[Elise]

Try to reset internet explorer: http://support.microsoft.com/kb/923737

[Advertisements]

it didnt work... the problem persists

also my laptop is really slow and keeps disconnecting from the internet (never happened before)
is there something i can scan it with to check its okay?

[LSEactuary]

it didnt work... the problem persists

also my laptop is really slow and keeps disconnecting from the internet (never happened before)
is there something i can scan it with to check its okay?

[Elise]

Is the laptop the computer we have been working on or another one? If the latter is the case you will have to start a new topic in the malware removal section, following the Start Here topic.

[LSEactuary]

its another computer... so ignore that.

i think my desktops still messed up though. the cookies box is always unchecked for some reason. and everytime i start the computer the MSE finds 1 threat and so i always have to clean the computer....

[Elise]

What does MSSE find (include also the file location).

[LSEactuary]

i will do a scan tomorrow again and post the results..

[Elise]

Okay!

[LSEactuary]

I've got a new problem with this computer now.

It was working fine in the morning (for my siblings) but now I want to use it and it doesn't work. 

Basically when I start it up from the mains and let it run it goes to the windows XP page and says loading but stays there forever.

There is also an option to open the last known good configuration - the same problem occurs.

I tried running it in safe mode - the weird white around comes up and then it freezes there.

I've tried safe mode with networking too - same problem.

I've tried keeping the internet off and trying it and then Internet on and trying to on it - none of that works.

What shall I do now? Because I was about to do the MSE scan and now can't!

[Elise]

Well, that is exactly where we started. Due to the identified infections, as explained earlier, I really think a reformat is your only option. Since you have no reinstall disks, best would be to verify for, and use the HP recovery partition.

In order to find that, do the following (no need to recreate the xPUD CD if you still have it):

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

• Run GETxPUD.exe
• A new folder will appear on the desktop.
• Open the GETxPUD folder and click on the get&burn.bat
• The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
• Click on Start and follow the prompts to burn the image to a CD.
• Download xPUDtestdisk.exe and save it to the USB device
• Double click xPUDtestdisk.exe to extract the contents to your USB device
• Remove the USB & CD and insert it in the sick computer
• Boot the Sick computer with the CD you just burned
• The computer must be set to boot from the CD
• Gently tap F12 and choose to boot from the CD
• Follow the prompts
• A Welcome to xPUD screen will appear
• Press File
• Expand mnt
• sda1,2...usually corresponds to your HDD
• sdb1 is likely your USB
• Click on the folder that represents your USB drive (sdb1 ?)
• Press Tool at the top
• Choose Open Terminal
• Type testdisk/testdisk_static
• Press Enter
  • The TestDisk command window will open
  • Choose Create and press Enter
  • TestDisk will now detect all local hard drives
  • Use the arrow (up and down) keys to highlight the disk called /dev/sda if it represents your primary hard drive and press Enter
  • If your not sure then note everything you see and post it for my review
  • Select Intel (even if you have an AMD processor) and press Enter
  • Select Analyse and press Enter
  • Select Quick Search and press Enter. If asked to search for Vista partitions, type N.
  • At the next screen all partitions should be listed.
  • At this poitn select [Quit] (or type Q) until you exit
• A log will be created in the root of the usb device
• Remove the USB drive and insert back in your working computer
  
  Please note - all text entries are case sensitive

Copy and paste the resultant log for my review

[LSEactuary]

here we go....

Attached Files

•  testdisk.log   2.04KB   363 downloads

[LSEactuary]

