Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Restorer Virus - PC now continually Restarting


  • This topic is locked This topic is locked

#1
slinger1937

slinger1937

    Member

  • Member
  • PipPip
  • 27 posts
My PC continually starts to the Windows XPPro screen and then reboots. I am certain it is Windows Restore because it appeared on my screen, and I activated it before I realised what I had done.

I have downloaded OTLPEStd.exe and reached the stage where a REATOGO-X-PE desktop has appeared on my bad PC.

I am way out of my depth here, although I can follow instructions.

But I am at a complete loss on how to Find, Copy, and Paste the long list of .dll, sys and other files to my Flash drive to get them to the bad PC.

I cannot find them in C:\ of the good PC.

Thank you.
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Boot to the Reatogo desktop. Doubleclick on My computer. Which letter is assigned to the Local Drive? I believe there is a second hard drive. Check in the Root directory of the secondary drive. It should appear as OTL.txt.

When you ran OTLPE, were there any error messages?
  • 0

#3
slinger1937

slinger1937

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello again and thanks.

Local drives Ramdisk (B) 63.9 MB Free space 59.5 MB

Local Disc © nothing showing

Internal 1 (D) 76.3 GB Free space 42.9 42.9GB

When I open the internal 1 Drive all I can see is:

Recycler - System Volume Information - and An Acronis Backup from June 2010 - I seldom use this drive because it is a Partition on the C Drive

I used the Search option to find the File OTL.txt but there were no results

When I double click on C: drive a window appears saying "C;\ is not accessible"

The Properties of C: drive say Disc full - File system RAW
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
I am concern with that error message. Chances are there are damaged sectors and clusters in the hard drive, or problems with the boot tables.

I was under the impression you had a second hard drive. Lets run an utility to check for errors in the C: drive. Let me know if you experience any error message.

Boot to the Reatogo desktop. Bring the computer to a command prompt as follows:

Click on the Start button. Type CMD in the run box and click OK. At the prompt type the following and press Enter

CHKDSK C: /R

This test should take a considerable amount of time. Be patient. Once completed type Exit and press Enter.

If the test is conducted without a problem, restart back to the Reatogo desktop and re-attempt OTLPE. Let me know the outcome.
  • 0

#5
slinger1937

slinger1937

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Brilliant, the CHKDSK found 12 bad Sectors.

In "My Computor" C: Drive has now appeared with 58.3 GB Toatal size and 10.1 GB Free

I opened C: drive and browsed for a moment, it looked very good.

OTLPE opened up fine but I am sorry, I just do not understand how to copy and paste the long file list.

I also did a search in REATOGO for OTL.txt but could not find it..

Thanks for your patience once again.
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Here are the steps:

In Reatogo, right click on the Start button abs select Explore. Browse to the C: drive. The OTL.txt log should be present in the C:\ folder. Right click on the OTL.txt and select Copy. Then browse to the drive that represent your USB drive. right click on a empty space and select Paste. That should copy the C:\OTL.txt file to your USB.

Put the USB in a working computer, open it in Notepad. Highlight its contents and right click over the highlighted text and select Copy. Right click on a reply and select Paste. That should paste the contents of the file in a reply. Submit the reply.

Let me know if you have a problem in one of these steps.

Does a Notepad document pups up after the scan is finished?
  • 0

#7
slinger1937

slinger1937

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
JSntgRvr, I checked c: drive as instructed but could not find the OTL.txt file.
I did a search of *.txt there were about 1500, but still I could not see it.

I am now running CHKDSK c: /R to see if there will be any change.

Pete
  • 0

#8
slinger1937

slinger1937

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
The CHKDSK has just finished still 12 kb in bad sectors, but I still could not find OTL.txt.
  • 0

#9
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
The only reason I know a log is not produced is when the drive is not recognized. OTLPE, once the scanning is done, a report should appear on screen. Is that happening?

Download the enclosed file. Attached File  DrvRecognize.zip   359bytes   75 downloads

Save and extract its contents to the desktop, then copy the DrvRecognize batch file to the USB drive. Insert the USB drive in the sick computer and while in Reatogo, double click on the DrvRecognize batch file. A log.txt should be produced. Please post its contents to the desktop.
  • 0

#10
slinger1937

slinger1937

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
If you mean is a report generated on the aompletion of CHKDSK the answer is Yes.

I will now download the file as instructed.

Thanks.
  • 0

Advertisements


#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
No. At the completion of the OTLPE scan.
  • 0

#12
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Just going thru the posts:

I am certain it is Windows Restore because it appeared on my screen, and I activated it before I realised what I had done.


