I have an HP Elitebook 8730w running win xp sp 3. Yesterday, while browsing online with IE my computer froze up and the screen presented a picture from the department of justice about copyright infringement etc. I can't do anything in normal mode. I immediately shut down and rebooted and tried to access safe mode with networking. While booting into safe mode the process starts but ends with the BSOD. The last line before BSOD is \hpdskflt.sys. I then went to the recovery console and ran chkdsk \r. There were no issues after running this, but I still can't bot into safe mode and when I log in normally the DOJ screenshot pops up and I can't get anywhere. I can't run any anti virus programs at this time and can't get into safe mode. Any assistance is appreciated.
Department of Justice Virus - Can't boot in safe mode [Solved]
Posted 24 November 2014 - 12:50 PM
Welcome back to the Forum
What you are describing is a very nasty infection. I can help you, but it's going to take some work on your part. You always have the option of reformatting and reinstalling, however, if you're game to clean the machine, them I'm happy to help you.
Here are your next steps. If you get confused, stop and ask me
Download OTLPENet.exe from here
This is a way to access your computer using a CD that we will create.
Before starting you might like to print these instruction out so that you know what you are doing. The instructions need to be followed exactly.
You will need a blank CD and a USB stick/flash drive.
- Download OTLPE.iso from here and save it somewhere you can get it.
- Insert a writable blank CD/DVD in your CD drive and click on the OTPLE.iso to burn a CD.
- connect the USB Flash Drive
- Download FRST and save it to the root of the USB Flash Drive.
- Reboot the infected system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
- When you see a message with Starting REATOGO-X-PE connect the USB Flash Drive
- The CD needs to detect your hardware and load the operating system... it can take a bit of time, just be patient
- After it has fully loaded your system should display a REATOGO-X-PE desktop.
- Double click the My Computer icon and open the drive corresponding to your flash drive
- Double-click on FRST to run it.
When the Tool opens click Yes to the disclaimer.
- Press Scan button.
- It will produce a log called (FRST.txt) on the flash drive.
- Open the Start Menu and click Shutdown to close the REATOGO-X-PE
- Insert the Flash Drive on the working computer, then locate and open the FRST.txt log
- Please copy and paste the log contents back here.
Posted 24 November 2014 - 03:52 PM
Not great to be back needing assistance yet again, but certainly appreciate all you do to help morons like myself. I burned the CD and added FRST to a USB. I then went into the BIOS, ESC then F10 and put USB/CD Rom as #1 in the boot order. The machine proceeded to bot normally, only giving me the option of booting to xp or the recovery console. When I went back into boot options, F9, I realized there was no option for CD Rom, just Notebook Hard Drive and Notebook upgrade bay. Since it was on HD i switched it to Upgrade Bay. It is still booting from Hard drive or at least not boting from the CD. Each time I boot it brings me to the windows login screen. I must be doing something incorrectly, I appreciate you looking into this for me. Thanks.
Posted 25 November 2014 - 06:53 AM
Being a Malware guy and only a passable Hardware guy, I might not have the answer to your question, however, this link was in the instructions above, did you try it or did it not answer your question?
Posted 25 November 2014 - 10:48 AM
I believe I have followed what that article says, however, no joy in booting from the desk. Maybe it would be better if I go into the hw thread and post about booting to cd in xp on an hp. Once I get that I can folow your instructions at that time. I don't want to hold anyone up. Is that the best course of action?
Posted 25 November 2014 - 12:24 PM
Exactly what I was going to recommend. Let me know how that goes.
Posted 01 December 2014 - 07:51 AM
How are things going with your computer? Do you still need Malware help?
Posted 01 December 2014 - 08:44 AM
Wasn't able to access HD from CD drive as it was disabled. Able to access HD by booting from USB using linux puppy and am moving files before we move on to the next step of the fix. I am unsure if I still need malware help or not. If you need to close this post I can always start a new thread. Thanks for checking in on this.
Posted 01 December 2014 - 09:28 AM
I have no trouble keeping the topic open if there is a potential need.
Let me know how things go.
Posted 06 December 2014 - 06:39 AM
So I was able to boot from the usb port with slacko puppy and retrieve my docs and copy them onto an external drive, no system files. Still can't boot into windows. I believe the optical drive is rendered unusable by the malware so I can't boot from CD. Are there any options to combat the malware by booting from the usb?
Posted 06 December 2014 - 07:38 AM
Yes, depending on the OS on the USB. Think back to Post #2 and those instructions. Essentially we need to run some kind of scanning tool (FRST is the choice). What I don't think you have is a USB with a WIndows-ish Operating System that will support the operation of FRST.
Let's re-think though, you've tried the various Safe Modes? You've tried enabling the CD so that you can make the ISO as in Step #2?
Also, I'm going ask one of the other Helper's to have a look here and see if I'm not missing something.
Posted 06 December 2014 - 03:08 PM
I have tried all safe modes with BSOD as a result. I can boot into recivery mode and run chkdsk which I have done. It hasn't helped fix anything. I will try all safe modes again.
Posted 07 December 2014 - 04:25 AM
Link to what has been done hardware wise. > http://www.geekstogo...t-boot-from-cd/
Posted 08 December 2014 - 06:23 AM
If I'm understanding you correctly, you can boot into the Recovery Console. If so, you should be able to run FRST.
I'm trying to think through all the possibilities. Assuming you can put a copy of FRST on the USB drive (this might be a faulty assumption, so let me know), you could boot from your USB and move FRST to the HD. (I doubt though that you could run FRST from the Booted USB since it's a Linux installation.) Then, you could boot to the Recovery Console and hopefully run FRST and we could, hopefully, see what's going on with the HD.
Posted 08 December 2014 - 08:35 AM
I do have FRST on another USB. Where in the HDD do I place FRSt after I have logged into the machine with linux puppy? And then, how do I access it from the recovery console?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users