So, CHKDSK was not able to continue? Did you do this throughout the Recovery Console?I ran chkdsk after it crashed because when I started it up it said there were some corrupt files. It got to a point where it said it can't continue in read only though?
Everything seems to be fine unless it crashes again, but so far, so good.
Need help with Trojan.Vundo.H Please! [Solved]
#16
Posted 18 January 2009 - 11:49 AM
#17
Posted 18 January 2009 - 04:13 PM
It crashed again, and the crashes have only started since I've had the trojan so maybe it is a residual effect? The ads and popups are nonexistant now.
#18
Posted 18 January 2009 - 04:51 PM
When you restart the computer, upon loading, you should be able to see a menu where the Recovery Console is an option. Select the Recovery Console rather than Windows and press Enter. (It is the Recovery Console, not the Complete Recovery as provided by the manufacturer.)
- You will be prompted with the following options:
A. To setup Windows XP, press Enter.
B. To repair Windows XP installation using recovery console, press R.
Choose the option, "To repair the Windows XP installation using recovery console", press R. If an Administrator Password have been established, you will be prompted to type it in. If no Administrator Password exists, just press ENTER. - You will be presented with the following:
Microsoft Windows® Recovery Console
The Recovery Console provides system repair and recovery functionality.
Type EXIT to quit the Recovery Console and restart the computer.
1: C:\WINDOWS
Which Windows Installation would you like to log onto
(To cancel, press ENTER)? - Press the number 1 on your keyboard and hit Enter.
- At the command prompt, type the following command and press Enter:
CHKDSK /R
Once done, type Exit and press Enter to restart the computer.
Let me know the outcome.
#19
Posted 18 January 2009 - 05:53 PM
#20
Posted 18 January 2009 - 06:21 PM
It is more effective if ran throughout the Recovery Console.right after I read your 2nd to last post I google'd "chkdsk read only" and then ran a chkdsk by clicking properties on the C drive and doing it on next startup. It ran and verified security things and files and empty space and 2 other things, is this the same as chkdsk /r?
#21
Posted 18 January 2009 - 07:40 PM
#22
Posted 18 January 2009 - 07:43 PM
#23
Posted 18 January 2009 - 08:19 PM
Do I need to disable some antivirus to get it to work and or is this a result of some software I have installed?
#24
Posted 18 January 2009 - 11:09 PM
Lets check for any hidden files:
Please download gmer.zip and save to your desktop.
- Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
- Click on this link to see a list of programs that should be disabled.
- Double-click on gmer.exe to start the program.
- Allow the gmer.sys driver to load if asked.
- You may be prompted to scan immediately if GMER detects rootkit activity.
- If you are prompted to scan your system click "Yes" to begin the scan.
- If not prompted, click the "Rootkit/Malware" tab.
- On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
- Select all drives that are connected to your system to be scanned.
- Click the Scan button to begin. (Please be patient as it can take some time to complete)
- When the scan is finished, click Save to save the scan results to your Desktop.
- Save the file as gmer.log and copy/paste the contents in your next reply.
- Exit GMER and re-enable all active protection when done.
#25
Posted 19 January 2009 - 09:44 AM
What's next?
Attached Files
#26
Posted 19 January 2009 - 04:25 PM
Ooops! That was a CF log, not a GMER log.Okay, I got the gmer log.
What's next?
#27
Posted 19 January 2009 - 04:51 PM
Edit: having trouble uploading the gmer log, "Error Upload failed. You are not permitted to upload this type of file"
Edit: got it, had to rename after I changed to save as all files
Attached Files
Edited by pp111, 19 January 2009 - 04:59 PM.
#28
Posted 19 January 2009 - 05:00 PM
#29
Posted 19 January 2009 - 05:22 PM
There are a couple of suspicious files. I need to confirm their location.
Download the enclosed folder. Save and extract its contents to the desktop. Once extracted, open the Vfind folder and click on the RunMe.bat file.
Post the contents of the resulting report in your next reply.
#30
Posted 19 January 2009 - 05:26 PM
Edit: restarted and ran it again, same thing.
Attached Files
Edited by pp111, 19 January 2009 - 06:09 PM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users