Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop is unable to boot after Trojan and Rootkit removal


  • This topic is locked This topic is locked
1 reply to this topic

#1 ziltoidomni

ziltoidomni

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 15 March 2017 - 11:57 AM

I have a lenovo laptop running Windows 7 Home Premium that had a pretty nasty infection that placed itself in the master boot record. It was bluescreening and giving a lenovo specific error that pointed to rootkit infection. I was able to boot the laptop to a Windows 7 PE disk and get the command prompt open. I used Bootrec /fixmbr and rebooted successfully. I did a quick scan with Hitman pro just to see what we're dealing with, and Hitman immediately returned a result of an Alureon or Alureon variant rootkit infection. Immediately, I used msconfig to switch to safemode and reboot. Here, I used Kaspersky TDDSKiller, MBAM Anti-Rootkit, Combofix, Hitman Pro, Adwcleaner, SuperAntiSpyware, and Malwarebytes to clean the system. All programs found and successfully removed infections.

 

I rebooted the machine successfully, but then rebooted again after resetting the msconfig options back to normal boot. This is where the real problems started. System POSTs and boots windows, but the firefly animation gets half way through and freezes. Flash of blue, and the machine attempts to restart. 

 

- Startup repair does not work

- A restore point created after removing the infections in safe mode does not work. 

- Bootrec commands do not work: fixmbr is successful, but does not change anything. Fixboot does not complete citing some corruption that makes it unable to write a new bootsector. 

- Attempted rebuilding the BCD. Not effective. 

- No image to restore from.

 

I then found this forum and followed instructions to generate an FRST report for you guys to look through. This is where my expertise is limited. I don't know what to look for in the logs, and I'm hoping you can help me figure out what needs to be included in the fixlog for FRST to fix. 

 

FRST log: 

Spoiler



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:50 AM

Posted 16 March 2017 - 12:06 PM

Closing duplicate.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users