Rootkit malware deleted now windows xp will not load

[campdude]

I ran the Avast scanner and it told me that there was a rootkit malware...
I dont remember what it was called or anything... but it told me reccomended action was to delete it.

So i followed suite... i thought well deleting cant do that much harm... I've never had problems deleting viruses/malware before.

However this time it does not allow windows xp to boot anymore. Really Bad!
I then inserted the windows Xp installation disc and tried to boot it in the hopes that it could repair...

BUT i get the blue screen and it tells me that an error occurred likely virus yaddaaa yaddaaa. windows stopped to continue. yaadaaa.. that blue screen virus warning then numbers on the bottom.

My computer ran pretty good before so i dont know why i even checked for malware or viruses.
However I cannot even do a repair install cause it stops when i insert the XP boot disc.

I tried using Dr. WebLive CD as a boot up disc but the problem is... it does not detect my Keyboard and i cant select it to start safemode or advanced mode... interface..

It just goes straight to automatic boot countdown and then restarts my computer...

If anyone knows how to repair XP... without actually running XP.... IE i have a dual boot computer so i do have access to XP Drive from my other operating system... Help me please!

Plus i cant find any logs of what got deleted... remind you i was just running avast for a one time check so i wasnt registered yet...

[Lisandro]

campdude, you can try running other rescue CD's:

1. G Data BootCD
2. Dr. Web
3. Avira
4. BitDefender
5. Kaspersky
6. F-Secure
7. Vba32 Rescue

You can check also this comparison article.

Other possibility is overinstallation, that can solve the problem and you won't lose your programs, settings, data, files, etc.
Just choose 'Repair' installation of Windows and install 'over' the old XP installation.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;315341
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314058
http://support.microsoft.com/?scid=kb%3Ben-us%3B315341&x=15&y=0
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx

[campdude]

I would love to do a repair install but like i said earlier it stops because an "error" claims i have a virus.

Im letting you know how its going for me...

Bitdefender did not work. It had the same issue as XP did... it just restarts.
It was able to detect my keyboard on the first try but i tried to load it again but then it just kept not detecting any keyboards.

either PS/2 port keyboard or USB keyboard none worked (after first attempt),

So i dont know the issue with that Bitdefender one but it didnt work...

i dont think i will do many of these updates... stupid ReCaptcha is so hard.

[Pondus]

i dont think i will do many of these updates... stupid ReCaptcha is so hard.

the captcha is only on the first 3 posts



malware removal specialist have been notified
may take several hours before they arrive here.....

[campdude]

Yea all of those boot discs have problems detecting my Keyboards..

Even the Windows Install CD has problem detecting keyboard.

Strange how thats happening. Sometimes my keyboard works and other times it does not.

However when i do get any of the boot discs working they try to load but then Restart the computer.

I tried VBA32 Rescue, BitDefender,F-secure, Dr Web, Windows Install disc.


I advise anyone who thinks they should follow reccomendations by Avast to delete a rootkit malware... Probably not the best idea.
I would hope that Avast would insert a warning: "this may cause your system to not boot"
That probably would have caused me to read more about what I was deleting and find a safe way of fixing it.

It seems like these boot up discs once you get them working with the keyboard they scan for those rootkit malwares as well.
I dont see how they can fix rootkit malware boot up problems if its already deleted and cant scan for it since its gone.
However, Theres definately something wrong with keyboard initialization.

I have both PS2 and USB keyboards because i was doing an install of XP and it didnt recognize the USB keyboard in the install... i had to plug in my old Ps2 keyboard... but these boot up discs are strange as they now have problems detecting all my keyboards (including the install disc)

It looks like there is no fix to this almost.
Wish there was a tool that could scan my XP install and fix it from Windows 7.

[Pondus]

It looks like there is no fix to this almost.
Wish there was a tool that could scan my XP install and fix it from Windows 7.

Essexboy have lots of magic tools you never heard of.   

he usually arrive here late UK time...

[essexboy]

Hi do you have a spare USB ?

Download the following three programmes to your desktop :

1.

