If you have any questions regarding the steps below, do not hesitate to ask.
Step One
We are going to try boot into your own windows installation. Please follow the steps below.
On a clean XP machine
- Please do the following:
- Go to Tools (drop-down menu at the top of the window)
- Go down and click Folder Options
- Click on the View tab
- Find and select the "Show Hidden files"
- Find the Hidden Files and Folders, find "Hide extension for known file types" and uncheck it (if it's already checked)
- Click Apply, and then Ok at the bottom.
- Close the window
Next
- Insert your USB Flash Drive (UFD).
- Download hpusbfw.exe to your Desktop.
- Double click "hpusbfw.exe" to run HP USB Disk Storage Format Tool 2.0.6.0.
- Choose your USB under "Device"
- For "File system", choose "FAT"
- Under "Volume label", type in the name "Bootloader"
- Leave un-checked "Quick Format" and "Create a DOS startup disk"
- Click "Start"
- Copy these two files, from the root of the Windows drive (C:\) to the UFD:
NTLDR
Ntdetect.com
Next
- Open Notepad (go to Start>All Programs>Accessories and click Notepad)
- Copy the contents of the codebox below using CTRL+C (or selecting all the text in the box, and right clicking on it and selecting Copy)
[boot loader] timeout=-5 default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Emergency Boot Loader" /fastdetect /NoExecute=OptOut multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Safe Mode" /safeboot:minimal /sos
- Now return to Notepad and use CTRL + V (or rightclick on the whitespace and Paste) to paste the script
- Verify that you have pasted the complete script
- Save the Notepad file to the UFD as "boot.ini" using Save as Type: All files
Your Emergency Bootloader is now ready.
Booting using the Emergency Bootloader.
- Insert the USB (UFD) to the ailing computer.
- Reboot the system using the UFD Bootloader you just created.
- In the Boot Options, select Emergency Boot Loader
Alternatively, pressing F12 during the boot up process will bring up Boot Drive Options
Note : If you do not know how to set your computer to boot from USB follow the steps here
Step Two
Please read carefully and follow these steps.
- Download TDSSKiller and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If a Malicious file is detected, the default action will be Cure, click on Continue
- If a Suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step Three
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
- Double click on Combofix.exe and follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Edited by Salagubang, 21 November 2010 - 08:26 AM.