Author Topic: Help! My gaming DT has been hosed!!  (Read 15384 times)

0 Members and 1 Guest are viewing this topic.

phydron

  • Guest
Help! My gaming DT has been hosed!!
« on: September 24, 2012, 10:32:19 PM »
Gigabyte S series MB, OCR E2, 3.16 GHz Vista32 Explorer 7

My three year old DT has been occupied by an evil trojan. When I try to boot
in Safe mode, it won't let me select any option but "Start Windows Normally" I can't select any
other boot options, CD, USB, etc.
When I do get into Vista, it renamed most of the antivirus progs., those that will still run only run halfway
We just fixed a netbook and I thought I had some idea of what I'm doing, NOT!!
I would really appreciate some help on this one.

Thanks
« Last Edit: September 25, 2012, 02:41:32 PM by phydron »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37597
  • Not a avast user
Re: Help! My gaming DT has been hosed!!
« Reply #1 on: September 24, 2012, 11:04:46 PM »
if able to....follow this guide and attach the logs...not copy and paste   http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #2 on: September 24, 2012, 11:11:51 PM »
Thanks for your reply;

I can run some of the programs you recommended, but I can't save to anything. Notepad doesn't work and even cut &paste
is disabled. Any Ideas?

Thanks


I tricked this monster into letting me save a file:

And this:
« Last Edit: September 25, 2012, 04:10:32 AM by phydron »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37597
  • Not a avast user
Re: Help! My gaming DT has been hosed!!
« Reply #3 on: September 24, 2012, 11:14:04 PM »
i will PM the removal expert....
if he doesn not reply here in and hour then i guess you want see him until tomorrow

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #4 on: September 24, 2012, 11:20:31 PM »
Thank you.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help! My gaming DT has been hosed!!
« Reply #5 on: September 24, 2012, 11:27:33 PM »
OK do you have a spare USB stick and another computer to burn some programmes to it ?

Is it a 64bit system ?

I need to know this to determine which version of the programme to get you to run

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #6 on: September 25, 2012, 12:16:56 AM »
Yes and yes and it's a 32 bit system. I've attached some logs I was able to save somehow.
This malware shuts off my keyboard at bootup and when I try to save anything. It's not a USB KB.
« Last Edit: September 25, 2012, 02:42:53 PM by phydron »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help! My gaming DT has been hosed!!
« Reply #7 on: September 25, 2012, 03:36:12 PM »
Hijackthis is of no use at all...  Could you enumerate the current symptoms

Download the following three programmes to your desktop :

 
1.  WiNTBootIc
2.  Windows 7 64bit RC
3.  Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot



Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing



It will let you know when it is done
Then copy FRST to the same USB




Insert the USB into the sick computer and start the computer.  First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

 
When you reboot you will  see this although yours will say windows 7. Click repair my computer

 
Select your operating system

 
Select Command prompt

 
At the command prompt type the following  :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #8 on: September 25, 2012, 05:34:09 PM »
I've followed your instructions, but my problem is that my keyboard is inoperative at bootup and I can't select boot options.
I'm stuck. Any ideas?

I did run FRST and here is its log.
« Last Edit: September 25, 2012, 05:51:38 PM by phydron »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help! My gaming DT has been hosed!!
« Reply #9 on: September 25, 2012, 07:16:38 PM »
Are you able to use a PS2 keyboard ?  as the USB one may well be disabled in the BIOS

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #10 on: September 25, 2012, 07:23:02 PM »
I was able to get a USB KB to work through a powered hub. I can't get into the BIOS or change boot order, but I am
in safe mode,  in dos console. What can I do from here?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help! My gaming DT has been hosed!!
« Reply #11 on: September 25, 2012, 07:28:06 PM »
For my scans to give meaningful data (i.e. access the registry) it needs to be run from the recovery console as safe mode is still open to the malware
Do you have the option "Repair my Computer"

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #12 on: September 25, 2012, 09:28:26 PM »
How can I make a bootable CD with the files you specified. Occasionally I can get into select boot devices, and
we may get it to work that way. I hate to waste the opportunity on the MS disk.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help! My gaming DT has been hosed!!
« Reply #13 on: September 25, 2012, 09:45:27 PM »
The USB drive that you created has the win 7 recovery console on it and it is bootable bugger it I gave you the wrong ISO
Redo the USB with this ISO http://www.forum.probz.net/index.php?/files/file/21-windows-vista-recovery-environment-iso/ please

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #14 on: September 25, 2012, 09:59:23 PM »
There's nothing valuable on this HDD. Would it be a help to format a like HDD and go with that?