Sat Dec 11 18:12:09 2010
Command line: TestDisk

TestDisk 6.12-WIP, Data Recovery Utility, April 2010
Christophe GRENIER <[email protected]>
http://www.cgsecurity.org
OS: Linux, kernel 2.6.31.2 (#5 SMP Mon Dec 7 11:56:35 UTC 2009) i686
Compiler: GCC 4.4 - Jul 27 2010 17:00:22
ext2fs lib: 1.41.9, ntfs lib: 10:0:0, reiserfs lib: 0.3.1-rc8, ewf lib: 20080501
/dev/sda: LBA, LBA48, DCO support
/dev/sda: size 586072368 sectors
/dev/sda: user_max 586072368 sectors
/dev/sda: dco 586072368 sectors
/dev/sdb: LBA, LBA48, DCO support
/dev/sdb: size 586072368 sectors
/dev/sdb: user_max 586072368 sectors
/dev/sdb: dco 586072368 sectors
Warning: can't get size for Disk /dev/mapper/control - 0 B - CHS 1 1 1, sector size=512
/dev/sr0 is not an ATA disk
Hard disk list
Disk /dev/sda - 300 GB / 279 GiB - CHS 36481 255 63, sector size=512 - ATA ST3300822AS
Disk /dev/sdb - 300 GB / 279 GiB - CHS 36481 255 63, sector size=512 - ATA ST3300822AS
Disk /dev/sdc - 255 MB / 244 MiB - CHS 976 16 32, sector size=512 - USB DISK 2.0
Disk /dev/sdd - 1474 KB / 1440 KiB - CHS 960 1 3 (RO), sector size=512 - USB DISK 2.0
Disk /dev/sr0 - 67 MB / 64 MiB - CHS 32770 1 1 (RO), sector size=2048 - LITE-ON DVDRW SHM-165H6S

Partition table type (auto): Intel
Disk /dev/sda - 300 GB / 279 GiB - ATA ST3300822AS
Partition table type: Intel

Analyse Disk /dev/sda - 300 GB / 279 GiB - CHS 36481 255 63
Geometry from i386 MBR: head=255 sector=63
NTFS at 0/1/1
NTFS at 12748/1/1
get_geometry_from_list_part_aux head=255 nbr=6
get_geometry_from_list_part_aux head=8 nbr=1
get_geometry_from_list_part_aux head=16 nbr=1
get_geometry_from_list_part_aux head=32 nbr=1
get_geometry_from_list_part_aux head=64 nbr=1
get_geometry_from_list_part_aux head=128 nbr=1
get_geometry_from_list_part_aux head=240 nbr=1
get_geometry_from_list_part_aux head=255 nbr=6
Current partition structure:
1 * HPFS - NTFS 0 1 1 12747 254 63 204796557
2 E extended LBA 12748 0 1 36479 254 63 381254580
5 L HPFS - NTFS 12748 1 1 36479 254 63 381254517 [data]

[Elise]

Please rerun these steps, then at the point where you quit last time, press enter to continue. At the next screen, press Q to quit and post me the new testdisk log (please copy/paste the log).

[LSEactuary]

Sat Dec 11 18:59:08 2010
Command line: TestDisk

TestDisk 6.12-WIP, Data Recovery Utility, April 2010
Christophe GRENIER <[email protected]>
http://www.cgsecurity.org
OS: Linux, kernel 2.6.31.2 (#5 SMP Mon Dec 7 11:56:35 UTC 2009) i686
Compiler: GCC 4.4 - Jul 27 2010 17:00:22
ext2fs lib: 1.41.9, ntfs lib: 10:0:0, reiserfs lib: 0.3.1-rc8, ewf lib: 20080501
/dev/sda: LBA, LBA48, DCO support
/dev/sda: size 586072368 sectors
/dev/sda: user_max 586072368 sectors
/dev/sda: dco 586072368 sectors
/dev/sdb: LBA, LBA48, DCO support
/dev/sdb: size 586072368 sectors
/dev/sdb: user_max 586072368 sectors
/dev/sdb: dco 586072368 sectors
Warning: can't get size for Disk /dev/mapper/control - 0 B - CHS 1 1 1, sector size=512
/dev/sr0 is not an ATA disk
Hard disk list
Disk /dev/sda - 300 GB / 279 GiB - CHS 36481 255 63, sector size=512 - ATA ST3300822AS
Disk /dev/sdb - 300 GB / 279 GiB - CHS 36481 255 63, sector size=512 - ATA ST3300822AS
Disk /dev/sdc - 255 MB / 244 MiB - CHS 976 16 32, sector size=512 - USB DISK 2.0
Disk /dev/sdd - 1474 KB / 1440 KiB - CHS 960 1 3 (RO), sector size=512 - USB DISK 2.0
Disk /dev/sr0 - 67 MB / 64 MiB - CHS 32770 1 1 (RO), sector size=2048 - LITE-ON DVDRW SHM-165H6S

