Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Department of Justice Virus - Can't boot in safe mode [Solved]


  • This topic is locked This topic is locked

#1
Warden

Warden

    Member

  • Member
  • PipPipPip
  • 162 posts

I have an HP Elitebook 8730w running win xp sp 3.  Yesterday, while browsing online with IE my computer froze up and the screen presented a picture from the department of justice about copyright infringement etc.  I can't do anything in normal mode.  I immediately shut down and rebooted and tried to access safe mode with networking. While booting into safe mode the process starts but ends with the BSOD.  The last line before BSOD is \hpdskflt.sys.  I then went to the recovery console and ran chkdsk \r.  There were no issues after running this, but I still can't bot into safe mode and when I log in normally the DOJ screenshot pops up and I can't get anywhere.  I can't run any anti virus programs at this time and can't get into safe mode.  Any assistance is appreciated.  


  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

 

Welcome back to the Forum :)

 

What you are describing is a very nasty infection. I can help you, but it's going to take some work on your part. You always have the option of reformatting and reinstalling, however, if you're game to clean the machine, them I'm happy to help you. :thumbsup:

 

Here are your next steps. If you get confused, stop and ask me :)

 

Download OTLPENet.exe from here

This is a way to access your computer using a CD that we will create.

Before starting you might like to print these instruction out so that you know what you are doing. The instructions need to be followed exactly.

You will need a blank CD and a USB stick/flash drive.

Now

  • Download OTLPE.iso from here and save it somewhere you can get it.
  • Insert a writable blank CD/DVD in your CD drive and click on the OTPLE.iso to burn a CD.

    Next
  • connect the USB Flash Drive
  • Download FRST and save it to the root of the USB Flash Drive.

After that

  • Reboot the infected system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • When you see a message with Starting REATOGO-X-PE connect the USB Flash Drive
  • The CD needs to detect your hardware and load the operating system... it can take a bit of time, just be patient xsmile.png.pagespeed.ic.CwSpBGGvqN.png
  • After it has fully loaded your system should display a REATOGO-X-PE desktop.
  • Double click the My Computer icon and open the drive corresponding to your flash drive
  • Double-click on FRST to run it. xFRSTicon.jpg.pagespeed.ic.OvHzV7GVlu.jp
    When the Tool opens click Yes to the disclaimer.

]FRSTconsole-2.jpg

  • Press Scan button.
  • It will produce a log called (FRST.txt) on the flash drive.
  • Open the Start Menu and click Shutdown to close the REATOGO-X-PE
  • Insert the Flash Drive on the working computer, then locate and open the FRST.txt log
  • Please copy and paste the log contents back here.

  • 0

#3
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

Not great to be back needing assistance yet again, but certainly appreciate all you do to help morons like myself.  I burned the CD and added FRST to a USB.  I then went into the BIOS, ESC then F10 and put USB/CD Rom as #1 in the boot order.  The machine proceeded to bot normally, only giving me the option of booting to xp or the recovery console. When I went back into boot options, F9, I realized there was no option for CD Rom, just Notebook Hard Drive and Notebook upgrade bay.  Since it was on HD i switched it to Upgrade Bay.   It is still booting from Hard drive or at least not boting from the CD.  Each time I boot it brings me to the windows login screen.  I must be doing something incorrectly, I appreciate you looking into this for me.  Thanks.

Attached Thumbnails

  • Boot order 1.jpg
  • Boot order.jpg
  • Select Boot Device.jpg

  • 0

#4
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Being a Malware guy and only a passable Hardware guy, I might not have the answer to your question, however, this link was in the instructions above, did you try it or did it not answer your question? :)


  • 0

#5
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

I believe I have followed what that article says, however, no joy in booting from the desk.  Maybe it would be better if I go into the hw thread and post about booting to cd in xp on an hp.  Once I get that I can folow your instructions at that time.  I don't want to hold anyone up.  Is that the best course of action?


  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Exactly what I was going to recommend. Let me know how that goes. :)


  • 0

#7
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

How are things going with your computer? Do you still need Malware help?


  • 0

#8
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

Wasn't able to access HD from CD drive as it was disabled.  Able to access HD by booting from USB using linux puppy and am moving files before we move on to the next step of the fix.  I am unsure if I still need malware help or not.  If you need to close this post I can always start a new thread.  Thanks for checking in on this.


  • 0

#9
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I have no trouble keeping the topic open if there is a potential need. :)

 

Let me know how things go. :thumbsup:


  • 0

#10
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

So I was able to boot from the usb port with slacko puppy and retrieve my docs and copy them onto an external drive, no system files.  Still can't boot into windows.  I believe the optical drive is rendered unusable by the malware so I can't boot from CD.  Are there any options to combat the malware by booting from the usb?


  • 0

Advertisements


#11
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Yes, depending on the OS on the USB. Think back to Post #2 and those instructions. Essentially we need to run some kind of scanning tool (FRST is the choice). What I don't think you have is a USB with a WIndows-ish Operating System that will support the operation of FRST.

 

Let's re-think though, you've tried the various Safe Modes? You've tried enabling the CD so that you can make the ISO as in Step #2?

 

Also, I'm going ask one of the other Helper's to have a look here and see if I'm not missing something.


  • 0

#12
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

I have tried all safe modes with BSOD as a result.  I can boot into recivery mode and run chkdsk which I have done.  It hasn't helped fix anything.  I will try all safe modes again.  


  • 0

#13
iammykyl

iammykyl

    Tech Staff

  • Technician
  • 7,047 posts

Gday All.

Link to what has been done hardware wise. > http://www.geekstogo...t-boot-from-cd/


  • 0

#14
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

If I'm understanding you correctly, you can boot into the Recovery Console. If so, you should be able to run FRST.

 

I'm trying to think through all the possibilities. Assuming you can put a copy of FRST on the USB drive (this might be a faulty assumption, so let me know), you could boot from your USB and move FRST to the HD. (I doubt though that you could run FRST from the Booted USB since it's a Linux installation.) Then, you could boot to the Recovery Console and hopefully run FRST and we could, hopefully, see what's going on with the HD.


  • 0

#15
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

I do have FRST on another USB.  Where in the HDD do I place FRSt after I have logged into the machine with linux puppy?  And then, how do I access it from the recovery console?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP