Invalid Partition Table after running TDSS Killer
Started by
Skiminims
, Aug 03 2012 03:31 PM
#31
Posted 08 August 2012 - 10:15 PM
#32
Posted 09 August 2012 - 07:15 AM
Preferably from a clean computer, I need you to download:
Windows XP Recovery Console rc.iso
Create a bootable CD/DVD for the Windows XP Recovery Console, from the ISO image. You can use ImgBurn do this. If you need help with ImgBurn, go here.
Once done, reboot from the Windows XP Recovery Console disc. Once in, input the right number for your Windows (and input the Administrator password if prompted). Then execute the following commands (pressing Enter after each line):
Note that you may be prompted to confirm for both fixmbr and fixboot, so type Y for each when prompted
Let me know now if it boots in normally into Windows.
Windows XP Recovery Console rc.iso
Create a bootable CD/DVD for the Windows XP Recovery Console, from the ISO image. You can use ImgBurn do this. If you need help with ImgBurn, go here.
Once done, reboot from the Windows XP Recovery Console disc. Once in, input the right number for your Windows (and input the Administrator password if prompted). Then execute the following commands (pressing Enter after each line):
- fixmbr
- fixboot
- exit
Note that you may be prompted to confirm for both fixmbr and fixboot, so type Y for each when prompted
Let me know now if it boots in normally into Windows.
#33
Posted 09 August 2012 - 07:57 AM
I made the disc and booted from it.
I selected the first option which is: To Setup Windows XP now, press ENTER
I did that and it scanned for a minute and then told me it could not be setup because it could not find the EULA. I know this is a legit version of Windows so it's nothing like that.
Is this the correct option, or do I need to select the: To Repair a Windows XP installation using Recovery Console, press R. ?
I selected the first option which is: To Setup Windows XP now, press ENTER
I did that and it scanned for a minute and then told me it could not be setup because it could not find the EULA. I know this is a legit version of Windows so it's nothing like that.
Is this the correct option, or do I need to select the: To Repair a Windows XP installation using Recovery Console, press R. ?
#34
Posted 09 August 2012 - 08:49 AM
Yep, press R to access the Recovery Console. You should reach a black screen where you can input the commands I've instructed you to type in.
#35
Posted 09 August 2012 - 09:27 AM
Ok, pressed it, here is the next screen:
1: D:\MiniNT
Which Windows installation would you like to log onto?
(to cancel, press enter)?
1: D:\MiniNT
Which Windows installation would you like to log onto?
(to cancel, press enter)?
#36
Posted 09 August 2012 - 05:13 PM
Ok, before proceeding, exit and remove the disc if it's still in. Then insert the Reatogo disc and boot back into the Reatogo environment (this is the one where you ran FRST). Once the desktop fully loads, double-click the My Computer icon and go to the C: drive. There should be a file called boot.ini
Open the file and copy its contents to a text file on your flash drive. Then paste the contents here.
Open the file and copy its contents to a text file on your flash drive. Then paste the contents here.
#37
Posted 09 August 2012 - 06:53 PM
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /usepmtimer /NoExecute=OptOut
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /usepmtimer /NoExecute=OptOut
#38
Posted 10 August 2012 - 06:29 AM
Boot back into the Windows XP Recovery Console using the last disc you burned. Once in, input the number 1 and press Enter. Input the Administrator password (if prompted) pressing Enter after the password is typed. Then execute the following commands (pressing Enter after each line):
Note that you may be prompted to confirm for both fixmbr and fixboot, so type Y for each when prompted
Let me know now if it boots in normally into Windows.
- fixmbr \Device\HardDisk0
- fixboot c:
- exit
Note that you may be prompted to confirm for both fixmbr and fixboot, so type Y for each when prompted
Let me know now if it boots in normally into Windows.
#39
Posted 10 August 2012 - 06:46 AM
The first time I used that disc, I pressed one and enter and it never asked me for a password or anything. It just rebooted and took me right back to the same menu where I pressed 1. I can try again though.