Perhaps you are using the wrong terminology here. What really happened?
  • 0

#13
slinger1937

slinger1937

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Sorry to waste your time :)

It was "Windows Recovery" when I switched on it appeared saying it had detected problems or something on my desktop (its so long ago now).

My son said he had been looking in EBay before me, and the PC was fine when he turned it off.

Without thinking I activated it to do a check, from then on things went from bad to worse.

I have now followed your instructions, I now have the Log - Notepad on the Reatogo Desktop. copied it to my Flash drive.

Should I copy and paste here so that you can see?

** At the top of the Log it says "Root Drives Recognised" C:\ D:\ F:\ X:\

Thanks

Edited by slinger1937, 04 May 2011 - 11:05 AM.

  • 0

#14
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
"Windows Recovery" the Rogue Security Program?

Should I copy and paste here so that you can see?


Yes, please.
  • 0

#15
slinger1937

slinger1937

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello again, "Windows Recovery" yes, that was it!

** I have just noticed in the following list:-

04/26/2011 07:05 AM <DIR> WINDOWS

I may be wrong but I think that was the time that my PC stated to go wrong??


I hope this is of help:-


.Root Drives recognized

C:\, D:\, F:\, X:\,

Volume in drive C has no label.
Volume Serial Number is 8CB0-B8B5

Directory of C:\

03/29/2009 02:40 AM <DIR> $WIN_NT$.~BT
04/11/2011 03:55 PM 211 boot.ini
04/22/2011 03:36 PM <DIR> Config.Msi
03/07/2011 05:18 AM 736 DadandPat.wcinv
09/04/2010 02:32 AM 0 Debug.QC6
06/24/2010 10:02 AM <DIR> Documents and Settings
04/11/2011 12:31 PM <DIR> FTW
12/29/2009 03:15 AM <DIR> GSP
12/02/2009 07:41 PM <DIR> I386
02/15/2009 01:23 AM 0 IO.SYS
02/07/2010 03:44 AM 455 IPH.PH
05/06/2010 03:45 AM 109 mbam-error.txt
02/15/2009 01:23 AM 0 MSDOS.SYS
09/04/2010 02:33 AM 43,254 MSIInstall.log
02/15/2009 03:31 AM 47,564 NTDETECT.COM
08/06/2009 01:43 PM 250,048 ntldr
12/02/2009 01:58 PM <DIR> NVIDIA
04/26/2011 07:18 AM 805,306,368 pagefile.sys
08/14/2010 02:01 AM <DIR> ppwork
04/22/2011 03:33 PM <DIR> Program Files
05/04/2011 05:16 PM <DIR> RECYCLER
04/12/2009 07:46 AM <DIR> spoolerlogs
04/10/2011 01:45 PM <DIR> System Volume Information
02/02/2010 04:52 PM <DIR> thumbs
08/23/2001 08:00 AM 449,748 txtsetup.sif
12/27/2009 03:15 PM <DIR> unzipped
04/26/2011 07:05 AM <DIR> WINDOWS
04/20/2011 01:27 PM 2,509 winzip.log
13 File(s) 806,101,002 bytes
15 Dir(s) 10,952,273,920 bytes free

Volume in drive D is Internal 1
Volume Serial Number is D832-3B92

Directory of D:\

05/02/2011 05:35 AM <DIR> RECYCLER
04/10/2011 01:45 PM <DIR> System Volume Information
06/14/2010 01:26 AM 35,718,155,264 Tower - 14th June 2010.tib
1 File(s) 35,718,155,264 bytes
2 Dir(s) 46,150,021,120 bytes free

Volume in drive F has no label.
Volume Serial Number is 004D-4F81

Directory of F:\

06/10/2010 10:27 AM 1,005 DrvRecognize.bat
05/04/2011 11:36 PM 52 Log.txt
2 File(s) 1,057 bytes
0 Dir(s) 8,414,023,680 bytes free

Volume in drive X is ReatogoPE
Volume Serial Number is A8CB-875C

Directory of X:\

03/24/2006 07:06 AM 53 AUTORUN.INF
03/09/2011 08:46 AM <DIR> I386
03/09/2011 08:38 AM <DIR> PROGRAMS
03/09/2011 08:45 AM <DIR> SFX
03/09/2011 08:38 AM 0 WIN51IP
03/09/2011 08:38 AM 0 WIN51IP.SP2
07/16/2005 05:36 PM 240,128 reatogoMenu.exe
03/09/2011 08:44 AM 1,052 reatogoMenu.ini
5 File(s) 241,233 bytes
3 Dir(s) 0 bytes free

Edited by slinger1937, 04 May 2011 - 03:20 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP