[TangentMedia]

Hello,

First of all, thank you for your service and considering my case. I have read several posts with symptoms similar to mine. In my case, I opened several tabs from a Google search window and one of the new tabs triggers a fake Virus Attack Warning. It looked legit and I click okay (probably a big mistake) and it immediately launched a couple more and I knew something malicious was occurring, so I held down the power button on my workstation until it powered off in about 5 seconds. Haven't been able to boot since. No bootable drive found. Used a System repair disk and attempted many repair attempts. Says the c: is RAW and needs to be formatted. Hoping to avoid that. Came across this site and now have hope.

I have already downloaded and run FRST64.exe from a USB drive and generated the attached frst.txt file. And in anticipation that it will be required, I have MbrFix64.exe downloaded and ready on the same USB drive.

I am just hoping someone will be willing to review the log and walk me through the recovery, if that is feasible.

Please let me know what additional information would be helpful, if any. And i am more than happy to compensate the hero who solves my dilemma. I realize your time is valuable.

Thank you very much.

Kind Regards,
Chris

Attached Files

•  FRST.txt   69.94KB   553 downloads

Edited by TangentMedia, 28 December 2011 - 09:35 AM.

[Advertisements]

Let me collect a copy of the boot sector for analysis.

Download MBRFix from here.

Save and extract its contents to the working computer's desktop. There are three files in the MBRFix folder. From these, only copy the MBRFix64.exe to the USB drive.

Also download the enclosed file and save it in the USB drive.

Insert the USB drive into the ailing computer.

Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.

[JSntgRvr]

Let me collect a copy of the boot sector for analysis.

Download MBRFix from here.

Save and extract its contents to the working computer's desktop. There are three files in the MBRFix folder. From these, only copy the MBRFix64.exe to the USB drive.

Also download the enclosed file and save it in the USB drive.

Insert the USB drive into the ailing computer.

Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.

[TangentMedia]

Thank you so much for replying. I will work on executing your instructions now and get back to you here ASAP.

[TangentMedia]

Ran the FRST64.exe as requested and pasted the log below, but there was no MBRDUMP.txt file generated. I am thinking you want me to use the MBRFix64.exe but i need to know which operator(s) to use. Let me know and I will get you the MBRDUMP.txt.

Meanwhile, here is the Fixlog.txt pasted below, as requested:

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.3.0)
Ran by SYSTEM at 2011-12-29 00:13:21 R:1
Running from H:\fix64

==============================================


========= H:\MbrFix64 /drive 0 savembr H:\MBRDUMP.txt =========

'H:\MbrFix64' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


==== End of Fixlog ====

[TangentMedia]

Ah... I see. Everything probably needs to be in the root of my usb drive. Let me try again. Sorry about that. Had the .exe's in a subfolder.

[JSntgRvr]

You are running MBRFix64 from H:\fix64. Move MBRFix64 to the root folder of the USB drive, which is H:\, then run the fix once again.

[TangentMedia]

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.3.0)
Ran by SYSTEM at 2011-12-29 00:25:42 R:2
Running from H:\

==============================================


========= H:\MbrFix64 /drive 0 savembr H:\MBRDUMP.txt =========


========= End of CMD: =========


==== End of Fixlog ====

Attached Files

•  MBRDUMP.txt   512bytes   533 downloads

[JSntgRvr]

FRST64 should also be placed in the root folder of the USB file.

[TangentMedia]

It was. I put both MBRFix64.exe and FRST64.exe in the root of the USB drive and reran the Fix. Posted right before your last post. Here is the pasted Fixlog.txt below and MBRDUMP.txt attached.

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.3.0)
Ran by SYSTEM at 2011-12-29 00:25:42 R:2
Running from H:\

==============================================


========= H:\MbrFix64 /drive 0 savembr H:\MBRDUMP.txt =========


========= End of CMD: =========


==== End of Fixlog ====

Attached Files

•  MBRDUMP.txt   512bytes   517 downloads

[JSntgRvr]

Here we go.

Download the enclosed files and save them in the root folder of the USB drive overwriting the existing one, if exist.





Insert the USB drive into the ailing computer.

Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). Copy and Paste the contents of the Fixlog.txt in your next reply.

Attempt to boot in Normal Mode. If successful, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    
    If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremove...ed-applications. Do not use AppRemover on Norton
    
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• Install the Recovery Console if prompted.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

[TangentMedia]

The FRST64.exe Fix routine has been running for about 10 minutes or so at the time of this posting. Is that normal?

Also, is it okay for me to be disconnected from the internet (LAN) when running the ComboFix?

Lastly, the only anti-virus on the ailing machine is Microsoft Security Essentials. I assume i should disable that before running ComboFix, correct?

[TangentMedia]

FYI, I rebooted after an hour and reattempted the FRST64.exe Fix process and again it just showed the progress animation endlessly. So i rebooted again and am awaited further instructions and a response to my previous post. Thank you for your help up to this point.

[JSntgRvr]

Lets try the enclosed file. Save it in the root folder of the USB drive overwriting the existing one, if exist.



Insert the USB drive into the ailing computer.

Now please enter System Recovery Options and run FRST64 as you did before, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). Copy and Paste the contents of the Fixlog.txt in your next reply.

[JSntgRvr]

It should be a quick process, in fact, seconds.

[TangentMedia]

...press the Fix button just once and wait.

For how long? It has been running for more than 5 minutes (at the time of this posting) with the new NewMBR.txt

Is that normal?