#40
Posted 10 August 2012 - 07:33 AM
Ok, did all that and still boots the exact same way: Invalid Partition Table
#41
Posted 10 August 2012 - 09:09 AM
Please download aswMBR to your flash drive.
- Enter the Reatogo boot CD and run aswMBR.exe
- Click the Scan button to start the scan
- On completion of the scan, click the save log button, save it to your flash drive and post it in your next reply.
- There will also be another new file on your flash drive named mbr.dat
- Please zip mbr.dat to mbr.zip and attach it to your next post also.
#42
Posted 10 August 2012 - 09:57 AM
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 14:54:53
-----------------------------
14:54:53.218 OS Version: Windows 5.1.2600
14:54:53.218 Number of processors: 1 586 0x4B02
14:54:53.218 ComputerName: REATOGO UserName: SYSTEM
14:54:53.453 Initialze error 0
14:55:03.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
14:55:03.625 Disk 0 Vendor: WDC_WD2500BB-22RDA0 20.00K20 Size: 238475MB BusType: 3
14:55:03.687 Disk 0 MBR read successfully
14:55:03.734 Disk 0 MBR scan
14:55:03.796 Disk 0 Windows XP default MBR code
14:55:03.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS MSDOS5.0 232966 MB offset 11261565
14:55:03.921 Disk 0 Partition 2 00 0B FAT32 RECOVERY 5498 MB offset 63
14:55:03.984 Disk 0 scanning sectors +488376000
14:55:04.078 Disk 0 malicious Win32:MBRoot code @ sector 488376003 !
14:55:04.156 Disk 0 scanning X:\i386\system32\drivers
14:55:04.218 Service scanning
14:55:04.859 Modules scanning
14:55:06.984 Disk 0 trace - called modules:
14:55:07.109 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys halaacpi.dll atapi.sys amdide1.SY_ PCIIDEX.SYS
14:55:10.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afd35b0]
14:55:10.359 3 CLASSPNP.SYS[f74e805b] -> nt!IofCallDriver -> \Device\00000053[0x8afc89e8]
14:55:10.546 5 acpi.sys[f73b3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8afc9d98]
14:55:10.734 Scan finished successfully
14:55:42.765 Disk 0 MBR has been saved successfully to "D:\MBR.dat"
14:55:42.906 The log file has been saved successfully to "D:\aswMBR.txt"
Run date: 2012-08-10 14:54:53
-----------------------------
14:54:53.218 OS Version: Windows 5.1.2600
14:54:53.218 Number of processors: 1 586 0x4B02
14:54:53.218 ComputerName: REATOGO UserName: SYSTEM
14:54:53.453 Initialze error 0
14:55:03.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
14:55:03.625 Disk 0 Vendor: WDC_WD2500BB-22RDA0 20.00K20 Size: 238475MB BusType: 3
14:55:03.687 Disk 0 MBR read successfully
14:55:03.734 Disk 0 MBR scan
14:55:03.796 Disk 0 Windows XP default MBR code
14:55:03.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS MSDOS5.0 232966 MB offset 11261565
14:55:03.921 Disk 0 Partition 2 00 0B FAT32 RECOVERY 5498 MB offset 63
14:55:03.984 Disk 0 scanning sectors +488376000
14:55:04.078 Disk 0 malicious Win32:MBRoot code @ sector 488376003 !
14:55:04.156 Disk 0 scanning X:\i386\system32\drivers
14:55:04.218 Service scanning
14:55:04.859 Modules scanning
14:55:06.984 Disk 0 trace - called modules:
14:55:07.109 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys halaacpi.dll atapi.sys amdide1.SY_ PCIIDEX.SYS
14:55:10.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afd35b0]
14:55:10.359 3 CLASSPNP.SYS[f74e805b] -> nt!IofCallDriver -> \Device\00000053[0x8afc89e8]
14:55:10.546 5 acpi.sys[f73b3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8afc9d98]
14:55:10.734 Scan finished successfully
14:55:42.765 Disk 0 MBR has been saved successfully to "D:\MBR.dat"
14:55:42.906 The log file has been saved successfully to "D:\aswMBR.txt"
Attached Files
#43
Posted 10 August 2012 - 05:11 PM
Hi, Skiminims.
