Computer Boot Problems / Windows XP Installation

Alright, I have a major problem. A couple of days ago, my computer would sporadically shut off without any sort of prompt and would not automatically restart unless I would manually do so. I assumed it was a virus due to the fact I accidentally clicked on a malicious link which downloaded a fake anti virus program, you know the ones that tell you even your taskmanger.exe is infected and you have to buy their program to fix it? Right, well, I tried starting in safe mode to restore to a previous point but this proved futile due to the fact my computer would improperly shut down again without prompt before the restore could finish. Shortly thereafter, my mouse cursor disappeared. I disassemble my hardware and removed 1 stick of RAM 2GB, GTX 260 graphics card, and Wireless card. I tried repairing windows, via the 2nd window screen, and after a long wait, it finished. Now, I am able to load in Safe mode; however, I cannot in normal mode. My desktop background appears and as does my windows default mouse cursor, but not my start menu or icons or anything.

I hooked up 1.5 TB HD as a slave and ran an antivirus program, Avast, standard scan, and found 46 infected files.

Is there any file i need to check or program I can find or a log that will tell me the problem?

 

Greetings, Beret...

If at all possible, you need to follow the steps listed in the Read and Run Me First Malware Forum thread...

 

I couldn't find the zip file for that thing and combo was running on the wrong HD.


Okay. New problem. I did everything in that thread. Ran all the scans and deleted everything I could. I have my infected hard disk hooked up as a slave (E:/) to this brand new hard disk (C:/) Now, when I try tooking up E as my primary, I get a blue screen after my kernal loading screen; however, I can access my desktop in safe mode. Though, here is the catch, in safe mode, my computer will improperly shut down completely and not restart.

 

Beret,
Your slave drive is/was infected, too. And the SASW and AMWB scans need to be run on all hard drives, not just the slave. And combofix needs to run from where it says in the R&R Me First instructions, though it appears that it was able to see your C-drive. And MGtools, too, should be in its proper place and you should be able to find the Zip where it says it will be in the R&R Me First if the tools were able to run. I suggest youi correct those as best you can considering your PC's state and start a new thread on the Malware Removal forum.....you'll be in good hands there.
Good luck.

 

My C:/ drive is completely new, all it has is windows and the programs I was instructed to download. The slave drive is the drive i am trying to recover. I ran everything accordingly, except for MG and combo. I could not get combo to scan my slave drive and I could not find where the MF zip file was located..

 

Hi again, Beret,

Sorry, I wasn't understanding the differences in your C: and E: drives, but I do now, I think. It appears that the drive that you now have slaved was originally a boot drive and you set it up as a slave so you could access it from a new C:-drive after your original drive (now the slave) had malware problems. At this point can you run reliably from C:-drive with no apparent problems with it, either with or without E:-drive connected?

Below are some thoughts I've had or things I think I've noticed. These are just ideas to consider and shouldn't be taken as a substitute for getting advice from the malware experts over in Malware Removal. I strongly suggest that you start a thread there for the problems with your E:-drive.

FYI, if MGTools ran properly, the Zip file should be in the root of C:-drive, i.e., C:\MGLogs.zip.

I noticed that your ComboFix log is dated as having been run in 2009? Is your computer's year in Date/Time off by a year? Just checking...

You mentioned that you couldn't get Combo to scan E:, but the log shows that it picked up something there, in the root.

You mentioned running an Avast scan, but ComboFix shows that you have McAfee. Did you uninstall the latter before installing Avast? Or was that Avast's Online scanner that you ran? It's not recommended to have more than one AV installed and running at the same time, just in case you didn't know.

Speaking of online scanners, have you run any of them? ESET Online is pretty good, and there's Kaspersky Online, and BitDefender, Housecall and Avast have them, too. Might be worth a shot running a few or all of those on C: and E: before starting a thread in Malware Removal (M-R hereinafter). If any scan finds anything, run the scan again it until it doesn't find anything before moving to the next scanner. Try to save log files or screen shots or something if the scans find anything, to pass on to M-R. Having said all this, it might take forever to run an online scan on your monster E:-drive, depending on how much is on it, so you'll have to make a judgment as to whether it would be worth the time or not.

If you run the scans, I recommend that you afterward physically disconnect the E:-drive until you get some guidance from the M-R folks, to avoid the risk of infecting the C: drive, too, unless you know that C:-drive is already infected. And also if you run any of the online scans, it might be worth afterward to try going through the R&R First again to get fresh info and logs to pass on to M-R. If nothing else, run the R&R on your C:-drive only (E: still disconnected), so that the M-R folks can at least give you an all-clear on it before digging into E:-drive.

