1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive SWasser + Disabled keyboard

Discussion in 'Malware and Virus Removal Archive' started by BobWahr, 2010/04/10.

Thread Status:
Not open for further replies.
  1. 2010/04/10
    BobWahr

    BobWahr Inactive Thread Starter

    Joined:
    2010/04/10
    Messages:
    5
    Likes Received:
    0
    [Inactive] SWasser + Disabled keyboard

    I've got a Sony Vaio laptop that is/was infected with sasser among others. AVG claimed to have corrected everything. Now on boot, everything seems to run normally until it gets to the point that the login screen would come up. Instead I get a message box that pops up for about a second that says isass.exe is not able to load and can't continue. Sorry, I can't give the exact message because it goes away to quickly. At this point, the screen goes black and I have to power it down to retry. I got to the login screen and was able to log in twice when it first started but haven't gotten it to happen again all day. The biggest issue I'm having is that the keyboard is entirely disabled until the login screen opens. That means no safe mode, no istall disk, not even any access to the bios. I downloaded and was successful in running the avira linux antivir rescue. It didn't find anything.

    I'm pretty much lost right now. Looking for options other than installing the HD as a slave in another computer and wiping it.
     
  2. 2010/04/11
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,889
    Likes Received:
    386
    Welcome to WindowsBBS :)

    I've moved your thread to the Malware & Virus Removal forum. Please wait for one of our Malware Analysts to advise.
     

  3. to hide this advert.

  4. 2010/04/11
    BobWahr

    BobWahr Inactive Thread Starter

    Joined:
    2010/04/10
    Messages:
    5
    Likes Received:
    0
    Thank you.
     
  5. 2010/04/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let's see, if we can look at your computer booting from an external source.

    You will need USB flash drive to move information from bad computer to a working computer.

    You need to download two programs.

    First

    ISO Burner this will allow you to burn REATOGO-X-PE ISO to a cd and make it bootable. Just install the programm, from there on it's fairly automatic (Instructions)

    Second

    • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 270.3 MB in size so it may take some time to download.
    • When downloaded double click and this will then open ISOBurner to burn the file to CD
    • Reboot your system (Non working computer) using the boot CD you just created.
      • Note. If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users is checked and press OK
    • OTL should now start. Change the following settings
      • Change Drivers to All
      • Change Registry to All
      • Under Custom Scan box paste this in:

        netsvcs
        %SYSTEMDRIVE%\*.exe
        /md5start
        eventlog.dll
        scecli.dll
        netlogon.dll
        cngaudit.dll
        sceclt.dll
        ntelogon.dll
        logevent.dll
        iaStor.sys
        nvstor.sys
        atapi.sys
        IdeChnDr.sys
        viasraid.sys
        AGP440.sys
        vaxscsi.sys
        nvatabus.sys
        viamraid.sys
        nvata.sys
        nvgts.sys
        iastorv.sys
        ViPrt.sys
        eNetHook.dll
        ahcix86.sys
        KR10N.sys
        nvstor32.sys
        ahcix86s.sys
        nvrd32.sys
        symmpi.sys
        adp3132.sys
        mv61xx.sys
        userinit.exe
        explorer.exe
        /md5stop
        %systemroot%\*. /mp /s
        %systemroot%\system32\*.dll /lockedfiles
        %systemroot%\Tasks\*.job /lockedfiles
        %systemroot%\system32\drivers\*.sys /lockedfiles
        %systemroot%\System32\config\*.sav
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive.
    • Please post the contents of the C:\OTL.txt file in your reply.
     
  6. 2010/04/11
    BobWahr

    BobWahr Inactive Thread Starter

    Joined:
    2010/04/10
    Messages:
    5
    Likes Received:
    0
    Downloaded the OTLPE.iso, burned it to disk. It boots with :Starting Reatogo-X-PE ..." and a progress bar. The progress bar fills up, the drive crunches for awhile. Then I get a "Starting Windows XP" splash screen, the screen goes blank with the drive still Reading for a few seconds, then stops the same as it was when trying to boot normally.
     
  7. 2010/04/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Oh boy....
    You may have some infection leftovers, but it looks like may have other more serious issues, like hard drive problem.

    What Windows version are we dealing here with?
     
  8. 2010/04/11
    BobWahr

    BobWahr Inactive Thread Starter

    Joined:
    2010/04/10
    Messages:
    5
    Likes Received:
    0
    Xp sp3
     
  9. 2010/04/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'd like to see, if you're able to boot from another bootable CD and if it'll see your hard drive and Windows installation.


    If you have Windows CD...(if you don't have Windows CD, scroll down)

    1. Insert your Windows XP CD into your CD and assure that your CD-ROM drive is capable of booting the CD.
    2. Once you have booted from CD, do NOT select the option that states: Press F2 to initiate the Automated System Recovery (ASR) tool.
    You’re going to proceed until you see the following screen, at which point you will press the “R” key to enter the recovery console:

    [​IMG]

    3. After you have selected the appropriate option from step two, you will be prompted to select a valid Windows installation (typically number 1).
    Select the installation number, and hit Enter.
    If there is an administrator password for the administrator account, enter it and hit Enter (if asked for the password, and you don't know it, you're out of luck).
    You will be greeted with this screen, which indicates a recovery console at the ready:

    [​IMG]


    If you don't have Windows CD...
    Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
    Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
    Using Imgburn, burn rc.iso to a CD.
    Boot to the CD...let it finish loading.
    When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
    Then, follow instructions from Step #3 above.
     
  10. 2010/04/12
    BobWahr

    BobWahr Inactive Thread Starter

    Joined:
    2010/04/10
    Messages:
    5
    Likes Received:
    0
    Windows CD wasn't doing me any good. Booting with it in would give me a message that said to press any key to boot from CD which wasn't working too well with the disabled keyboard. Last night I spent some time rebooting over and over until I got a login screen. a combination of avast, stopzilla, and spybot s&d seems to have done quite a bit of good. It is much more stable now. I will do the OTL scan and post the log tonight.
     
  11. 2010/04/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok......
     
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.