Task manager disabled, OTL not loading
Started by
Jan1959
, Nov 04 2011 02:16 PM
#31
Posted 06 November 2011 - 12:30 PM
#32
Posted 06 November 2011 - 04:28 PM
First you will need an external USB caddy, an example of the type here as you have a laptop it will need to be 2.5"
Remove the hard drive from the Laptop, step by step instructions here
Insert the hard drive into the caddy and then plug that into a USB port on another computer, at this stage do not try to access any files on the drive
Run Dr Web Cureit ensuring the USB drive is selected and let it cure all that it finds
Replace the hard drive back in the laptop and then see if it loads OK
Remove the hard drive from the Laptop, step by step instructions here
Insert the hard drive into the caddy and then plug that into a USB port on another computer, at this stage do not try to access any files on the drive
Run Dr Web Cureit ensuring the USB drive is selected and let it cure all that it finds
Replace the hard drive back in the laptop and then see if it loads OK
#33
Posted 07 November 2011 - 03:49 AM
Thank you so much for the advice. I have successfully taken out the hard drive and I have ordered the external USB caddy from Amazon so it should arrive within the next couple of days. I will update you on Wednesday just to keep the thread open but hopefully the USB caddy would have arrived by them so I can start letting you know what this virus is doing.
#34
Posted 07 November 2011 - 12:28 PM
I think you will find it an easy task even though it does look daunting
#35
Posted 10 November 2011 - 08:28 AM
Trying to scan now. When I connected the USB to my desktop it started to autorun. I cancelled it immediately but now half way through the Dr Web scan it has frozen. Not 100% sure if it was scanning my desktop or the laptop hard drive.
Any suggestions as to what I should do next?
Any suggestions as to what I should do next?
Edited by Jan1959, 10 November 2011 - 09:24 AM.
#36
Posted 10 November 2011 - 02:08 PM
Reboot the computer and when you plug in the caddy hold the shift key down as you do it - that should disable the autorun.
When Dr Web runs only select the USB caddy to scan
When Dr Web runs only select the USB caddy to scan
#37
Posted 10 November 2011 - 02:17 PM
Okay I'll let you know when it has finished scanning.
#38
Posted 11 November 2011 - 03:54 AM
Good Morning,
Sorry that I didn't post last night but it took a very long time. While I was waiting for your reply about Dr Web freezing, I ran a MBAM scan on the hard drive which picked up 13 corrupted files by IRCBOT. These were quarantined and deleted. Nothing showed on the registry. I then ran Dr Web as instructed but nothing was found so I've put the hard drive back into the laptop but I am still stuck as the same place i.e. WINDOWS\SYSTEM32\CONFIG\SYSTEM file is missing or corrupt. The laptop still won't boot OTLPE from either disk or USB stick.
Sorry that I didn't post last night but it took a very long time. While I was waiting for your reply about Dr Web freezing, I ran a MBAM scan on the hard drive which picked up 13 corrupted files by IRCBOT. These were quarantined and deleted. Nothing showed on the registry. I then ran Dr Web as instructed but nothing was found so I've put the hard drive back into the laptop but I am still stuck as the same place i.e. WINDOWS\SYSTEM32\CONFIG\SYSTEM file is missing or corrupt. The laptop still won't boot OTLPE from either disk or USB stick.
#39
Posted 11 November 2011 - 12:47 PM
OK there is a way to cure that but first what is the operating system ? XP or vista
Do you have the system CD ?
Based on the answer I will prepare a fix
Do you have the system CD ?
Based on the answer I will prepare a fix
#40
Posted 11 November 2011 - 12:56 PM
The laptop is a XP and I'm afraid that I don't have a copy of the cd. A recovery disk was made at the time of purchase but I don't think that it recorded properly. I also have a Windows XP disk but it doesn't relate to that laptop.
#41
Posted 11 November 2011 - 01:45 PM
Is the disc usable ? As we just need to access the recovery console
1.Insert the Windows XP CD-ROM into the CD drive, and then restart the computer.
Click to select any options that are required to start the computer from the CD drive if you are prompted.
2.When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
3.If you have a dual-boot or multiple-boot computer, select the installation that you must access from the Recovery Console.
4.When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.
5.At the Recovery Console command prompt, type the following lines, pressing ENTER after you type each line:
md tmp
copy c:\windows\system32\config\system c:\windows\tmp\system.bak
copy c:\windows\system32\config\software c:\windows\tmp\software.bak
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
copy c:\windows\system32\config\security c:\windows\tmp\security.bak
copy c:\windows\system32\config\default c:\windows\tmp\default.bak
delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default
copy c:\windows\repair\system c:\windows\system32\config\system
copy c:\windows\repair\software c:\windows\system32\config\software
copy c:\windows\repair\sam c:\windows\system32\config\sam
copy c:\windows\repair\security c:\windows\system32\config\security
copy c:\windows\repair\default c:\windows\system32\config\default
6.Type exit to quit Recovery Console. Your computer will restart.