WiNToBootic
2. Windows XP RC
3. Farbar Recovery Scan Tool

Run WiNToBootic
Insert a USB drive of at least 4GB
Run Wintoboot



Drag and drop the Windows  XP RC ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing



It will let you know when it is done
Then copy FRST to the same USB




Insert the USB into the sick computer and start the computer.  First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

When the RC loads select R for Console
Select the windows installation to use   
 
At the command prompt type the following  :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

[campdude]

wintobootnic does not work with the xp iso file windows xp RC....

it says sorry it does not look like a windows 7 based disc image.
Possible rootcause:incorrect file format or incorrect windows version
Note: Iso with win 7/2008/Vista/PE2/PE3 supported only

Im guessing i cant create a bootable xp recovery disc in win 7 with that program

edit:

I tried  a program called ISO to USB and selected boot disc but it did not boot from USB for me....
http://www.isotousb.com/



edit 2 update:

I just noticed your plan will not succeed.

I just burnt the iso which is the recover console for XP with out the frst.exe file just to see if it will work.

I cannot load the Recovery Console it comes to a blue screen and says that it has stopped because of a virus... it tells me to run F:/CHKDSK

I have run the windows 7 check disk utility on the drive and it says no errors.

What i need is to be able to run the recovery console for XP in windows 7.

[campdude]

Im thinking its now impossible to fix since recover console wont load....
XP repair wont load...

I can wait another day for your response...   BUT most likely the only solution is restoring my last backup I made...

If i ever get asked to delete anything by Avast ever again on my computer I will preform a Backup of my entire drive before listening to Avast.
The problem is... it takes 12 hours to back up my harddrive onto a usb 2.0 harddrive... i should do the move to usb 3.0 or e-sata.

[Nesivos]

Just a note.

I believe the link to the Kaspersky Rescue Disk in the article linked in the post above to the Kaspersky Rescue Disk is broken.

Here is a direct link to the Kaspersky Rescue Disk

http://support.kaspersky.com/viruses/rescuedisk

The Links on the link above are pretty self-explanatory.

[campdude]

I'll try the Kaspery one... hope it works.

Edit:

So far Kaspersky is actually loading but its now scanning my Xp drive for viruses... unfortunately i dont have much hope that this will work (pessimistic) as Avast found the Rootkit Malware....and deleted it so it may not even find anything anymore...

BUT im trying its scan.. Looks like its gonna take all night...

I think what I really need is a system repair tool.

Edit:

However I am quite impressed with Kaspersky... Its graphically nice, it has its own web-browser. But i could do all of these things in my Windows 7 install.
I could run a million virus scans on my Windows XP drive and i dont know if any of it will fix it... theres a system problem in XP. caused by deletion of a rootkit.

Something needs to be replaced for whatever was deleted.... however there is a Disk Boot Sector Scan maybe its a boot thing...
Cant be for sure until its done but we will see.

Later its night.

[naren17]

You can give a try to Comodo Rescue Disk.

And yes Avast instead of delete the option should be quarantine or repair & if repair failed then quarantine.

Avast defaults are quarantine then why for some detections it recommends delete?

[campdude]

Six hour scan I dont think kaspersky anything did anything. it just finished the scan and didnt give me a report of any sort.

I tried to boot windows and same thing happened... the quick flash of a boot screen which i believe is the virus message that shows up when i try to run windows xp installation/repair/console... but it pops up and restarts so fast i dont have time to read it.

[essexboy]

Hi do you have windows 7 .. I thought it was XP

OK next we will work outside of windows
Please print these instruction out so that you know what you are doing


• Download OTLPENet.exe to your desktop
  
• Download Farbar Recovery Scan Tool and save it to a flash drive.
  
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn  to burn the file to CD
  
• Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads 
• Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

• Insert the flash drive with FRST on it
• Locate the flash drive and run FSRT
• The tool will start to run.

• When the tool opens click Yes to disclaimer.
• Press Scan button.
  
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[/list]

[campdude]

I have both windows 7 and windows xp on the same computer.
Dual boot. that is why i asked for a way to fix windows xp from windows 7.
But i will run that scan they way you said so.... and then copy the report.