1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

[On-hold] Several Malware/Viruses/Trojans - now cannot boot XP at all!

Discussion in 'Malware and Virus Removal Archive' started by wilberforce, 2010/01/20.

  1. 2010/01/20
    wilberforce

    wilberforce Inactive Thread Starter

    Joined:
    2010/01/20
    Messages:
    4
    Likes Received:
    0
    Hello,

    A couple of days ago I experienced the browser random redirect problem (referred to by other posters here and elsewhere) when clicking on search results from Google.com as well as random pop-ups. I then left town for a couple of days, but on returning on Monday evening, I had the same problem. Full scan by Norton 360 did not appear to pick up anything but I wanted to get rid of the problem as I feared my system (Lenovo T61 running XP Pro) might be compromised. E-mail and Advanced Sonar Settings on Norton 360 had been switched off and could not be turned back on. Norton's One Click Support attempted to autoload on many occasions but never completed. I only had N360 and Spyware Doctor & Spyware Blaster loaded on my computer, though I can't remember if Windows Defender firewall was also active. (This whole crisis has proven disorienting, so I apologize for the lack of details and hope someone can aid me even given the scant details)

    I had no problem accessing regedit (as some other posters reported) and ipconfig did not appear to indicate a problem with the DNS or ip settings on my computer.

    Hoping to identify the source of the problem through internet research on my spouse's laptop, and figuring 360 might not be working correctly, I downloaded Malwarebytes. After a full scan using this and the Windows Live online scan, followed by a full 3-hour scan by Avast (which I also downloaded) my system was found to contain a variety of malware and viruses. As best I can recall, they included (in rough order of diagnosis):
    Exploit Java/CVE-2008-5353.A
    Trojan Java/Selace.E
    Worm.Win.32.Netsky
    Trojan.Vundo
    W32.Polip
    CoreGuard Antivirus 2009
    packed.generic.265

    I also received error messages saying that there was an error loading "Windows/System32/johirija.dll" -- Specific module not found

    At some point yesterday, the wallpaper on my PC changed to the ugly green with the "Your System is Infected!" text, urging me to click on the pop-ups. My tray also contained the red circle with white X masquerading as a spyware solution, but I believe I steered clear of it.

    At any rate, when Spyware Blaster found 20+ harmful threats, it took care of all but three but said a reboot was necessary to rid the rest. I first let the Avast scan run as well, and it identified several more threats and also requested a reboot. I was very worried about whether my computer would indeed reboot and so also took steps (suggested in one of the dozens of posts I read) to rename several apparently random-named files in my C:\ main directory. One of these files (nqvkiv.exe) was identified and quarantined by Avast. Hoping to rid every last remnant of contamination, I also (perhaps foolishly) decided to try renaming the other four (ygjst.exe ahhf.exe ajeesil.exe and auhbifch.exe) and then subsequently decided to send them to the recycling bin.

    I then allowed Avast to reboot and since then, have not been able to boot my system. Not in Safe Mode, Not in Normal Mode, Not using Last Known Good Configuration.

    Safe Mode only gives me a scrolling list of files in the System directory, and Normal or Last Known config boot with the Blue Screen. If it helps, the error message provides the following Technical Information:

    *** STOP: 0X0000007B 0XF78BC524 0XC0000034 0X00000000 0X00000000

    I would be exceedingly and eternally grateful to anyone who can come up with a means of helping me to reboot. Please help!


    p.s. Since I am having a similar problem to this poster, I have tried all of the suggestions offered here, including an Avira rescue disk:
    http://www.windowsbbs.com/malware-v...ons-cannot-boot-critical-stop-0x0000007b.html

    Do I have any other options to try, short of using the Lenovo Rescue & Recovery to restore from factory settings or a backup (of about a year ago)?
     
    wilberforce,
    #1
  2. 2010/01/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It may be difficult, since the computer is not bootable...

    1. Download Dr.Web LiveCD: ftp://ftp.drweb.com/pub/drweb/livecd/minDrWebLiveCD-5.0.1.iso
    2. Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
    3. Using Imgburn, burn minDrWebLiveCD-5.0.1.iso to a CD.
    4. Make sure that the CD/DVD drive is set as the first-boot device. Adjust corresponding BIOS settings, if necessary.
    5. Insert Dr.Web LiveCD into the drive and restart computer.
    6. As loading starts, a dialogue window will pop up:

    [​IMG]

    7. Press Enter to continue with DrWeb-LiveCD (Default) mode.
    8. The operating system will detect all available disk drives automatically. It will also try to connect to the local network, if available.
    9. Check the disks or folders you want to scan, and click on Start.