Partition table type (auto): Intel
Disk /dev/sda - 300 GB / 279 GiB - ATA ST3300822AS
Partition table type: Intel

Analyse Disk /dev/sda - 300 GB / 279 GiB - CHS 36481 255 63
Geometry from i386 MBR: head=255 sector=63
NTFS at 0/1/1
NTFS at 12748/1/1
get_geometry_from_list_part_aux head=255 nbr=6
get_geometry_from_list_part_aux head=8 nbr=1
get_geometry_from_list_part_aux head=16 nbr=1
get_geometry_from_list_part_aux head=32 nbr=1
get_geometry_from_list_part_aux head=64 nbr=1
get_geometry_from_list_part_aux head=128 nbr=1
get_geometry_from_list_part_aux head=240 nbr=1
get_geometry_from_list_part_aux head=255 nbr=6
Current partition structure:
1 * HPFS - NTFS 0 1 1 12747 254 63 204796557
2 E extended LBA 12748 0 1 36479 254 63 381254580
5 L HPFS - NTFS 12748 1 1 36479 254 63 381254517 [data]
Ask the user for vista mode
Allow partial last cylinder : No
search_vista_part: 0

search_part()
Disk /dev/sda - 300 GB / 279 GiB - CHS 36481 255 63
NTFS at 0/1/1
filesystem size 204796557
sectors_per_cluster 8
mft_lcn 786432
mftmirr_lcn 12799784
clusters_per_mft_record -10
clusters_per_index_record 1
HPFS - NTFS 0 1 1 12747 254 63 204796557
NTFS, 104 GB / 97 GiB
NTFS at 12748/1/1
filesystem size 381254517
sectors_per_cluster 8
mft_lcn 786432
mftmirr_lcn 23828407
clusters_per_mft_record -10
clusters_per_index_record 1
HPFS - NTFS 12748 1 1 36479 254 63 381254517 [data]
NTFS, 195 GB / 181 GiB
get_geometry_from_list_part_aux head=255 nbr=4
get_geometry_from_list_part_aux head=8 nbr=1
get_geometry_from_list_part_aux head=16 nbr=1
get_geometry_from_list_part_aux head=32 nbr=1
get_geometry_from_list_part_aux head=64 nbr=1
get_geometry_from_list_part_aux head=128 nbr=1
get_geometry_from_list_part_aux head=240 nbr=1
get_geometry_from_list_part_aux head=255 nbr=4

Results
* HPFS - NTFS 0 1 1 12747 254 63 204796557
NTFS, 104 GB / 97 GiB
L HPFS - NTFS 12748 1 1 36479 254 63 381254517 [data]
NTFS, 195 GB / 181 GiB

interface_write()
1 * HPFS - NTFS 0 1 1 12747 254 63 204796557
2 E extended LBA 12748 0 1 36479 254 63 381254580
5 L HPFS - NTFS 12748 1 1 36479 254 63 381254517 [data]

[Elise]

Hi, please start xPUD and click File (in the left panel).

Double click mnt (in the right panel) and let me know what is listed there (sda1, sda2, sdb...).

Let me also know the size of each volume (hover your mouse over the volume).

[LSEactuary]

This is what comes up:

sda1. 32 visible items (0 hidden). Free space: 79.3GB. Total: 104.9GB.
sda2. 0 visible items (0 hidden). Free space: 1050.0MB. Total: 1054.5MB.
sda5. 5 visible items (0 hidden). Free space: 185.8GB. Total: 195.2GB.
sda1. 9 visible items (0 hidden). Free space: 220.4GB. Total: 300.1GB.
sda1. 11 visible items (0 hidden). Free space: 221.0MB. Total: 225.6MB. This ones the USB.