Run aswmbr again and save the log in a USB (if you don't have internet connection) and post it here
Then try to boot into normal mode again and see if it BSODs. If it does, check the error code and post it here
Unbootable computer
Started by
Bismillah
, Aug 12 2011 12:48 PM
#91
Posted 25 August 2011 - 03:38 PM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
Run aswmbr again and save the log in a USB (if you don't have internet connection) and post it here
Then try to boot into normal mode again and see if it BSODs. If it does, check the error code and post it here
#92
Posted 25 August 2011 - 03:46 PM
Bismillah
- Topic Starter
-
- Member
-
- 514 posts
Member
I ran mbam it found a few things now attempting normal boot
#93
Posted 25 August 2011 - 03:48 PM
Bismillah
- Topic Starter
-
- Member
-
- 514 posts
Member
8e is the error code
#94
Posted 25 August 2011 - 03:51 PM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
OK, did you run aswmbr? Did it find anything?
#95
Posted 25 August 2011 - 03:51 PM
Bismillah
- Topic Starter
-
- Member
-
- 514 posts
Member
I apoligise I'm posting this from my phone normal boot results in bsod safe mode works fine I'm now in safe mode with networking
#96
Posted 25 August 2011 - 03:51 PM
Bismillah
- Topic Starter
-
- Member
-
- 514 posts
Member
About to run it now
#97
Posted 25 August 2011 - 03:55 PM
Bismillah
- Topic Starter
-
- Member
-
- 514 posts
Member
Erm I can't seem to see it on my desktop what would the command command line be to run it from desktop
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7488
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19120
25/08/2011 22:45:51
mbam-log-2011-08-25 (22-45-51).txt
Scan type: Quick scan
Objects scanned: 188677
Time elapsed: 5 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\LENOVO\AppData\Local\temp\22BE.tmp (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\LENOVO\AppData\Local\temp\42EB.tmp (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\LENOVO\AppData\Local\temp\E976.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
I have internet on safe mode with networking
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7488
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19120
25/08/2011 22:45:51
mbam-log-2011-08-25 (22-45-51).txt
Scan type: Quick scan
Objects scanned: 188677
Time elapsed: 5 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\LENOVO\AppData\Local\temp\22BE.tmp (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\LENOVO\AppData\Local\temp\42EB.tmp (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\LENOVO\AppData\Local\temp\E976.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
I have internet on safe mode with networking
Edited by nortan360, 25 August 2011 - 03:57 PM.
#98
Posted 25 August 2011 - 04:00 PM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
What type of safe mode are you in? Safe mode / Safe mode with command prompt or safe mode with networking?
Try to boot safe mode with networking and download it again. If you can't, see if you can download it from a clean computer and then transfer it the infected one with a USB.
Try to boot safe mode with networking and download it again. If you can't, see if you can download it from a clean computer and then transfer it the infected one with a USB.
#99
Posted 25 August 2011 - 04:07 PM
Bismillah
- Topic Starter
-
- Member
-
- 514 posts
Member
Im in safe mode with networking i do have internet the scan is running but nothing found so far..
#101
Posted 25 August 2011 - 04:10 PM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
Boot with the CD, Select Repair your Computer and bring the computer to a command prompt. At the prompt type the following and press Enter:
BCDEdit /export c:\bcd_backup
Leave a space among the following arguments:
This command should be successful before continuing. It is always important to backup the BCD before rebuilding the store. If successful, at the prompt type the following and press Enter after each line:
Line 1
Attrib -r -s -h C:\boot\bcd
Leave a space among the following arguments:
Line 2
Ren C:\boot\bcd bcd.old
Leave a space among the following arguments:
Line 3
bootrec /rebuildbcd
Leave a space among the following arguments:
The computer will be scanned, and once the installation is detected a dialog box will appear asking if you want to add the installation to the boot list. Select Yes(Y)
After this type:
bootrec /fixboot
Leave a space among the following arguments:
If successful, restart the computer and test.
BCDEdit /export c:\bcd_backup
Leave a space among the following arguments:
BCDEdit
/export
c:\bcd_backup
This command should be successful before continuing. It is always important to backup the BCD before rebuilding the store. If successful, at the prompt type the following and press Enter after each line:
Line 1
Attrib -r -s -h C:\boot\bcd
Leave a space among the following arguments:
Attrib
-r
-s
-h
C:\boot\bcd
Line 2
Ren C:\boot\bcd bcd.old
Leave a space among the following arguments:
Ren
C:\boot\bcd
bcd.old
Line 3
bootrec /rebuildbcd
Leave a space among the following arguments:
bootrec
/rebuildbcd
The computer will be scanned, and once the installation is detected a dialog box will appear asking if you want to add the installation to the boot list. Select Yes(Y)
After this type:
bootrec /fixboot
Leave a space among the following arguments:
bootrec
/fixboot
If successful, restart the computer and test.
#102
Posted 25 August 2011 - 04:26 PM
Bismillah
- Topic Starter
-
- Member
-
- 514 posts
Member
I can boot but its just a black screen with mouse?
#103
Posted 25 August 2011 - 04:27 PM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
OK, load the CD again.
This time choose StartUp Repair.
Let it do its thing and tell me if it were able to fix any problems.
Then try to boot again and see if it's OK
This time choose StartUp Repair.
Let it do its thing and tell me if it were able to fix any problems.
Then try to boot again and see if it's OK
#104
Posted 25 August 2011 - 04:41 PM
Bismillah
- Topic Starter
-
- Member
-
- 514 posts
Member
Im on now 
normal boot
normal boot
#105
Posted 25 August 2011 - 04:45 PM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
This rootkit seems to be getting better as time goes by... But it never succeeds at the end 
Let's run some scans to make sure that you're clean:
Delete OTL, ComboFix, aswMBR and any other tool you used before. We're going to use new ones
OTL Custom Scan
Next:
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Next:
Are you experiencing any other symptoms? How's the computer running? Are the BSODs still there?
Let's run some scans to make sure that you're clean:
Delete OTL, ComboFix, aswMBR and any other tool you used before. We're going to use new ones
OTL Custom Scan- Download OTL to your Desktop
- Double click on the
icon to run it. - Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top, make sure Stadard output is selected.
- Select Scan all users
- Check the boxes beside LOP Check and Purity Check.
- Under Extra Registry select Use Safelist
- Under the Custom Scans/Fixes box copy and paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Click the
button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open OTL.Txt in Notepad window.
- Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.
Next:
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Next:
Are you experiencing any other symptoms? How's the computer running? Are the BSODs still there?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
