Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unbootable computer


  • Please log in to reply

#91
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
OK, that's strange, if it boots in safe mode, it should normally boot into normal mode too

Run aswmbr again and save the log in a USB (if you don't have internet connection) and post it here

Then try to boot into normal mode again and see if it BSODs. If it does, check the error code and post it here
  • 0

Advertisements


#92
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
I ran mbam it found a few things now attempting normal boot
  • 0

#93
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
8e is the error code
  • 0

#94
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
OK, did you run aswmbr? Did it find anything?
  • 0

#95
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
I apoligise I'm posting this from my phone normal boot results in bsod safe mode works fine I'm now in safe mode with networking
  • 0

#96
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
About to run it now
  • 0

#97
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Erm I can't seem to see it on my desktop what would the command command line be to run it from desktop

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7488

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19120

25/08/2011 22:45:51
mbam-log-2011-08-25 (22-45-51).txt

Scan type: Quick scan
Objects scanned: 188677
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\LENOVO\AppData\Local\temp\22BE.tmp (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\LENOVO\AppData\Local\temp\42EB.tmp (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\LENOVO\AppData\Local\temp\E976.tmp (Trojan.Agent) -> Quarantined and deleted successfully.



I have internet on safe mode with networking

Edited by nortan360, 25 August 2011 - 03:57 PM.

  • 0

#98
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
What type of safe mode are you in? Safe mode / Safe mode with command prompt or safe mode with networking?
Try to boot safe mode with networking and download it again. If you can't, see if you can download it from a clean computer and then transfer it the infected one with a USB.
  • 0

#99
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Im in safe mode with networking i do have internet the scan is running but nothing found so far..
  • 0

#100
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Nothing found
  • 0

Advertisements


#101
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Boot with the CD, Select Repair your Computer and bring the computer to a command prompt. At the prompt type the following and press Enter:

BCDEdit /export c:\bcd_backup

Leave a space among the following arguments:

BCDEdit
/export
c:\bcd_backup


This command should be successful before continuing. It is always important to backup the BCD before rebuilding the store. If successful, at the prompt type the following and press Enter after each line:

Line 1

Attrib -r -s -h C:\boot\bcd

Leave a space among the following arguments:

Attrib
-r
-s
-h
C:\boot\bcd


Line 2

Ren C:\boot\bcd bcd.old

Leave a space among the following arguments:

Ren
C:\boot\bcd
bcd.old


Line 3

bootrec /rebuildbcd

Leave a space among the following arguments:

bootrec
/rebuildbcd



The computer will be scanned, and once the installation is detected a dialog box will appear asking if you want to add the installation to the boot list. Select Yes(Y)

After this type:
bootrec /fixboot

Leave a space among the following arguments:

bootrec
/fixboot


If successful, restart the computer and test.
  • 0

#102
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
I can boot but its just a black screen with mouse?
  • 0

#103
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
OK, load the CD again.
This time choose StartUp Repair.
Let it do its thing and tell me if it were able to fix any problems.
Then try to boot again and see if it's OK
  • 0

#104
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Im on now :)
normal boot
  • 0

#105
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
This rootkit seems to be getting better as time goes by... But it never succeeds at the end :)

Let's run some scans to make sure that you're clean:

Delete OTL, ComboFix, aswMBR and any other tool you used before. We're going to use new ones


Posted Image OTL Custom Scan
  • Download OTL to your Desktop
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under Extra Registry select Use Safelist
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.



Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image



Next:

Are you experiencing any other symptoms? How's the computer running? Are the BSODs still there?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP