Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help needed with repairing damage caused (probably) by Downloader.Upatre!g15


  • Please log in to reply
1 reply to this topic

#1 AnthonyAppleyard

AnthonyAppleyard

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 15 February 2016 - 01:33 AM

Computer: Hewlett Packard Envy
Operating System: Microsoft Windows 10 (64-bit)
 
Help needed with repairing damage caused (probably) by Downloader.Upatre!g15 virus.

I have a desktop tower PC running Windows 10 Home, version 1511, OS build 10586.104, Hewlett-Packard.  It has a second hard disk to restore the system from. No external system restore disks came with it. I am in England.

I bought it with Windows 8 installed, and over time it gradually auto-upgraded itself, then to Windows 8.1, then to Windows 10.

* Friday 5 Feb 2016: Something (not me) installed OneDrive on my computer as a program run on startup. (I have now disabled OneDrive on the startup program list.)
* Saturday 6 Feb 2016 morning: My computer ran OK.
* Saturday 6 Feb 2016 afternoon: it had a glitch while working, and after that it went through variations of this lengthy process whenever I started it:-
** Screen black with blue (hp) symbol.
** Screen went blue with spinning circle of white dots.
** The dots stopped spinning, The screen went black, then a blue (hp) appeared,
** This process took over 6 minutes.
** ">> Start of PXE over 1Pv4" appeared, with blue (hp}.
** After nearly a minute, "PXE-E18 server response timeout" appeared, with blue (hp).
** After a minute and a bit, ">> Start of PXE over 1Pv4" appeared.
** "ERROR: NO BOOT DISK HAS BEEN DETECTED OR THE DISK HAS FAILED" appeared, and repeated whenever I pressed the RET key.
** 26 seconds later, I pressed ctrl-alt-del.
** The screen went black with a blue (hp) logo, After 2 minutes 35 seconds later, Windows came up and ran normally.
* If during running I let the computer go into rest mode, afterwards it sticks on restarting and refuses to keep running.
* Sunday 7 Feb afternoon: a neighbour took me and the computer to a computer supply and repair shop. I told them what had happened, in writing, and I went home, and they said that they would telephone me with any information.
* Monday 8 Feb: I stayed in earshot of my telephone all day. No call. Pelting rain all day prevented me from going to that shop to enquire.

* Tuesday 9 Feb c.9 am: The neighbour took me to that shop. They had been running a test program on my computer for 18 hours in continuous loop, and it had found no faults and no damaged disk sectors. They had theorized about a bad boot sector; but there must have been a good boot sector somewhere, for Windows to finally start from. They told me that the PXE-E18 stuff was the computer trying to boot itself from a remote boot sector via the internet. My computer seemed to start OK, so I thanked them and took my computer home.
* Tuesday 9 Feb later: I ran my computer. This time it was not right but went through another lengthy process whenever I started it:-
** "ERROR: NO BOOT DISK HAS BEEN DETECTED OR THE DISK HAS FAILED" appeared, and repeated whenever I pressed the RET key.
** I pressed ctrl-alt-del. A long wait (some minutes) with black screen and sometimes a (hp) logo. Finally, the "PXE-E18 ..." sequence appeared.
** I quickly switched the computer off and on. Normal but rather lengthy bootup to Windows 10, and I could use my computer at last.

* I suspect that somewhere in the register or a system file, the list of what drives to try to boot from in what order, has been corrupted, and needs to be corrected. I would prefer to avoid the long complicated job of re-installing all my software on a new disk or a new computer.
* I suspect that "ERROR: NO BOOT DISK ..." is where the computer tried to boot from a nonexistent disk or from a disk that has never had a boot sector.
* I was told that "PXE-E18 ..." is where the computer tried to boot up from something external.

After this I ran a full antivirus scan with Nortons and it found and (said that it had) removed 5 instances of Downloader.Upatre!g15 and one instance of PUA.Gen.3 ; but damage done by the virus remains.

 

I suspect that my Nortons antiviral has been acting like an over-officious policeman and running far too many full antiviral sweeps during this, whence the lengthy waits and delays. Or something left from the virus has still been running wasting my computer's time. Sometimes 15 minutes has passed until my computer is up and running.

 

I have disabled OneDrive in the list of run-on-startup programs.

In my computer's bootup alternatives I found and disabled two boot options 1Pv4 and 1Pv6; after that, "PXE-E18 ..." does not happen.

I suspect that "ERROR: NO BOOT '''" came from my computer trying to boot from a nonexistent drive or from a drive that has never had a boot sector.

If I press F1 while my computer is booting, I currently get these boot options:-

UEF1 boot services
    Windows Boot Manager
Legacy Boot Services

If I boot without pressing a key (which I suppose means from UEF1 boot services), I get "ERROR: NO BOOT ...".

If I boot from Windows Boot Manager, I less often get "ERROR: NO BOOT ...".

My computer still takes an inordinately long time to boot up.

It seems to run programs etc OK; but if I let it idle until it times out and goes into power-saving disk-not-spinning mode, when I press a key to re-activate it afterwards, it jams and I must switch the computer off-and-on.
 
PLEASE: How can I repair the damage done by Downloader.Upatre!g15 ?, even if I must edit or replace individual system files. I don't want to go through the long tedious job of re-installing Windows and then re-installing all my software and files.
 

P.S : I can examine and edit the Registry, if I am told where in the Registry to go and what to look for and do there.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If I keep F1 pressed during bootup, and then press F10 instead of ESC, I get various choice tables including these boot options:-

 

UEF1 Boot Sources

   USB Hard Drive

   Windows Boot Manager

   USB Floppy/CD

  UEF1: IPv4 Atheros Network: Disabled

  UEF1: IPv6 Atheros Network: Disabled

Legacy Boot Sources: Disabled

 

and options to disable or enable each option, and option to choose any of them as the choice to boot from.

 

I disabled UEF1: IPv4 and UEF1: IPv6 earlier to stop the "Start of PXE over 1Pv4 ..." events from happening.

 

The "disabled" lines are shown faint on the screen.

 

Should I disable any more of these options?

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

https://en.wikipedia.org/wiki/Storm_Worm :: This Wikipedia page may be relevant here.

 

 



BC AdBot (Login to Remove)

 


#2 Niweg

Niweg

  • Members
  • 802 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:07:22 AM

Posted 15 February 2016 - 01:26 PM

 It sounds like your hard drive is failing.  I'd back up anything you don't want to lose, preferably a full system backup to an external hard drive.  Then I'd download hard drive diagnostics from WD or Seagate and run them, paying particular attention to the SMART data.  It may be time to replace that hard drive.  FWIW Seagate drives have had significantly worse than average failure rates the last couple of years.

 

 Good luck.


Make regular full system backups or you'll be sorry sooner or later.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users