1.Insert the Windows XP CD-ROM into the CD drive, and then restart the computer.
Click to select any options that are required to start the computer from the CD drive if you are prompted.
2.When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
3.If you have a dual-boot or multiple-boot computer, select the installation that you must access from the Recovery Console.
4.When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.
5.At the Recovery Console command prompt, type the following lines, pressing ENTER after you type each line:
md tmp
copy c:\windows\system32\config\system c:\windows\tmp\system.bak
copy c:\windows\system32\config\software c:\windows\tmp\software.bak
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
copy c:\windows\system32\config\security c:\windows\tmp\security.bak
copy c:\windows\system32\config\default c:\windows\tmp\default.bak
delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default
copy c:\windows\repair\system c:\windows\system32\config\system
copy c:\windows\repair\software c:\windows\system32\config\software
copy c:\windows\repair\sam c:\windows\system32\config\sam
copy c:\windows\repair\security c:\windows\system32\config\security
copy c:\windows\repair\default c:\windows\system32\config\default
6.Type exit to quit Recovery Console. Your computer will restart.
#42
Posted 11 November 2011 - 02:09 PM
I am really so sorry that I have not explained myself properly before, when I put the Windows disk in, it loads up to the set up okay but when I press 'R' for the recovery it just loops back to the previous message - system file is missing or corrupt. It loads okay but will still not work where as every other disk will not even load.
#43
Posted 11 November 2011 - 02:12 PM
OK off to check out that error
#44
Posted 11 November 2011 - 02:56 PM
OK put the drive back in the caddy and from the other computer access the drive
We will then try the commands from there - be sure to make a note of the drive letter designated to the caddy and use that in place of the red X
Start the command prompt by typing cmd in the run box
Then type the following commands pressing enter after each one
CD..
CD X:
md X:\windows\tmp
copy X:\windows\system32\config\system X:\windows\tmp\system.bak
copy X:\windows\system32\config\software X:\windows\tmp\software.bak
copy X:\windows\system32\config\sam X:\windows\tmp\sam.bak
copy X:\windows\system32\config\security X:\windows\tmp\security.bak
copy X:\windows\system32\config\default X:\windows\tmp\default.bak
delete X:\windows\system32\config\system
delete X:\windows\system32\config\software
delete X:\windows\system32\config\sam
delete X:\windows\system32\config\security
delete X:\windows\system32\config\default
copy X:\windows\repair\system X:\windows\system32\config\system
copy X:\windows\repair\software X:\windows\system32\config\software
copy X:\windows\repair\sam X:\windows\system32\config\sam
copy X:\windows\repair\security X:\windows\system32\config\security
copy X:\windows\repair\default X:\windows\system32\config\default
We will then try the commands from there - be sure to make a note of the drive letter designated to the caddy and use that in place of the red X
Start the command prompt by typing cmd in the run box
Then type the following commands pressing enter after each one
CD..
CD X:
md X:\windows\tmp
copy X:\windows\system32\config\system X:\windows\tmp\system.bak
copy X:\windows\system32\config\software X:\windows\tmp\software.bak
copy X:\windows\system32\config\sam X:\windows\tmp\sam.bak
copy X:\windows\system32\config\security X:\windows\tmp\security.bak
copy X:\windows\system32\config\default X:\windows\tmp\default.bak
delete X:\windows\system32\config\system
delete X:\windows\system32\config\software
delete X:\windows\system32\config\sam
delete X:\windows\system32\config\security
delete X:\windows\system32\config\default
copy X:\windows\repair\system X:\windows\system32\config\system
copy X:\windows\repair\software X:\windows\system32\config\software
copy X:\windows\repair\sam X:\windows\system32\config\sam
copy X:\windows\repair\security X:\windows\system32\config\security
copy X:\windows\repair\default X:\windows\system32\config\default
#45
Posted 12 November 2011 - 05:35 AM
Hi,
The delete is coming up as 'not recognised as an internal or exteral command'. Should I try just 'del' instead? This took me ages to sort out as the desk top I was using would accept the commands ( I think that I might have a problem with that as well but that's for another day!) I have now managed to get the commands working on a different laptop but I don't want to go any further without your okay in case I muck it up!
The delete is coming up as 'not recognised as an internal or exteral command'. Should I try just 'del' instead? This took me ages to sort out as the desk top I was using would accept the commands ( I think that I might have a problem with that as well but that's for another day!) I have now managed to get the commands working on a different laptop but I don't want to go any further without your okay in case I muck it up!
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users