The M-R crew normally want you to do as much as possible with the R&R First before starting a thread, and they prefer logs with the first post, but I think if you condense and logically lay out your sort-of-unique situation---the points you've mentioned in this thread---that they will be able to guide you to get things to the place where you can complete the R&R First so that they can then take a good look at everything for you. From your explanation in your first post to them of the situation I think they will see why you may not have been able to post good logs with your first post, but if you have any logs at all that you're pretty sure are valid, like from the online scanners, post anything that will help them understand what's going on, then follow what they say from there.

If you have any other questions before heading over to M-R, ask, and I or someone else will try our best to answer them.

BTW, don't worry too much about any baddies that may still remain in System Restore on E:-drive. The M-R final fixes will take care of those. ChasLang, Kestrel13, TimW and others in M-R are pretty sharp cookies and they will fix you up.

And if you want to ignore all the above and head straight to M-R, that's fine too....your choice...all the questions asked above you can take as rhetorical...no need to respond to me

Good luck...I'm looking forward to seeing how it works out as it's an interesting problem.

 

Yes. I am running on a reliable C drive with my old boot drive hooked up as a slave.

MG tools seemed to have ran on my C despite i opened it via E:/... im not sure, ill post the log again.

Combo scanned E? Hm.. and yes my date time is messed up.

I did run Avast, on another HD before I used this one. When I installed windows, McAfee or whatever somehow installed itself or something.

I'll try some of those online scanners, and see what they do and report back here and later open up a new thread over at M-R. Thanks, kip.

 

You're welcome, Beret. Regarding the points you made in your last post...

That's good...hope C-drive stays that way.

Make sure that you run MGTools from where it says in the R&R First...and no need to post here the log from it, but the M-R folks will need it.

I can't swear to you that it looked at all of E:, but it at least looked at the root and deleted a file it didn't like.

Glad to hear that your year was off...get that fixed if you haven't already. Accurate dates in logs are real important to the M-R crew.

The results will be interesting, but no need to report here unless you just want to describe in general how the scans turned out... tell the M-R people in detail, though, what happened. (with logs, if possible---what's been found and fixed by scans can tell M-R a great deal about the nature of an infection). By all means get a thread started there after you run the online scans and after working through the R&R First again. For the R&R First, don't concern yourself with the E:-drive. Let M-R give you the all-clear on C: first before getting into E: After they see your first post and have a better feel for what's going on, they will advise you on how best to proceed from there.

Once you start a thread in M-R let us know here that you did that so that those of us interested can follow how it goes in M-R. Thanks.

Just keep plugging away and eventually the truth will be known

 

Just a thought but a computer that just shuts itself off could be a failing HD rather than malware. [The fact that the computer shut down while trying to do a restore rather than giving a failure message makes me think this might be a real possibility]

It may be worth doing a chkdsk on the E: (faulty) drive while it is hooked up as slave. In My Computer right click the E: drive select Properties and under Tools select Check Disk for Errors and then checkmark both boxes to fix errors.

It may also be advisable to download the HD manufacturer's utility program to check the HD for errors. [Their website should have a link under Support] Since you can work off of C: drive the Windows version of their utility would work fine. I would recommend the Long/Extended test since the Short test will only report errors but not try to fix them.

 

Sach, I tried your advice and no dice. And they told me to come back over here because evidently it's not malware anymore.


EDIT: I need to try the HD utility thing, though.

 

that was pretty much the first thing I tried.. it went all the way through, took some time, but it booted normal and would freeze up on the desktop. Only display my custom background wallpaper, no taskbar, no cursor, no shell. Perhaps if i tried it again?

 

Ahh, thats the last thing I want to do, to be honest. I have 84 games on my old HD, and despite the fact many of them are steam, there are still a lot of applications i dont want to re-modify to my liking. Such as my firefox settings and such. I mean if I copy over my program files folder, will that still force me to reinstall everything? I want to try the HD utility tool first, however.

 

Also, I can't seem to find the proper program for my internal SEAGATE 1.5TB HD. which is E

 

Moving Steam, Firefox profiles or MozBackup and you can use the built-in Files and Settings Transfer wizard manually to backup a lot of other data/programs ready for importing into a clean install (I'd not use FAST automatically, it may carry over bugs from your current install).

 

I would really like another option besides reformatting.

 

I do not want to restart all over. If I can somehow stop it from auto restarting, I can see the error the blue screen displays and fix it in correlation to whatever error I receive, right?

 

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/russel_02may13.mspx

 

TOP: 0x0000007E (0xC0000005, 0xB82B8750, 0xB84C342C, 0xB84C3128)

I googled it to no avail. Any suggestions? (besides reformatting)

 

http://support.microsoft.com/kb/330182

 

Ah shit, could this BSOD be because i attempted to repair it via the windows installing disk and stopped halfway to scan it with avast and resume afterwards?

 

i still need help please, i cant make this bluescreen go away despite that thread. perhaps i just re-repair windows?