[JSntgRvr]

I ran chkdsk after it crashed because when I started it up it said there were some corrupt files. It got to a point where it said it can't continue in read only though?

Everything seems to be fine unless it crashes again, but so far, so good.

So, CHKDSK was not able to continue? Did you do this throughout the Recovery Console?

[Advertisements]

I just ended explorer .exe and ran it through cmd prompt, and no, it wasn't able to continue.

It crashed again, and the crashes have only started since I've had the trojan so maybe it is a residual effect? The ads and popups are nonexistant now.

[pp111]

I just ended explorer .exe and ran it through cmd prompt, and no, it wasn't able to continue.

It crashed again, and the crashes have only started since I've had the trojan so maybe it is a residual effect? The ads and popups are nonexistant now.

[JSntgRvr]

That could be sign the disk is about to crash. You need to run the Recovery Console, then run CHKDSK.

When you restart the computer, upon loading, you should be able to see a menu where the Recovery Console is an option. Select the Recovery Console rather than Windows and press Enter. (It is the Recovery Console, not the Complete Recovery as provided by the manufacturer.)

• You will be prompted with the following options:
  

  A. To setup Windows XP, press Enter.
  B. To repair Windows XP installation using recovery console, press R.
  
  Choose the option, "To repair the Windows XP installation using recovery console", press R. If an Administrator Password have been established, you will be prompted to type it in. If no Administrator Password exists, just press ENTER.

• You will be presented with the following:
  
  
  

  Microsoft Windows® Recovery Console
  
  The Recovery Console provides system repair and recovery functionality.
  Type EXIT to quit the Recovery Console and restart the computer.
  
  1: C:\WINDOWS
  
  Which Windows Installation would you like to log onto
  (To cancel, press ENTER)?

• Press the number 1 on your keyboard and hit Enter.
  
• At the command prompt, type the following command and press Enter:
  
  CHKDSK /R

Once done, type Exit and press Enter to restart the computer.

Let me know the outcome.

[pp111]

right after I read your 2nd to last post I google'd "chkdsk read only" and then ran a chkdsk by clicking properties on the C drive and doing it on next startup. It ran and verified security things and files and empty space and 2 other things, is this the same as chkdsk /r?

[JSntgRvr]

right after I read your 2nd to last post I google'd "chkdsk read only" and then ran a chkdsk by clicking properties on the C drive and doing it on next startup. It ran and verified security things and files and empty space and 2 other things, is this the same as chkdsk /r?

It is more effective if ran throughout the Recovery Console.

[pp111]

alright it crashed again (although the crashes have become much less frequent since removing vundo) and I'm going to try it in the recovery console and I'll let you know how it goes.

[JSntgRvr]

[pp111]

Well, every time I try to load the recovery console (twice) I get a blue screen error.

Do I need to disable some antivirus to get it to work and or is this a result of some software I have installed?

[JSntgRvr]

I don't believe your security files are involved.

Lets check for any hidden files:

Please download gmer.zip and save to your desktop.

• Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
• Click on this link to see a list of programs that should be disabled.
• Double-click on gmer.exe to start the program.
• Allow the gmer.sys driver to load if asked.
• You may be prompted to scan immediately if GMER detects rootkit activity.
• If you are prompted to scan your system click "Yes" to begin the scan.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as gmer.log and copy/paste the contents in your next reply.
• Exit GMER and re-enable all active protection when done.

[pp111]

Okay, I got the gmer log.

What's next?

Attached Files

•  log.txt   12.94KB   123 downloads

[JSntgRvr]

Okay, I got the gmer log.

What's next?

Ooops! That was a CF log, not a GMER log.

[pp111]

Sorry about that, here it is. I've been on my computer all day and it hasn't crashed (yet) but I also haven't really given my computer a work out either. It did crash last night after I finished the gmer scan and that has been the last time.

Edit: having trouble uploading the gmer log, "Error Upload failed. You are not permitted to upload this type of file"
Edit: got it, had to rename after I changed to save as all files

Attached Files

•  gmer_log_THIS_ONE.txt   38.52KB   274 downloads

Edited by pp111, 19 January 2009 - 04:59 PM.

[JSntgRvr]

Standby

[JSntgRvr]

Hi, pp111

There are a couple of suspicious files. I need to confirm their location.

Download the enclosed folder. Save and extract its contents to the desktop. Once extracted, open the Vfind folder and click on the RunMe.bat file.

Post the contents of the resulting report in your next reply.

[pp111]

It came up with a blank txt file...?

Edit: restarted and ran it again, same thing.

Attached Files

•  Results.txt   2bytes   150 downloads

Edited by pp111, 19 January 2009 - 06:09 PM.