Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No boot after HitmanPro


  • This topic is locked This topic is locked
11 replies to this topic

#1 Cameron2010

Cameron2010

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 27 October 2013 - 08:52 PM

Windows 7 64bit. Ran HitmanPro. Detected rootkits and other malware. Took default settings. On reboot MBR missing and not able to boot. Ran Win 7 startup repair and unable to fix. Run thru reinstall to see what partitions are on the disk and the following partition table:

Disk 0      Unallocated Space           199.0MB

Disk 0      Partition 1                          58.0GB     Primary 

Disk 0      Partition 2                          39.1GB     System

Disk 0      Partition 3:OP7MP00P06  600.0MB    Primary

Disk 0      Partition 4                         199.0MB     Logical

Disk 0      Unallocated Space            200.1GB  

 

 

Anyway to rebuild the the drive to at least recover the data or reinstall Win7 without losing data.

 

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:57 AM

Posted 27 October 2013 - 09:23 PM

Hello and Welcome -

 

Please read Preparation Guide and post a new topic in Virus, Trojan, Spyware, and Malware Removal Logs

Please Do not post those logs Back Here.

 

Please post to the Malware Removal Logs area and describe your problem, even if you are unable to produce the requested logs, and an Expert will assist you with removal of the problem.

 

Please be patient as the Experts can get busy at times -

 

Thank You -


Edited by noknojon, 27 October 2013 - 09:25 PM.


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:57 AM

Posted 28 October 2013 - 05:58 AM

<<Anyway to rebuild the the drive to at least recover the data or reinstall Win7 without losing data.>>

 

Bad suggestion by Noknojon, IMO.  Topic is currently in AII, where personnel can take a look and move topic to appropriate forum for data-recovery efforts...once the presence of malware is negated/affirmed here in AII.  OP posted exact same topic in MRL, which I have deleted (no logs).

 

Louis



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:57 PM

Posted 28 October 2013 - 10:07 AM

Posted for a Non booting specialist to look here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:12:57 PM

Posted 28 October 2013 - 10:45 AM

Yeah, it sounds like the boot mgr needs to be rebuilt.



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:57 PM

Posted 28 October 2013 - 11:08 PM

Hi and welcome.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Cameron2010

Cameron2010
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 29 October 2013 - 02:27 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2013 01
Ran by SYSTEM on MININT-BTSSEUP on 29-10-2013 03:24:55
Running from F:\
WIN_7 Service Pack 1 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.
 
==================== Registry (Whitelisted) ==================
 
Attention: Software hive is missing.
 
ATTENTION: Software hive is not loaded.
 
 
==================== Services (Whitelisted) =================
 
 
==================== Drivers (Whitelisted) ====================
 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
 
==================== One Month Modified Files and Folders =======
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 3998.93 MB
Available physical RAM: 3473.56 MB
Total Pagefile: 3997.13 MB
Available Pagefile: 3453.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive d: () (Fixed) (Total:0.19 GB) (Free:0.19 GB) FAT
Drive e: (GSP1RMCPRXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
Drive f: (HITMANPRO) (Removable) (Total:14.5 GB) (Free:14.48 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E7E8E0A0)
Partition 1: (Not Active) - (Size=58 GB) - (Type=17)
Partition 2: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=600 MB) - (Type=1C)
Partition 4: (Not Active) - (Size=200 MB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: D2A0B0EF)
Partition 1: (Active) - (Size=15 GB) - (Type=0B)
 
==================== End Of Log ============================


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:57 PM

Posted 29 October 2013 - 12:37 PM

The main drive is not being recognized.

How many hard drives are in this computer?

Please download Listparts to a flash drive.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:


Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\ListParts.exe (for x64 bit version type e:\ListParts64.exe) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Put check mark on List BCD.
  • Press Scan button.
  • It will make a log (Result.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Cameron2010

Cameron2010
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 29 October 2013 - 12:50 PM

ListParts by Farbar Version: 20-10-2013
Ran by SYSTEM (administrator) on 29-10-2013 at 13:48:22
Windows 7 (X64)
Running From: F:\
Language: 0409
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 12%
Total physical RAM: 3998.93 MB
Available physical RAM: 3491.28 MB
Total Pagefile: 3997.13 MB
Available Pagefile: 3475.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
 
======================= Partitions =========================
 
2 Drive d: () (Fixed) (Total:0.19 GB) (Free:0.19 GB) FAT
3 Drive e: (GSP1RMCPRXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
4 Drive f: (HITMANPRO) (Removable) (Total:14.5 GB) (Free:14.48 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB  1024 KB         
  Disk 1    Online           14 GB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: E7E8E0A0
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             58 GB   200 MB
  Partition 2    Primary             39 GB    58 GB
  Partition 3    Primary            600 MB    97 GB
  Partition 0    Extended           200 MB    97 GB
  Partition 4    Logical            199 MB    97 GB
 
======================================================================================================
 
Disk: 0
Partition 1
Type  : 17
Hidden: Yes
Active: No
 
There is no volume associated with this partition.
 
======================================================================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C                RAW    Partition     39 GB  Healthy            
 
======================================================================================================
 
Disk: 0
Partition 3
Type  : 1C
Hidden: Yes
Active: No
 
There is no volume associated with this partition.
 
======================================================================================================
 
Disk: 0
Partition 4
Type  : 06
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D                FAT    Partition    199 MB  Healthy            
 
======================================================================================================
 
Partitions of Disk 1:
===============
 
Disk ID: D2A0B0EF
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             14 GB    31 KB
 
======================================================================================================
 
Disk: 1
Partition 1
Type  : 0B
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F   HITMANPRO    FAT32  Removable     14 GB  Healthy            
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: E7E8E0A0
Partition 1: (Not Active) - (Size=58 GB) - (Type=17)
Partition 2: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=600 MB) - (Type=1C)
Partition 4: (Not Active) - (Size=200 MB) - (Type=OF Extended)
 
==============================
Partitions of Disk 1:
===============
Disk ID: D2A0B0EF
Partition 1: (Active) - (Size=15 GB) - (Type=0B)
 
The boot configuration data store could not be opened.
The system cannot find the file specified.
 
 
****** End Of Log ****** 


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:57 PM

Posted 29 October 2013 - 01:12 PM

There is a problem with the type of partition on the main drive. Chances are it changed due to infection or the use of Hitman Pro from NTFS to RAW. There is no known way to change the partition from RAW to NTFS without losing the data, thus you will need to remove all partitions, re-repartition the disk, format and reinstall. If the computer is of a specific brand, then using the Recovery Disks to bring the computer to factory settings is a must.

 

Let me know anything else I can do for you.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Cameron2010

Cameron2010
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 31 October 2013 - 09:10 AM

Thank you all for the help. However, I was able to restore the partitions and rebuild the boot sector. Total drive recovered. No lost data.



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:57 PM

Posted 31 October 2013 - 09:38 AM

Thanks for the feedback.

 

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.  

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users