Author Topic: Rescue Disc (Read 6462 times)

dkreimer · « **on:** June 21, 2011, 11:07:33 PM »

Hi
I really need help. My Avast subscription had expired and even though I renewed I didn't update. Now I have a virus that tells me I have a critical hard drive error and wants me to buy something. I googled it and according to many many posts its a virus. I can't access anything to update my system. I got a rescue disc but can't get the computer to boot from it. I can't open my task manager as it says that it has been disabled by the administrator.

Could someone take pity and offer help? I have windows XP on this computer.
As with all issues computer related, I am beside myself not wanting to loose whats on my hard drive.

Thanks!

essexboy · « **Reply #1 on:** June 21, 2011, 11:15:19 PM »

Hi no need for a rescue disc, but do not use any temporary file cleaners

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 2 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Check the box that says 64 bit
Under Additional Scans check the following:

Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

Under the Custom Scan box paste this in

%USERPROFILE%\..|smtmp;true;true;true /FP
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

Lisandro · « **Reply #2 on:** June 21, 2011, 11:17:32 PM »

Why can't you boot from the rescue cd, which is the error?
Which is the virus name and a good Google link (among the ones you've find info)?
Can you post the latest 400-500 lines of C:\ProgramData\AVAST Software\Avast\log\setup.log ?

essexboy · « **Reply #3 on:** June 21, 2011, 11:24:40 PM »

Sounds like the hard drive recovery malware Tech, this hides all files and folders, disables task manager, and inserts itself in the exe classid of the registry

Once stopped then it is fairly easy to clean, probably has a TDL type rootkit with it which will enable it to to disable avast from the MBR/kernel level

dkreimer · « **Reply #4 on:** June 21, 2011, 11:33:57 PM »

I can't do anything from problem computer. I am using my laptop now. When I put the disc in and start the computer it starts as it always has but goes right to a screen that says" PC Performance & stability analysis report" 5 errors detected" When I hit to fix the problem it comes back that it fails to fix: read time of hard drive cluster less than 500 ms-, 38% of HDD space unreadable, bad sectors, boot sector
Then I get a new window with this "detected a problem whit on or more installed IDE/SATA hard disc"
Then it tells me I need to buy a windows XP recovery systems

These are some of the google links
http://www.softsailor.com/how-to/81855-how-to-uninstall-remove-windows-xp-recovery-virus-removal-guide.html
http://www.precisesecurity.com/rogue/windows-xp-recovery/

dkreimer · « **Reply #5 on:** June 21, 2011, 11:42:01 PM »

Essexboy,
If I can't access internet how do I proceed? Am I to follow that same instructions?

essexboy · « **Reply #6 on:** June 21, 2011, 11:46:16 PM »

Do you have a USB that you could copy the programmes to - or are you unable to get into any part of windows ?

When you insert the disc have you changed the boot sequence to cdrom as first

dkreimer · « **Reply #7 on:** June 22, 2011, 12:04:08 AM »

I tried to change the stting to boot from cdrom, and it won't let me.

I went to the link to download and it's in french, I clicked what I thought was the link and it started to check out my laptop..... how can I download it to a thumb drive?

essexboy · « **Reply #8 on:** June 22, 2011, 08:35:35 PM »

Press this button and download the file then copy to a USB drive, insert that in the poorly computer and run the programme from the USB ( I would recommend that you rename it to winlogon.exe first)

DavidCo · « **Reply #9 on:** June 22, 2011, 09:00:34 PM »

I am watching this one to learn - I hope

I do not understand the inability to boot from a 'live' CD due to an infestion of the 'C' drive.
The 'C' drive is not accessed so how can it stop the boot order unless it has changed the setup (bios)

essexboy · « **Reply #10 on:** June 22, 2011, 10:19:21 PM »

I must admit that it is confusing as the boot order is derived from the BIOS

DonZ63 · « **Reply #11 on:** June 23, 2011, 12:59:27 AM »

I tried to change the stting to boot from cdrom, and it won't let me

I don't buy this either. You should be able to boot from a CD/DVD without even entering the BIOS.

As you boot, pay attention to the CMOS flash messages that appear. One of them should indicate which keyboard key to press to select a device to boot from. On Gigabyte motherboards, it is F12. Once the boot device selection screen is displayed, scroll down to the selection for CD/DVD using the down arrow or Tab key on the keyboard, insert the bootable CD/DVD into the drive, and then press the Enter key.

Once the PC starts booting from the CD/DVD drive, you might see a message that ends in "......CD/DVD:" Just press the space bar. Keep paying attention to the screen since you might receive additional messages where you might be required to enter "Y" for yes to continue the CD/DVD boot process.

DavidR · « **Reply #12 on:** June 23, 2011, 01:05:09 AM »

Not unless you have your CD/DVD set as the first boot drive, then whatever order you want, HDD0 or HDD1, etc. Other wise it will try to boot from the HDD in the order of the listed in the BIOS.

I have always set my BIOS to boot from the CD/DVD drive first, that way if you need it you don't have to enter the BIOS, just input the boot CD/DVD and reboot.

DonZ63 · « **Reply #13 on:** June 23, 2011, 01:07:50 AM »

Not correct. Most but not all PCs will allow you to override the default BIOS boot order by the method I described.

dkreimer · « **Reply #14 on:** June 23, 2011, 01:19:52 AM »

ok......I can't get rogue killer to run....
These are the reports that I was able to copy and paste for the other two.

http://www.mediafire.com/?gz87em66to5pddf

http://www.mediafire.com/file/z41q7b479zllrbw/aswMBR%20log%20report%2006.22.2011.docx

Fun part is that I can log in to AOL and send and receive email on that computer, thus the copy and paste. It won't let me access the internet though.

Author Topic: Rescue Disc (Read 6462 times)

dkreimer

Rescue Disc

essexboy

Re: Rescue Disc

Lisandro

Re: Rescue Disc

essexboy

Re: Rescue Disc

dkreimer

Re: Rescue Disc

dkreimer

Re: Rescue Disc

essexboy

Re: Rescue Disc

dkreimer

Re: Rescue Disc

essexboy

Re: Rescue Disc

DavidCo

Re: Rescue Disc

essexboy

Re: Rescue Disc

DonZ63

Re: Rescue Disc

DavidR

Re: Rescue Disc

DonZ63

Re: Rescue Disc

dkreimer

Re: Rescue Disc