Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't clean install Win 7: Can't create partitions or clean disk. Remote hacked.


  • Please log in to reply
74 replies to this topic

#1 bleedle

bleedle

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:22 PM

Posted 04 July 2016 - 09:24 AM

Hi BC,

Couple months ago I spent some time in your malware forums trying to resolve issues with a constantly running Windows 7 media center which I noticed was running - not my - porn and bitcoins through. The issue progressed, solutions did not, files got locked, online access became scarce, and as I couldnt keep in timely contact with your well-intentioned helpers here, my thread was closed. To not be a burden on volunteer time, I left the idea of one on one help behind and sought additional insight on my own.

4 months after first noticing an issue, I have my same refurbished HP notebook with no accessible OS, no way to install one from disk, no income, and no hope.

I do have 12 weeks of notes from the most tenacious remote hack I believe exists. It has swallowed my entire home network and every machine in it, even those not configured for online access.

To start, I just want to get an OS on my laptop. I've long since kissed my data goodbye. I ran killdisk multiple times - the last time took 6 days - but I still have an X drive with a registry, command prompt, notepad, you name it, on my machine. I just dont have normal access to "windows"... all these individual programs I can access through command prompt.

Today I'm looking at a new security log called "backup" that starts, "administrative privileged user logged on. Parsing template defltwk.inf. Configuration engine was initialized successfully..."

I have an X drive but no C drive. I have 238Gb of unallocated space on a disk called "0" with no volumes attached. I have a volume called "0" with no disks attached. I have turned the internet inside out trying to get out of this nightmare...

...can you help me? Please?

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:22 PM

Posted 04 July 2016 - 10:07 AM

Hard drive manufacturer?

 

Can you enter the BIOS?

 

System manufacturer and model?

 

In spite of your assertions...the original topic reflects no evidence of malware found, IMO.

 

Louis


Edited by hamluis, 04 July 2016 - 10:08 AM.


#3 bleedle

bleedle
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:22 PM

Posted 04 July 2016 - 11:43 AM

What I wouldnt give hamluis... thanks for taking me on.

I have a SanDisk SSD
The only hard disk in my refurbished HP Probook 6460b, w/ Intel i5
If it helps, upon resetting the cmos battery it seems my motherboard is not the typical one used in the 6460b, but a related model.

I can get to my BIOS, not sure if I'm being presented all my options there. My disk is locked... I cannot find anywhere to unlock it. I have the passwords.

Ive waited 4 months, this is no longer urgent. Please enjoy your holiday - I can certainly wait another day.

Edited by bleedle, 04 July 2016 - 11:46 AM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:22 PM

Posted 04 July 2016 - 02:31 PM

System Specs

 

Louis



#5 bleedle

bleedle
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:22 PM

Posted 05 July 2016 - 10:50 AM

I'm the network, huh?
I just wanted a laptop. A single, standalone, super secured laptop...
Bleep.
Think this section on AMD will help get me back on track?

#6 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:01:22 PM

Posted 05 July 2016 - 11:07 AM

The "X" drive only appears in a recovery environment. It includes just the basic programs you described. Can you try the following for me?

Try this please. You will need a USB drive and a clean PC.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Download http://noahdfear.net/downloads/rst.sh to the USB drive
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located at sdb1 named enum.log
  • Plug that USB back into the clean computer and open it
Please note: If you have an ethernet connection you can access the internet by way of xPUD (Firefox). You can perform all these steps on your sick computer. When you download the download will reside in the Download folder. It can be found under the File tab also. You can similarly access our thread by way of this OS too so you can send the logs that way.

Please also note - all text entries are case sensitive

Copy and paste the enum.log for my review.
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 55,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:22 PM

Posted 05 July 2016 - 11:10 AM

To be honest...it seems to me that you've posted a lot of words...but I don't seem to be able to comprehend just what you think is a problem...or why you think that.

 

What error messages have you seen onscreen...and when did they appear?

 

In ofder to clean install on a laptop...you need either

 

    a,  A hard drive which reflects the restore-to-factory-defaults files which were installed by the laptop manufacturer for the purpose of reinstalling Windows.

 

    b.  A legal, Genuine Win 7 install disk, complete with valid license (if Windows 7 was not originally installed on said laptop.

 

Louis



#8 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:01:22 PM

Posted 05 July 2016 - 01:27 PM

We understand how frustrating this must be for you, but without clear description of your problem, the amount of help we can give is limited.
 

I have the disk from the refurbisher

In that case, hold off on my suggestion for a bit. Can you post a picture of the disk on a image sharing service such as Imgur and share the link here?

Thanks,
~Scath

Edited by Queen-Evie, 05 July 2016 - 09:03 PM.
edited to delete reference to another post which has been removed from this topic.

Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#9 bleedle

bleedle
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:22 PM

Posted 07 July 2016 - 04:28 PM

Of course Scath - it's pretty convoluted though, there's a LOT to it.

Let's get crackin...

 

I have this hosted on photobucket - please let me know if you need a different link, or if you were looking for something else entirely...:

https://ssl-proxy-updated.herokuapp.com/5ec9650d0697a670acec13dbbfada874aa34dd5b/687474703a2f2f69313132392e70686f746f6275636b65742e636f6d2f616c62756d732f6d3530392f64616b6f74615f6b6964312f53637265656e73686f7425323057494e372532304449534b253230434f4e54454e54535f7a707375636d776c6a756c2e706e67/

 

Screenshot%20WIN7%20DISK%20CONTENTS_zpsu



#10 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:01:22 PM

Posted 07 July 2016 - 11:01 PM

Hi bleedle,

That is exactly how I wanted the image posted, thank you. Unfortunately, I wasn't clear in my instructions it seems... I don't want a screenshot of the disk's digital contents. I would like a picture of the physical label printed on the disk so I can see what it looks like and read what words are printed on it. If you cannot post this for some reason (label is too reflective for a good shot, no access to a camera, or any other reason), a transcription of the printed words will suffice.
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#11 bleedle

bleedle
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:22 PM

Posted 08 July 2016 - 09:15 PM

Sorry - something felt like I might have been missing the obvious there.
they sent me matching 32 bit cd as well: d8f22db6-a09a-4914-82d0-f9faa6e07ba2_zps

Edited by bleedle, 08 July 2016 - 09:18 PM.


#12 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:01:22 PM

Posted 08 July 2016 - 09:38 PM

That appears to be a Win 7 installation disk. Do you know if your PC is 32 bit or 64 bit?
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#13 bleedle

bleedle
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:22 PM

Posted 11 July 2016 - 03:40 AM

As I mentioned before it is an HP Probook 6460b (it's a notebook/laptop) with Intel i5 processors. It came with a SanDisk SSD that I'm locked out of but have the passwords to, and came with 64 bit Windows preinstalled. The refurbisher sent me the 32 bit disk as well, it won't install either.

Edited by bleedle, 11 July 2016 - 03:41 AM.


#14 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:01:22 PM

Posted 11 July 2016 - 11:04 AM

So you cannot wipe the SSD and start fresh by installing Windows from the CD? I don't understand why this would be the case... Can you not boot from the CD Drive or something?
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#15 chalup

chalup

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 11 July 2016 - 11:23 AM

What exactly happens when you try to boot into windows? What happens when you insert the disk and restart the laptop? Have you went into the BIOS and changed the boot order?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users