[rsean]

I sat down at my wife's machine last weekend and noticed that VIPRE was going nuts saying it was quarantining a series of trojan files so I let it do its thing. I then ran a Malwarebytes scan and it found 26 objects upon which it prompted me to reboot. Upon reboot, I couldn't log in so I went into safe mode and ran another Malwarebytes scan and Vipre quick scan which turned up nothing.

Once this was done, I tried to visit your site to post the log but was redirected and so tested some more random searches and was redirected also. I had to leave the problem then as I just now have some time to address it.

Today, I rebooted the machine, got to the safe mode screen but then the arrow keys wouldn't function - attempted this several times. So naturally I can't select safe mode and it boots into normal after so many seconds. Even though I knew if I could get to the safe mode screen the key board must be functioning, I nonetheless replaced the batteries but again no joy.

This machine was infected with a google redirect once before and was fixed by Rorschach.

I'm sending this post on my laptop.

[Advertisements]

Hi do you have the ability to run programmes in normal mode ?


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it


Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Minimal Output at the top
• Click on Scan all users
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[Essexboy]

Hi do you have the ability to run programmes in normal mode ?


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it


Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Minimal Output at the top
• Click on Scan all users
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[rsean]

Hello.

The computer boots just fine but when the Welcome to Windows screen appears and prompts to "Press Ctrl-Alt-Delete to begin." nothing happens when that is done, so I can't get in normal mode that way.

Booting into safe mode, the keyboard arrows do not function so it goes into normal mode after 30 seconds and the above occurs.

With that said, I can't get into normal mode.

[Essexboy]

OK I will need you to burn a CD so that we can work outside of windows - this should allow you to access the net as well from the infected system

Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

• Download to a USB drive this scan.txt[attachment=48914:scan.txt]
• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Double click the Custom scans and fixes box
• In the dialogue locate the scan.txt you have on the USB
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[rsean]

Hello...

I copied the scan.txt file to the usb and burned the CD. I booted up the disk and that went fine without having to perform any actions to get it boot up.

The Reatogo desktop appeared and I clicked the OTLPE icon and it prompts me to choose a directory: RAMDisk (B:), ReatogoPE (X:) and Shared Documents as my choices for a directory. Logically, I chose the B: but it gives me an error "Target is not windows 2000 or later". All other choices did not go anywhere as well.

I'm not sure what this program does but it doesn't appear to be seeing the PC's hard drive as I'm speculating what its purpose is.

Not sure how to proceed.

[Essexboy]

What is the operating system i.e. XP, Vista

As OTLPE is basically saying it cannot see your hard drive, this leads me to suspect an MBR failure of some sort

Dependant on the OS I will hopefully be able to resurrect something

Also do you have a PS2 keyboard that you could use instead of the USB one ?

[rsean]

Operating System is XP.

MBR failure does not sound so good!

Will have to check the old hardware box to see if I have a PS2 keyboard when I get home. If so, I'll plug 'er in.

[Essexboy]

If the PS2 keyboard works and we can get to safe mode there may be a chance to conduct some repairs, what is the make and model of your system ?
Do you have an XP cd ?

[rsean]

I have found the Operating System CD - Microsoft Windows XP Professional SP2. Is that what we need?

I'm working on locating a PS2 keyboard and should have one next time we work on the machine.

[Essexboy]

If we are unable to get the beast working with a PS2 keyboard then we may well have to do a repair install. This will leave all your data safe, but all programmes will need to be re-installed

[rsean]

Well that is better than losing all the data on the machine!

I will have the PS2 located so go ahead and fire away with the instructions so we can give it a whirl.

[Essexboy]

OK for a repair install we have a tutorial here - to save me typing it all out

I will be onhand to assist as you go through the procedure

[rsean]

Ok...everything was running beautifully and then....

"Setup did not find any hard disk drives installed on your computer" (this sounds like more work!)

"Make sure any hard disk drives are powered on and properly connected to your computer, and that any disk related hardware configuration is correct. This may involve running a manufacturer-supplied diagnostic or set up program."

"Setup cannot continue. To quit Setup, press F3."

I think I will go have a beer now!!

[Essexboy]

To me that looks as though your hard drive has failed

What is the make/model of the hard drive on your system and I will find a diagnostic tool to check it out

[rsean]

Bear with me...a computer is a tool for me that executes software so that I can get my work done.

With that, how do I find out the make and model of the hard drive. I assume I need to open her up as I won't be able to find out via the usual means given that the machine is not operating