Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

BOOT from CD-ROM issues

Started by sremed , Oct 17 2011 01:08 PM

This topic is locked

#1
sremed

Posted 17 October 2011 - 01:08 PM

Member

Member
17 posts

I have AVG Free addition and Ad-Aware installed. When I got infected AVG popped up with a list of about 8 or 9 infections. I remember seeing the word Katusha in some of them. However, now I can't run a scan with either program, I can't uninstall or re install them, and I can't install any new virus software. My home page (yahoo.com) seems to open okay, but when I enter a search and click on a link I get redirected to another page. I also have MBam, malwarebytes anti-malware, but when I click on the icon I get an error saying "Windows cannota ccess the specified device, path or file. You may not have the appropriate permission to access the file.

#2
Essexboy

Posted 17 October 2011 - 01:39 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there I have two programmes for you to run - if the first fails then go directly to the second

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

SECOND

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#3
sremed

Posted 17 October 2011 - 03:59 PM

Member

Topic Starter
Member
17 posts

I can't download the first program. I downloaded the second one but when it scaned it froze up.

#4
sremed

Posted 17 October 2011 - 05:13 PM

Member

Topic Starter
Member
17 posts

It has now added a bunch of files to my computer with names like ntuser.dat.LOGOw, ntuser.dat, ntuser.ini, etc. It won't allow me to delete anything - I get a message that the recycle bin is corrupted. And it keeps switching my page over to some immseeking or immsellling website. I can't get into any of the virus scan software I have installed, it tells me I don't have permission to access. I'm not 100% certain it's that katusha thing, I just remember seeing that name when it first popped up. Any help is greatly appreciated.

#5
sremed

Posted 17 October 2011 - 05:14 PM

Member

Topic Starter
Member
17 posts

I can download the OTL, but when I hit scan it just disappears. The combofix downloads but when I hit scan it just freezes.

#6
Essexboy

Posted 18 October 2011 - 11:00 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets work outside of windows if at all possible
Do you have access to another computer to burn a CD ?

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn

Double click Dr Web
IMGBurn will open
Burn the ISO to a cd

Reboot the infected computer with the CD in the drive
Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
Use arrow keys to select DrWeb-LiveCD (Default)
When the system is loaded, check the disks or folders you want to scan, and click on “Start”.
The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
Once completed reboot to normal windows
No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

#7
sremed

Posted 18 October 2011 - 02:19 PM

Member

Topic Starter
Member
17 posts

It says:
No boot device available
SATA 0: Installed
SATA 1: Installed
SATA 2: none
SATA 3: none

#8
Essexboy

Posted 18 October 2011 - 02:24 PM

GeekU Moderator

Retired Staff
69,964 posts

OK we will try one more programme from CD

OK next we will work outside of windows then Please print these instruction out so that you know what you are doing

Download OTLPENet.exe to your desktop
Ensure that you have a blank CD in the drive
Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy
Double-click on the OTLPE icon.
Select the Windows folder of the infected drive if it asks for a location
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start
Drag and drop this attached scan.txt into the Custom scans and fixes box, or double click the scan box[attachment=53047:scan.txt]
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system
Right click the file and select send to : select the USB drive.
Confirm that it has copied to the USB drive by selecting it
You can backup any files that you wish from this OS
Please post the contents of the C:\OTL.txt file in your reply.

#9
sremed

Posted 18 October 2011 - 03:08 PM

Member

Topic Starter
Member
17 posts

Okay. Let me make sure I'm setting the problem computer up correctly. I'm using my wife's laptop to burn the CD's. My computer (the one with the issues) is a Dell Inspiron. When it starts I hit F2 to get to the set up screen. From there I go to boot priority and have them set as such:
First Boot Priority [CD/ROM]
Second Boot Priority [Hard Disc]
Third Boot Priority [Removable]
Fourth Boot Priority [Disabled]

Under the CD-ROM Group Boot Priority heading there is only one option:
1. 4th Master: TSSTcorp DVD +/- RW TS-H653F

Does That look right?

#10
Essexboy

Posted 18 October 2011 - 03:16 PM

GeekU Moderator

Retired Staff
69,964 posts

Yep that looks right

#11
sremed

Posted 18 October 2011 - 04:23 PM

Member

Topic Starter
Member
17 posts

Okay. Just a couple more questions because I just realized I'm running low on blank CD's and I'd like to get this done.
(1). I downloaded OTLPENet to my desktop. If I double click on it, it doesn't open in Imageburn, it opens in the typical dialog window with the option to "Run" or "Cancel"

First question, when I downloaded OTPLENet.exe, why couldn't I download it directly to the CD instead of my desktop? Just curious more than anything.

Second, can I just copy and paste it to the CD and then hit "Write these files to CD"? I guess I'm not exactly clear on how exactly this needs to be burned to the CD in order for my other computer to be able to boot it when it starts. Is there something that the ImagBurn program does to the file that is different from just burning it to the CD using other methods?

Just curious because I know the DVD-ROM drive on my pc works. I followed the instructions for the last program you asked me to download. Curious as to why it said "No boot device available" and want to make sure if it was a mistake I made, I don't do it again.

Edited by sremed, 18 October 2011 - 04:38 PM.

#12
sremed

Posted 19 October 2011 - 09:57 AM

Member

Topic Starter
Member
17 posts

I downloaded OTLPENet to desktop. It doesn't open in ImagBurn. So I opened ImagBurn to add files that way. It finds the Dr. Web file on my desktop, but doesn't find OTLPENet. So I burned Dr. Live again and rebooted the problem computer with the new Dr. Web CD. This time it showed the following message. The first thing that appeared on the screen was, ISOLINUX 3.83 2009-10-05 ETCD, with the cursor flashing. After a few seconds the following appeared: Disc error 80, AX=4280, drive 9F Boot Failed: press any key to retry. I hit Enter a few times but it just goes thru the same sequence. When I hit the link you gave me for OTPLENet it takes me to "Blank Page" and nothing comes up, so I searched google to find a download for it. I'm guessing that wherever I downloaded it from it was probably a bad download. I'll try it again when I get some more blank CD's

#13
Essexboy

Posted 19 October 2011 - 11:00 AM

GeekU Moderator

Retired Staff
69,964 posts

The link for OTLPE was good, once you execute (run) OTLPE it should open imgburn to run the ISO file and burn to disc.

#14
sremed

Posted 19 October 2011 - 12:48 PM

Member

Topic Starter
Member
17 posts

Okay thanks, I'll have to figure out what's going on. I've clicked the link several times. It just brings me to "blank page" and nothing ever happens. Might be this laptop. I just get a white screen and the URL is About:Blank

Edited by sremed, 19 October 2011 - 12:52 PM.