Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Can't boot into Windows 10 because of Rootkit maybe...

  • This topic is locked This topic is locked
4 replies to this topic

#1 Grupart


  • Members
  • 1 posts
  • Local time:07:35 PM

Posted 13 August 2016 - 09:46 PM

My computer has recently been having some problems. Whenever I try to open up programs it is slow and then it crashes. Its been like that for a week and a half now and I tried my best to combat the problem. I ran in safe mode with networking and ran a bunch of anti virus scans like kaspersky, eset, malwarebytes, but all of them said I was good to go. Then I decide to download rogue killer and it finds a registry virus or whatever its called and under the detection tab it said that it is hidden from SCM and located in my Local machine. So I delete the viruses like Rogue told me to do then I boot up regularly, play my p.c. everything was running smoothed for once in a long time then I go on the web and then the problem is back again. Everything froze and I was forced to shut down. So then I decide to go back in to safe mode and run the rogue killer scan again and it detected the SAME VIRUS issue. I couldn't believe it. I installed kasperskys TDSS and that couldn't find what rogue found. So I deleted the files again and then decided to run ccleaner and ran a  I registry scan. I restart and now I can't boot properly. Maybe the spyware or whatever its called messed up my boot process and now I am left in the dark, literally. Any help will be apreciated!

BC AdBot (Login to Remove)


#2 polskamachina


  • Malware Response Team
  • 4,069 posts
  • Gender:Male
  • Local time:03:35 PM

Posted 14 August 2016 - 10:28 PM

Hi Grupart :)
My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.

#3 polskamachina


  • Malware Response Team
  • 4,069 posts
  • Gender:Male
  • Local time:03:35 PM

Posted 15 August 2016 - 02:34 PM

Hi Grupart :)
If you can boot to safe mode with networking, please follow these directions:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click Run as administrator
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log, Addition.txt - also located in the same directory from which the tool was run. Please also paste that, along with the FRST.txt into your next reply.


If you cannot boot into safe mode:

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system.

  • Plug the flashdrive into the infected PC.
  • Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options: Note: In case you cannot enter System Recovery Options by using F8 method, you can use a Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

    To enter System Recovery Options by using Windows installation disc:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Troubleshoot menu item.
  • Select Advanced options:
  • Select Command Prompt:
  • Once in the Command Prompt:
    • Type, notepad and press Enter.
    • Notepad will open. Under File menu select Open.
    • Select Computer and find your flash drive letter and close notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will create a log FRST.txt on the flash drive. Please copy and paste it into your next reply to me.

In summary, I will need the following logs copy and pasted into your next reply to me:

  • FRST.txt log
  • Addition.txt log (available only if running from safe or normal mode)

Let me know if you have any questions.



#4 polskamachina


  • Malware Response Team
  • 4,069 posts
  • Gender:Male
  • Local time:03:35 PM

Posted 18 August 2016 - 02:56 PM

Hi Grupart :)



It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
Please let me know if you have any questions.

#5 thcbytes


  • Malware Response Team
  • 14,790 posts
  • Gender:Male
  • Local time:06:35 PM

Posted 21 August 2016 - 09:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users