Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

black scree with flashing underscore in upper left hand corner


  • This topic is locked This topic is locked

#16
jpcarlos

jpcarlos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
still didnt reboot in normal mode.

here is the log for the command replacement:

========== FILES ==========
File C:\WINDOWS\system32\command.com successfully replaced with C:\i386\command.com
File C:\WINDOWS\system32\cmd.exe successfully replaced with C:\i386\cmd.exe

OTLPE by OldTimer - Version 3.1.46.0 log created on 06222011_150617


I also attached the MBRDUMP file to this reply

Attached Files


  • 0

Advertisements


#17
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
The Master Boot Record is infected.

Boot to the OTLPE CD. On the Reatogo desktop there is an icon for MBRFix. Double click on it. A command window will be displayed. At the prompr type the following and press Enter after each line:


C:
cd C:\
MBRFix /drive 0 fixmbr



In the command above the drive is zero (/drive 0)

Once the process is completed, attempt to boot in Normal Mode. If successful, run Combofix as previously suggested.
  • 0

#18
jpcarlos

jpcarlos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It worked but should I start windows normally or last known good configuration? When i used the reatgo cd I went the the c hard drive and saw all my files. If I start it normally will it all still be there?
  • 0

#19
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts

It worked but should I start windows normally or last known good configuration? When i used the reatgo cd I went the the c hard drive and saw all my files. If I start it normally will it all still be there?

They should. Run Combofix as previously suggested.
  • 0

#20
jpcarlos

jpcarlos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It all worked! Thanks! The only thing is when you click on start and programs all of the shortcuts are gone but the programs are still installed. How do I bring back to the start menu? and here is the ComboFix log

Attached Files

  • Attached File  log.txt   13.84KB   112 downloads

  • 0

#21
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
Lets give this a try:

Step 1

Restore Accessories Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image

Once they are, click on the Restore button.


Step 2

Restore Admin Tools Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image

Step 3

This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder.


Attached File  Repair.zip   896bytes   91 downloads


  • To use this, download the attached zip file
  • Extract the repair.vbs file to your desktop
  • Run the repair.vbs
  • It will ask for a folder name call it recovery
  • The tool will let you know when it is finished
  • On the desktop will be a recovery folder
  • Open the folder
  • Cut and Paste the links that you want to C:\documents and settings\your user name\start menu
Posted Image
Posted Image

This last step will create more links than what you need. Just only use those you need.

Let me know how this goes.

Lets scan for remnants:

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#22
jpcarlos

jpcarlos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I figured out that the programs foler was marked as hidden thats why nothing showed up on the start menu. Here is the log file from the malware scan:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6936

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/23/2011 10:14:50 PM
mbam-log-2011-06-23 (22-14-49).txt

Scan type: Quick scan
Objects scanned: 234054
Time elapsed: 9 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#23
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
Thanks for the feedback.

All seems clear. How is the computer doing?
  • 0

#24
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP