Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

new variant of ransom ware prevents windows 7 from loading


  • This topic is locked This topic is locked
12 replies to this topic

#1 Dragonlady24

Dragonlady24

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:10:02 AM

Posted 15 July 2013 - 11:45 AM

I believe i have found a possible new variant of ransomware. on the 10th of July i had tried to install a game from perfect world the game required me to download arc that is similar to steam. arc downloaded successfully but had started to slow down my windows 7 Toshiba laptop.right away. i then removed the program. when i went to restart my computer updates were installing so i let them install. after the restart however is when i got a black screen telling me :

Atheros PCIE controller V 2.0.1.9(12-15-09)

check cable connection

PXE-MOF: exiting Intel PXE Rom

no bootable device-- insert boot disk and press any key.

I have created a boot disc and tried to repair windows 7 to no avail. no operating system shows when the repair module is running and trying to find my OS. start up repair fails and has told me it cannot repair my OS. 

I have run chkdsk to in the system tools and it has found these 2 files ngenro`1.dat,ngenrootstorelock.dat and replaced them. 

 

my operating system is windows 7 home premium. my computer is a toshiba l655 s5146. 

thanks for any help ahead that you may give ahead of time. 



BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 22 July 2013 - 02:42 PM

I would recommend to backup your files first. The MBR looks damaged. You'll need assistants of the Malware Response Team.

 

Backup your files when OS doesn't boot:

 

:step1: Get to Windows Recovery Environment:

 

==== By Entering it ========

  1. Press F8 during startup, until you get the black screen with Repair my computer, Safe mode, ...
  2. Choose 'Repair my computer'.

=======================

 

By Inserting Recovery CD

 

=======================

  1. Then in the System Recovery Options, please select Command Prompt.

005.png

 

:step2: Type in the command prompt: notepad

 

==> Now Notepad will open, then click File - Open, On the "Files of type" box select "All files". From now you can get to my "computer". Also connect the USB-drive or external HD. Next copy your private folders to the USB-device or External HD for backup.

 

008.png

 

:step3: If the above doesn't work for you, try this: Use/Make A Ubuntu-Live CD: http://www.howtogeek.com/howto/windows-vista/use-ubuntu-live-cd-to-backup-files-from-your-dead-windows-computer/


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 Dragonlady24

Dragonlady24
  • Topic Starter

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:10:02 AM

Posted 23 July 2013 - 01:30 PM

Thank you for your help. In case you did not know i cant save anything as it wont let windows 7 start. and i have nothing to backup except for the actual applications on the drive and the drivers. Ill be making a windows defender offline ISO on a disk sometime this week and try to boot from that to scan. if that doesn't help I'm sure someone will be able to tell me what else to do. At this point however I am very worried that Ill have to reformat which I do not want to do. It would just be too much work.


Edited by Dragonlady24, 23 July 2013 - 03:21 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:02 PM

Posted 23 July 2013 - 09:29 PM

Hello, do the steps you can here.
Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Dragonlady24

Dragonlady24
  • Topic Starter

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:10:02 AM

Posted 24 July 2013 - 07:16 PM

boopme thanks for your help. but like I have stated before windows does not boot so none of those steps will help. thanks for the help again but if no one has any options for getting my computer to boot windows then just close the topic thanks.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:02 PM

Posted 24 July 2013 - 07:35 PM

I will ask someone that handles these non booters to look here
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:02 PM

Posted 24 July 2013 - 07:44 PM

Hi and welcome.

 

Lets give it a try. You will need a USB flash drive.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:02 PM

Posted 24 July 2013 - 08:04 PM

Hello, just letting you know I moved this topic to here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Edited by boopme, 24 July 2013 - 08:05 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Dragonlady24

Dragonlady24
  • Topic Starter

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:10:02 AM

Posted 25 July 2013 - 07:38 PM

one more issue the computer that I am posting from is a 32 bit windows xp and the OS on the computer needing help i8s windows 7 64 bit. will it still work for me download the program to my flash drive from the windows xp 32 bit machine?

 

PS: windows 7 does not show up at all in recovery. where the option for operating system is to be displayed. it is blank.


Edited by Dragonlady24, 25 July 2013 - 08:01 PM.


#10 Dragonlady24

Dragonlady24
  • Topic Starter

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:10:02 AM

Posted 25 July 2013 - 08:10 PM

I have tried to use the program on the flash drive. it would not run.I followed the instructions exactly.  what if it isn't a virus but a bad hard drive and i have mistaken the symptoms for something else. 



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:02 PM

Posted 25 July 2013 - 10:12 PM

If the ailing computer is 64 bits, use the 64 bit version. If you use the wrong version, it wont work. If the Repair Console finds no Operating System, then it may be due to a bad hard drive, but if the installation is recognized, FRST should work. Try both versions just in case.

Run Notepad at the command prompt. Click on Open. Can you browse throughout the hard drive?

Edited by JSntgRvr, 25 July 2013 - 10:14 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Dragonlady24

Dragonlady24
  • Topic Starter

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:10:02 AM

Posted 26 July 2013 - 01:36 PM

I did download the 64 bit version. and it does not find an operating system. i am currently looking for a new hard drive to replace my current one. this topic can be closed. there isn't much more i can do except to replace the drive once i can afford one. thanks for your help anyways. 

 

please close this topic. none of this has helped. 



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:02 PM

Posted 26 July 2013 - 05:03 PM

Very well.

Closed at the member's request.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users