Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DOJ Virus then BSoD reboot


  • Please log in to reply
3 replies to this topic

#1 RedLineBC

RedLineBC

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas, TX
  • Local time:03:13 AM

Posted 31 August 2013 - 07:30 PM

I have been trying to remove that DoJ virus on a Dell laptop with no luck. I removed it several months ago from a friends laptop with hitman pro kickstart without a problem. So I tried it on this dell and it just started BSoD loop (stop: 0x0000007B (0XFFFFF880009A97E8, 0XFFFFFFFFC000000D, 0X0000000000000000, 0X0000000000000000)

 

This is usually a boot record problem but I cannot seem to fix it with bcdedit. It keeps showing "Total identified Windows installations: 0".

 

I have used information from this site to repair all kinds of virus issues, but I have never posted and ask for help. Guess I need some help this time if someone is willing. -Thanks

 



BC AdBot (Login to Remove)

 


#2 RedLineBC

RedLineBC
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas, TX
  • Local time:03:13 AM

Posted 31 August 2013 - 10:35 PM

Fixed my BSoD and boot issues with this:

 

Attempt Two: Manually Repairing the Windows Bootloader

Desperate times call for desperate measures. This time, we're going to select the "Launch command prompt" option and try to manually tell the Recovery Console what needs to be fixed. Chances are, this is as far as you'll have to go; hopefully it'll get the job done.

Go ahead and select "Command Prompt" from that list, and you should get a window not dis-similar to the one you see when run cmd.exe from Windows.

Let's start by telling the recovery console to fix our MBR and bootsectors:

bootrec.exe /fixmbr
bootsect.exe /nt60 all /force

Then ask it (nicely!) to try and rebuild your BCD data from scratch:

You will need to replace C:\ in the example below with the letter for your boot drive! It's most likely C:, but it could be something else!

attrib -h -s C:\boot\BCD

del C:\boot\BCD
bootrec.exe /rebuildbcd

If you're lucky, this'll work and you'll see a message telling you everything went OK. The first command (attrib) may fail. That is fine; it simply indicates the BCD does not yet exist.

Reboot your PC and try booting back into Windows to see if it worked. Don't forget to remove your Windows Vista DVD or Recovery DVD from the drive, or you'll end back in the repair center!

If your PC still doesn't boot, read on to Option Three for a more powerful recovery option.

Attempt Three: Nuclear Holocaust

Back at the main page of the recovery center, go ahead and select "Command Prompt" yet again from that list. 

The first order of business is to make sure the MBR and bootsector contain the right references to the Windows bootloader:

bootrec.exe /fixmbr
bootsect.exe /nt60 all /force

Now we get rid of the old BCD registry, and create a new one instead.

Note: We're assuming that the boot drive is drive C: below. If your computer is configured differently, be sure to use the appropriate drive letter here instead.

attrib -h -s C:\boot\BCD

del C:\boot\BCD
bcdedit /createstore c:\boot\bcd.temp
bcdedit.exe /store c:\boot\bcd.temp /create {bootmgr} /d "Windows Boot Manager"
bcdedit.exe /import c:\boot\bcd.temp
bcdedit.exe /set {bootmgr} device partition=C:
bcdedit.exe /timeout 10
attrib -h -s C:\boot\bcd.temp
del c:\boot\bcd.temp

Now we have a clean, working Vista bootloader. But we need to add a Windows entry to it:

bcdedit.exe /create /d "Microsoft Windows" /application osloader

bcdedit.exe should return a message with a GUID for the newly-created entry, something like this:
The entry {c0dfc4fa-cb21-11dc-81bf-005056c00008} was successfully created.

You'll need to use the value that bcdedit.exe returned for you below, along with the drive letter for the drive that Windows is installed to:

Again, make sure to replace C: with whatever the correct drive is for your Windows Vista/7 installation.

bcdedit.exe /set {c0dfc4fa-cb21-11dc-81bf-005056c00008} device partition=C:
bcdedit.exe /set {c0dfc4fa-cb21-11dc-81bf-005056c00008} osdevice partition=C:
bcdedit.exe /set {c0dfc4fa-cb21-11dc-81bf-005056c00008} path \Windows\system32\winload.exe
bcdedit.exe /set {c0dfc4fa-cb21-11dc-81bf-005056c00008} systemroot \Windows

And, last of all, tell the bootmgr bootloader to list the new entry or else it'll remain hidden:

bcdedit.exe /displayorder {c0dfc4fa-cb21-11dc-81bf-005056c00008}

Now your bootloader has been completely removed and rebuilt from scratch. If you got this to work, feel free to consider yourself one of the finest graduates of the NeoSmart Technologies Institute of BCD Learning.

At this point, you have a clean, untouched, and (hopefully) fully-working bootloader with one entry for Windows. Go ahead and reboot your PC, get back into Windows, and use EasyBCD to further tweak the bootloader to your heart's content. We advise backing up the BCD registry immediately with EasyBCD before making any changes.

 

------------------------------------------------------------------------------------------

 

Working on network connection and cleaning up viruses. May close this soon...



#3 RedLineBC

RedLineBC
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas, TX
  • Local time:03:13 AM

Posted 31 August 2013 - 11:31 PM

Network connection repaired. The virus had set its own DNS server in the TCPIP configuration. Removed it and now I can get to the internet. Running Hitman, then Malewarebytes. Should be pretty close to fixing this thing.

 

Please post any other recommendations. -Thanks



#4 RedLineBC

RedLineBC
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas, TX
  • Local time:03:13 AM

Posted 01 September 2013 - 12:03 AM

All fixed, feel free to close or delete this thread.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users