Malware/Trojans

[oldman]

Hi JackSession,

Flash is updated for a couple of reasons. Either to fix a vulnerability or "improve" it. I did find some patches for 10.x so it would seem some exploits were fixed. This looks like the most recent version of 10, 10.3.183.20

You can find a download link to it here
http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html

Version 1 might just be an "improved" version. Perhaps enough complaints will prompt the developers to fix it. As you said though, you can use IE.

Post back when you are ready to go ahead with the other computer.

[JackSession]

Hi Oldman,

I finally got a flash drive. What do I need to load on it?

Thanks,
Jack

[oldman]

Hi JackSession,

We'll start with a couple of tools plus a little something to protect the flashdrive.

On the clean computer

Note: this tool doesn't have a GUI. You mat notice a small black screen briefly flash on your screen, it's normal.

Download Flash_Disinfector.exe by sUBs(and save it to your desktop.

• Attach the usb flashdrive to the computer.
• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.

Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings

• The utility may ask you to insert your flash drive anl/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Next

Download OTL to your flashdrive

Download aswMBR.exe to your flashdrive .

Download the attached file scan.txt and save it to the flashdrive.

Attach the flashdrive to the infected computer.

To run the tools.

Transfer OTL and aswMBR to the sick computer's desktop.

Double click the aswMBR.exe to run it. If asked to download Avast's database say no as you do not have an internet connection.

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your flashdrive and post in your next reply


There shall also be a file on your desktop named MBR.dat. Rename it to mbr.txt and save it to the flashdrive. 

To run OTL:

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Minimal Output at the top
  
• Double click inside the Custom Scan box at the bottom
  
• A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
  
• Click the OK button and navigate to the file scan.txt which have saved to your flashdrive
  
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please transfer them to the flashdrive.

Please post back with

• aswMBR.txt
• mbr.txt (attached)
• both OTL logs

[JackSession]

Hi Oldman,

It's been a while..I was trying to remember the CMOS login password and finally remembered it today.

Now I am getting a boot error saying "E-61 Media Test Failure - please check cable". It wont boot in safe mode or any other mode.

I was going to reset the CMOS settings to default but I guess I had set up a CMOS setup password and cannot remember it for the life of me.

It is also saying "The following file is missing or corrupt: WINDOWS\SYSTEM32\CONFIG\SYSTEM" and I do not have the CD that came with it any more or a backup.

I am at a dead-end as far as what I can do. Any suggestions?

Thanks,
Jack

[JackSession]

found the cmos pw jumper on the motherboard and reset to default settings..still getting the "The following file is missing or corrupt: WINDOWS\SYSTEM32\CONFIG\SYSTEM" message..im going to try to find out online if i can put the system disk on my flash drive for repair..

[oldman]

Hi JackSession,

It's been a while..I was trying to remember the CMOS login password and finally remembered it today.

Out of curiousity why were you doing this?

[JackSession]

I had set a boot up password though the CMOS a couple years ago. The PC would not boot up without it...

[oldman]

Hi JackSession,


Do you still recieve both errors or just one?

[JackSession]

yes both errors..on boot i get the E-61 error..then it asks to boot in either safe mode, sm w/networking, sm w/command prompt, last know config, or normally..it will try to boot in any of those modes and then give me "The following file is missing or corrupt: WINDOWS\SYSTEM32\CONFIG\SYSTEM" and says it can try to repair with the system disk but i dont have it...

i came across this link but i would rather not wipe the data http://www.ezbsystems.com/cgi-bin/ikonboard.cgi?act=ST;f=2;t=2440

[oldman]

Hi JackSession,



There are other avenues to explore before it gets to that extreme point. If push come to shove we can use other tools to retrieve your personal data.

Given the first error we should check to see if it is indeed a hard drive failure.

Seagate's tool will work OK on most brands. The diagnostic tool is run from a bootable CD (Windows does not need to be working).The first two steps are done on a working computer, while the third step is to boot the ailing computer with the CD that you create in the first two steps.

On the

working computer:

Step 1: Please download SeaTools for DOS (CD) from Seagate's SeaTools for DOS web page

or use the following direct download link to download the latest version of SeaTools for DOS:

Download SeaTools for DOS ISO Image

The downloaded file name is

SeaToolsDOS223ALL.ISO
[/list][/list]

Step 2: Burn the downloaded .ISO image to a CD using the appropriate burning software.

• Download and install ImgBurn.
  Ensure that you UN-check the box agreeing to install the Ask toolbar during the installation.
  
• Place a new (blank) CD disc in the drive tray.
• Choose Write image file to disc.
  
  • Under Source, click on the Browse button: Navigate to and select the .ISO file that you wish to burn.
    
  • Place a check-mark in the box beside Verify.
    
• Click
  
  When the CD has been burned and verified as successful, it will be bootable.
  

[/list]

On the sick computer:

Place the CD in the computer with the problem and reboot the computer.

Step 3: Boot from the CD.

(You may need to access the BIOS Setup Menu or the Boot Menu and change the boot order to enable booting from CD before hard drive.)

• From Basic tests on the Main Menu, run the Short test and then the Long test.
  
  (The long test will take some considerable time to complete.)
  The results will be shown as either a PASS or FAIL.
  There is a chance that during the Long test, you may be offered the opportunity to attempt repairs on the hard drive, please pass on this at this time.
  
  

[/list]
Note: You may wish to view the following  ...

• Learn more about SeaTools for DOS. (view a 24 page pdf document)
  
• See the tutorial on the usage of SeaTools for DOS.
  

Please let us know the results of the tests.

[JackSession]

Hi Oldman,

Unfortunately I dont have a CD burner - is it possible to do this via my 8gig flash drive?

Thanks,
Jack

[oldman]

Hi JackSession,

Possibly. Does the sick computer have the option to boot from a usb device?

[JackSession]

i saw the boot order when i was in cmos and it included USB so i guess i would just need to set the usb as #1 right?

[oldman]

Hi JackSession,


Do both of your computer computers have a floppy drive?

[JackSession]

Hi Oldman,

No, only the sick one has a floppy but I could probably find someone to let me use theirs if we need to go that route that..

Thanks,
Jacksession