[Miro38]

Tried again, but system is unable to connect to booting device CD-ROM... It is offering me system restore, shall I try to do that or that does not guarantee removal of Olmarik? Thanks!

[Advertisements]

Ok, thanks, I will try to do that in the evening /back at work/. Will get back with the log.

[Miro38]

Ok, thanks, I will try to do that in the evening /back at work/. Will get back with the log.

[Essexboy]

A question if I may... When you burnt Gparted to disc did you select burn image file to disc as below

[Miro38]

I did not use this program, I was burning it from my work laptop, did not want to download too much there, I used one of windows programs which starts when you load blank CD. I burned the iso image on the disc, however did not check if it runs on the work laptop. will do that tonight. And, of course you may ask - you are the one helping me out:).

Edited by Miro38, 17 July 2012 - 09:42 AM.

[Essexboy]

Ah right that may be the problem as it needs to be burned as a bootable disc... Does the work laptop have Nero or somthing like that ?

If not then use ImgBurn and uninstall it as soon as it has burnt

[Miro38]

Ok, the4 dvd is burned ok, works on laptop, but does not boot on infected computer. Just does not recognize CD ROM for booting, I set up to boot frm CD ROM as first device, does not work. Neither does burning with ImgBurn on a computer, does not recognize media, while it does on the laptop. Ran the MBRCheck again, please find log attached. It found an infection, so I typed in 'N' and hit enter as advised.

Attached Files

•  MBRCheck_07.18.12_11.07.58.txt   14.31KB   147 downloads

[Essexboy]

So it is your computer that is blocking the CD grrr...

OK before I use MBR check to attempt a repair

When you select repair my computer from safe mode do you get the option to use a command prompt ?

As that would be the safest place to run it from

[Miro38]

yes, I have the option. It takes me only to Command.

[Essexboy]

OK from the command prompt follow these steps. Read them a few times to ensure that you are happy
The screenshot shows each step and what you should see

Type DiskPart and then press Enter
Type List Disk now and then press Enter
Note: This command will list all disks attached to your computer and assign them a disk number.
Type Select Disk x (where x is the number for the disk containing the partition you wish to make active and should be 0.) Press Enter.
Type List Partition and then press Enter.
Note: You will now be shown a list of the partitions on the selected disk. Determine which partition you wish to make active.
Type Select Partition x (where x is the number of the partition you wish to make active, again it should be 0 the 100MB partition.)
Now, just type Active and then press Enter.



Then reboot to normal windows and run aswMBR

[Miro38]

Ok, thanks I will do that. One question, under SELECT PARTITION you mention that it should be 0, but on the screen it is 1. Is that correct? Thank you!

[Essexboy]

The screen shot is just to let you know what you will see at each stage.

But the one you require will be 100MB

[Miro38]

Ok, another problem, grrrr... DOne as advised, selected partition with size 100 MB, but upon hitting Active I get a message: 'DiskPart has encountered an error: The request could not be performed because of an I/O device error. See the System Event Log for more information'.
What do you think?

[Essexboy]

I think that this is becoming a pain... The malware blocked diskpart

We really need to access this from outside of wiindows

However, Farbar has devised a new tool so lets try that first

Please download the following tool

Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

[Miro38]

Ok, here is the log.

ListParts by Farbar Version: 20-07-2012
Ran by Administrator (administrator) on 20-07-2012 at 15:31:13
Windows 7 (X86)
Running From: C:\Users\administrator\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 51%
Total physical RAM: 2013.59 MB
Available physical RAM: 980.89 MB
Total Pagefile: 4027.19 MB
Available Pagefile: 2440.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.98 MB

======================= Partitions =========================

1 Drive c: (WINDOWS) (Fixed) (Total:148.9 GB) (Free:39.54 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 13 MB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 148 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C WINDOWS NTFS Partition 148 GB Healthy Boot

======================================================================================================

****** End Of Log ******

Attached Files

•  Result.txt   2.02KB   96 downloads

[Essexboy]

Could you retry TDSSKiller please to see if it now runs