Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit malware, ran hijack [Hitman} pro, can't boot computer


  • This topic is locked This topic is locked
4 replies to this topic

#1 Agent_J

Agent_J

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 22 April 2014 - 08:43 PM

Hello,
I had a malware infection, rootkit, ran hijack pro to fix it and now my computer will not boot. I get a black screen after the memory and CPU diagnostics.
I can't only get into the bios, no f8 advanced recovery option.
Computer is windows vista.
Thank you for help in advance.

Adding in content from duplicate topic. ~ OB

Hello, my PC is running Windows Vista 32-bit (x86). I noticed iexplorer.exe kept running multiple instances and took up all my CPU and RAM after downloading "flashinstaller.exe" from a legitimate looking pop-up on a website. I ran HitmanPro, clicked remove all, restarted my computer and now I can not boot the computer, get a black screen after cpu/ram diagnostics. Think the MBR was deleted?

End of added content. ~ OB

Edited by Orange Blossom, 26 April 2014 - 12:57 PM.


BC AdBot (Login to Remove)

 


#2 Agent_J

Agent_J
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 22 April 2014 - 08:55 PM

Forgot to add my mbr must have been deleted

#3 Agent_J

Agent_J
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 23 April 2014 - 08:55 PM

edit: made an error in my OP, I used hitman pro, not hijack pro

 

Okay I was able to run the x32 (x86) bit systems Farbar Recovery Scan Tool and save it to a flash drive after burning a recovery disc. Here is the link in case any other OEM Vista users need it.

http://c4consulting.com.au/vista-recovery-disc

 

I was stuck for a bit because my C:\ Drive was not recognized and spent an hour trying all the different .inf files on the (Boot) X:\

But I found out you just have to ignore it, click next and it will bring you to the System Recovery Options. So here are my results, thanks again in advance for help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by SYSTEM on MINWINPC on 23-04-2014 21:43:41
Running from F:\
WIN_VISTA (X86) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
ATTENTION: Software hive is missing.
ATTENTION: Software hive is not loaded.
ATTENTION: System hive is not loaded.
 
========================== Services (Whitelisted) =================
 
 
==================== Drivers (Whitelisted) ====================
 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
 
==================== One Month Modified Files and Folders =======
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 2549.81 MB
Available physical RAM: 2220.62 MB
Total Pagefile: 2349.67 MB
Available Pagefile: 2215.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1985.66 MB
 
==================== Drives ================================
 
Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
Drive e: (ServiceV002) (Fixed) (Total:6.92 GB) (Free:2.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 95F3457A)
Partition 1: (Not Active) - (Size=7 GB) - (Type=27)
Partition 2: (Active) - (Size=142 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 960 MB) (Disk ID: 73696D20)
No partition Table on disk 1.
 
==================== End Of Log ============================

Edited by Agent_J, 23 April 2014 - 09:03 PM.


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:56 AM

Posted 27 April 2014 - 12:16 PM

Since you are already being helped here:

http://www.geekstogo.com/forum/topic/338746-rootkit-malware-ran-hitmanpro-cant-boot-computer/

 

I am going to close this topic.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:56 AM

Posted 27 April 2014 - 12:16 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users