. If you were able to run a scan, please save the log for me to review.



#11 jimmyp68

jimmyp68
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 02 April 2013 - 05:25 PM

I followed all of the steps and created a boot USB

 

when I boot I get 3 options

 

option 1 yields:

 

HITMAN PRO.KICKSTART BOOTING

MBR READ

NON-NTFS PARTITION OR ENCRYPTED DISK DETECTED

FAILED TO BOOT!

 

option 2 yields

 

INVALID SYSTEM DISK

REPLACE THE DISK, AND THEN HIT ANY KEY.

 

hitting any key yields

 

SATA-0: INSTALLED

SATA-1: INSTALLED

SATA-4: NONE

SATA-5: NONE

 

option 3 yields the same as option 1



#12 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:31 PM

Posted 02 April 2013 - 10:15 PM

Do you recall going into the system BIOS at all (if you were troubleshooting on your own) ? Specifically, do you recall changing a setting along the lines of "SATA operation mode: AHCI / IDE" ?

 

If not, proceed with the following with the following instructions:

 

Download GETxPUD.exe to the desktop of your clean computer

  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1
     
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.


#13 jimmyp68

jimmyp68
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 03 April 2013 - 06:53 PM

No, I'm not smart (or dumb) enough to change the BIOS settings.

 

When I get to the Expand MNT step, there is no USB or sdb1 recognized by the computer.  Only sda1 and sda2 were present.  

 

However, I know the computer saw the USB when I hit F12 to boot from the disk.  A USB drive was present at that step.

 

Tried it twice with the same outcome.

 

Not sure what to do now.



#14 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:31 PM

Posted 03 April 2013 - 07:37 PM

No, I'm not smart (or dumb) enough to change the BIOS settings.

 

When I get to the Expand MNT step, there is no USB or sdb1 recognized by the computer.  Only sda1 and sda2 were present.  

 

However, I know the computer saw the USB when I hit F12 to boot from the disk.  A USB drive was present at that step.

 

Tried it twice with the same outcome.

 

Not sure what to do now.

 

Can you try expanding/collapsing sda1 and sda2 until you can recognize if both of them are truly hard disk drives, or if one of them may be your USB drive? Do you know if you have two hard drives or just one?



#15 jimmyp68

jimmyp68
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 03 April 2013 - 09:19 PM

just for bleeps and giggles i tried a different USB that i reformatted and was blank, and got the same result.

 

i believe i only have 1 hard drive and i don't believe it is partitioned.  however, neither sda1 or sda2 appear to be the USB.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users