    Dr.Web LiveCD user manual: ftp://ftp.drweb.com/pub/drweb/livecd/LiveCD-ru.pdf
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/01/21
    wilberforce

    wilberforce Inactive Thread Starter

    Joined:
    2010/01/20
    Messages:
    4
    Likes Received:
    0
    Dear Broni,

    I ran Dr. Web Live CD and after ten hours of scanning, it turned up some of the save viruses I had earlier tried to remove (PackedGeneric.265, Polip). Even after curing/deleting these, I still cannot get my computer to boot.

    I have a Norton 360 Backup of my important files as well as a memory stick of my documents from work & school that I made yesterday using the Lenovo Thinkvantage Rescue & Recovery program that came with my laptop.

    Do I have any other options other than restoring my system using the Recovery program to my last restore point (9 months ago)? I really hope to avoid this route as I would be devastated if the backups failed to work for whatever reason. I really appreciate your help and any further suggestions you might have, and wish I had come here first.
     
    wilberforce,
    #3
  5. 2010/01/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let's try system restore. It surely won't cure any infection, but it MAY help making the computer bootable.


    If you have Windows XP CD... (if you don't have Windows CD, scroll down)

    1. Boot from the CD.
    2. When the text-based part of Setup begins, follow the prompts. Select the repair or recover option by pressing R:

    [​IMG]

    3. You'll find yourself at this screen:

    [​IMG]

    4. Once you are at the Recovery Console you will be given at least one choice of Windows installations. Normally the choice you want is the number 1 choice. Click the number 1 key at the "top" of the keyboard and click enter.

    NOTE: at this point your numbers to the right of your keyboard are turned off. If you insist on using these keys for your numbers remember to hit the Numbers Lock key before clicking a number over there or your computer will automatically reboot and you will have to wait through the previous steps to get back to the console.

    5. You will be given a message asking for the administrator password. Unless someone or something has messed with your computer there is no password so you just click the Enter key.

    6. This will bring you to a prompt that says:

    C:\WINDOWS>

    7. Type:

    cd \

    Press Enter

    Note: between "cd" and "\" there should be a "blank space" otherwise the command won't work

    8. The prompt should now say:

    C:\>

    9. Type:

    cd system~1\_resto~1

    Press Enter.

    ===============================================================================

    Note: If it gives an error "Access Denied " while accessing the folder, follow the method below

    Type: cd \

    Press Enter

    Type: cd windows\system32\config

    Press Enter

    Type: ren system system.bak

    Press Enter

    (note the spaces between ren and system, and then between system and system.bak)

    Type: exit

    Press Enter

    now the computer should restart, then follow steps 1-9

    ===============================================================================

    10. Type:

    dir

    Press Enter

    NOTE: When you hit enter it will list all the restore points folders like "rp1 ", "rp2" we have to see the last restore point to copy the file from a recent backup. If the restore points have more than one page then you have keep on hitting the key to view the last restore point folder.

    NOTE: It is a good rule of thumb to choose the files from the restore point folder which the second to the last one.

    11. Type:

    cd rp{with the second to the last restore point number }

    Press Enter

    Example: cd rp9. if rp10 is the last restore point

    12. Type:

    cd snapshot

    Press Enter.

    NOTICE: Now the command prompt will look like this:

    c:\system~1\resto~1\rp9\snapshot

    Note : restore point 9 assumed for clarity of the content.


    13. Type:

    copy _registry_machine_system c:\windows\system32\config\system

    Press Enter

    14. Type:

    Exit

    Press Enter.

    Final note : If the above procedure won't solve the problem, repeat all steps, but in step 13 type:

    copy _registry_machine_software c:\windows\system32\config\software

    Alternatively, select different restore point.



    If you don't have Windows CD...

    Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
    Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
    Using Imgburn, burn rc.iso to a CD.
    Boot to the CD...let it finish loading.
    When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

    Follow steps 3 - 14.
     
    broni,
    #4
  6. 2010/01/21
    wilberforce

    wilberforce Inactive Thread Starter

    Joined:
    2010/01/20
    Messages:
    4
    Likes Received:
    0
    Hi Broni, and thanks for the suggestion...

    When I get to the Welcome screen and press R, I get the following message:
    "Windows XP Home Edition Setup
    Setup did not find any hard disk drives installed in your computer.
    Make sure any hard disk drives are powered on and properly connected to your computer, and that any disk-related hardware configuration is correct. This may involve running a manufacturer-supplied diagnostic or setup program.

    Setup cannot continue. To quit setup, press F3. "

    It's strange because the Lenovo Thinkvantage Rescue and Recovery program on my computer works and detects the contents of my hard drive. I have been able to transfer files to USB memory sticks. But I am still fearful my main Norton backup might fail, which is why I hoped I could boot and try to cleanse the system.

    Do you have any more ideas?
     
    wilberforce,
    #5
  7. 2010/01/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Oh boy....
    At this point, I'll have to send you to Windows forum, so some others will try to make computer bootable again.
    The access to THIS forum is very limited (just you and me).
    When the computer is bootable again, you're welcome to come back here.
     
    broni,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...