Boot your computer into the Reatogo environment again
Double-click listparts.exe in your USB drive. Listparts will start to run.
- Download ListParts to a USB flash drive.
- Plug the USB drive into the infected machine.
Boot your computer into the Reatogo environment again
Double-click listparts.exe in your USB drive. Listparts will start to run.
- Press the Scan button.
- When finished scanning it will make a log Result.txt on the flash drive.
- post me the Result.txt log please.
#44
Posted 10 August 2012 - 08:46 PM
ListParts by Farbar Version: 10-08-2012
Ran by SYSTEM (administrator) on 11-08-2012 at 02:41:34
Windows XP (X86)
Running From: D:\
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 7%
Total physical RAM: 2815.11 MB
Available physical RAM: 2609.73 MB
Total Pagefile: 2641.29 MB
Available Pagefile: 2591.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.38 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:0.01 GB) (Free:0 GB) FAT
3 Drive d: (LEXAR MEDIA) (Fixed) (Total:0.12 GB) (Free:0 GB) FAT
4 Drive e: (RECOVERY) (Fixed) (Total:5.36 GB) (Free:2.11 GB) FAT32
5 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 118 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 5499 MB 32 KB
Partition 2 Primary 228 GB 5499 MB
======================================================================================================
Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY FAT32 Partition 5499 MB Healthy
======================================================================================================
Disk: 0
The disk management services could not complete the operation.
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 122 MB 32 KB
======================================================================================================
Disk: 1
Partition 1
Type : 04
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D LEXAR MEDIA FAT Partition 122 MB Healthy
======================================================================================================
****** End Of Log ******
Ran by SYSTEM (administrator) on 11-08-2012 at 02:41:34
Windows XP (X86)
Running From: D:\
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 7%
Total physical RAM: 2815.11 MB
Available physical RAM: 2609.73 MB
Total Pagefile: 2641.29 MB
Available Pagefile: 2591.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.38 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:0.01 GB) (Free:0 GB) FAT
3 Drive d: (LEXAR MEDIA) (Fixed) (Total:0.12 GB) (Free:0 GB) FAT
4 Drive e: (RECOVERY) (Fixed) (Total:5.36 GB) (Free:2.11 GB) FAT32
5 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 118 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 5499 MB 32 KB
Partition 2 Primary 228 GB 5499 MB
======================================================================================================
Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY FAT32 Partition 5499 MB Healthy
======================================================================================================
Disk: 0
The disk management services could not complete the operation.
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 122 MB 32 KB
======================================================================================================
Disk: 1
Partition 1
Type : 04
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D LEXAR MEDIA FAT Partition 122 MB Healthy
======================================================================================================
****** End Of Log ******
#45
Posted 11 August 2012 - 05:07 AM
Ok, step by step.
Download the attached file below (mbr.zip) and extract the file inside of it (mbr.bin) into the USB flash drive.
Then boot back into the Reatogo environment and transfer the file mbr.bin to the C: drive so that it's now directly under the C: drive
Now go back to the Reatogo desktop and you should see an icon labeled MBRFix. Double-click it to run the program.
Then type in the following:
and press Enter. Confirm if prompted. Then exit and restart your computer and let me know if it now boots in normally into Windows.
Download the attached file below (mbr.zip) and extract the file inside of it (mbr.bin) into the USB flash drive.
Then boot back into the Reatogo environment and transfer the file mbr.bin to the C: drive so that it's now directly under the C: drive
Now go back to the Reatogo desktop and you should see an icon labeled MBRFix. Double-click it to run the program.
Then type in the following:
MbrFix /drive 0 restorembr C:\mbr.bin
and press Enter. Confirm if prompted. Then exit and restart your computer and let me know if it now boots in normally into Windows.
Attached Files
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users