Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fell for ammyy scan and cannot boot, likely infected


  • This topic is locked This topic is locked
7 replies to this topic

#1 hglaser

hglaser

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:seattle
  • Local time:10:47 PM

Posted 21 June 2014 - 02:12 AM

Hello,

I allowed a caller from 'microsoft' remote access to my PC, sigh, and when I said I wouldn't pay them, they somehow prevented my pc from booting at all, even into safe mode + command line.

 

I hope my PC desktop is not a giant brick now, and hope to get it working.

I will be very grateful if someone can give me advice on what to do.

 

Its late PDT and I will check back in the morning

 

My PC 

intel core i7 x 58 pro

win 7 x64 professional

Boot drive is maxtor 6l200so

extra hd seagate barracuda

 I have current backup on justcloud, as well as a few local backups over the last two years 

Intel® i7 processors in the LGA1366 package
Supported QPI
Up to 6.4 GT/s
Chipset
North Bridge: Intel® X58 chipset
Memory Support
6 DDR3 DIMMs support DDR3 1600(OC)/ 1333/ 1066/ 800 SDRAM speed(Memory
 
Security software: MS security essentials

 

The sequence of events:

1. I allow download of remote software from ammyy.com from what I thought was Microsoft tech

2. They remotely show me 'errors' and ask for money

3. I dont pay and they threaten to 'disconnect me' saying pc wont work

4. I close connection, reboot and get windows boot error

'an unexpected i/o error has occurred'

error like 0xc00000f [ I looked this up, means cannot detect hard drive]

5. I ran seagate tools on both yesterday and both passed

 

So far:

1. booted from recovery disc in to windows logon screen, however I cannot use the keyboard  and mouse [ wireless or usb] to enter password, so cannot access system to see what's wrong

- its the same booting from recovery cd into windows, safe mode or safe with command line

 

2. on start - del - brings up setup

- All hard drives recognized and the other setting are correct compared to manual for motherboard

 

3. on start - F8 - startup repair and recovery options are missing

------------------------------------------------------------------------------------


Edited by hamluis, 21 June 2014 - 09:17 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hglaser

hglaser
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:seattle
  • Local time:10:47 PM

Posted 23 June 2014 - 06:10 PM

I was able to boot up from a win 7 x64 system builder dvd and windows starts.

mouse keyboard and other usb devices work fin

 

-------------------------------------- 

Step 1. Is my pc a brick? Answer: No

 

Help please

Should I follow the malware steps or is there a better way to start finding out what ammyy left on my pc?

 

Anyone who replies to me gets my undying gratitude.

 

Holly



#3 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:01:47 AM

Posted 23 June 2014 - 07:41 PM

 I would go to another Windows 7 64 bit computer and make a repair disc, then boot that computer from it and attempt a repair.  To make it, click Start -> Control Panel -> Backup and Restore -> Create system repair disc.  Insert a blank CD-R.

 

 When you've gotten your system back like you want it, I urge you to get yourself an external hard drive and a good 3rd party backup program. You can set it up to do everything automagically at the time and frequency of your choice. 1 TB external hard drives are about $60 these days and a really good FREE backup program is the Easeus Todo Backup Free.  That can save you a lot of time and frustration the next time something like this happens. Sooner or later it happens to all computers for one reason or another.
 
 Good luck.

Edited by wpgwpg, 23 June 2014 - 07:42 PM.

Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#4 hglaser

hglaser
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:seattle
  • Local time:10:47 PM

Posted 26 June 2014 - 11:00 PM

Thanks, i will power down and do repair.

 

what I did:

1 restart pc

2. press f8

3. choose repair your computer

4. fail

--------------------

1. restart pc

2. press f8

3. start in safe/ command line

4. ran sfc /scannow

5. success, files repaired!

6. searched for and removed ammyy files: aa.exe 3.4 and two web link local storage

7. searched for ammyy service but did not find it

---------------------

1. restart pc

2. f8

3. choose safe/ networking

4. system restore

5. failed

6. BSOD

---------------------

Something is wrong in my PC, once windows is open.

Two days ago, I ran seagate tools and discs are OK

So I think the issue is in the software.

----------------------------------------------

Next Step: read and run me first


Edited by hglaser, 27 June 2014 - 12:40 AM.


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:47 AM

Posted 27 June 2014 - 11:59 AM

Hi and welcome.

 

Lets give it a try.
 
Please download Farbar Recovery Scan Tool and save it to a flash drive.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
     
    If you are using Vista or Windows 7 enter System Recovery Options.
     
    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

     
     
    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
     
    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 27 June 2014 - 01:25 PM

Disregard.


Edited by JSntgRvr, 27 June 2014 - 02:13 PM.


#7 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 02 July 2014 - 01:30 PM

Disregard.


Edited by JSntgRvr, 02 July 2014 - 01:35 PM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:47 AM

Posted 27 July 2014 - 10:50 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users