XP Cleanup- ComboFix Problems...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by RayM, Sep 23, 2008.

  1. RayM

    RayM Private E-2

    I did a virus scan today on my work pc and it was unable to run let alone start a full system scan because McAfee Total Protection for small business said I had an infected memory. I then decided to try and clean it myself and with your help by running "Read and Run Me First" followed by the Windows XP cleanup procedures.

    All that was found prior to ComboFix was an ad-aware in spybot and 4 vundo variants in malwarebytes. Then I ran combofix following the instructions to a tee from here.

    While running, after completing around stage 31, the blue screen said it found something wrong and needed to shut down and reboot. It did so and now my computer stays in a perpetual reboot. I tried starting it in safe mood and a list of drivers appears and it then goes to a reboot again. Then I tried the last known setting that worked and nothing, it reboots again.

    Please advise as to what steps I need to take now?:confused

    Thanks in advance.

    Ray
     
    RayM, Sep 23, 2008
    #1
  2. RayM

    RayM Private E-2

    I'm not going to be harsh here because your process has worked in the past. But this time my computer has crashed and I forgot to back it up before running all these steps. Luckily, most of my documents and the like reside on our work server.

    Well, since I never received a response I started doing searches and working through different threads on how to do a system restore from the recovery console.

    I worked through this one and could not get past the access denied step.

    Then this one pointed out that my sam database files were probably corrupt and that it would be virtually impossible to do a system restore.

    So I guess it's time to do a clean install. What bothers me though is that no one responded around here. Why not just be straight with me? And why is combofix included in the cleanup process if it can end up acting so maliciously? You may want to re-visit your cleanup procedures so that this does not happen to other users going forward.

    Ray
     
    RayM, Sep 23, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am sorry to hear you are having problems.....you may want to do this:
    Registry recovery from recovery console:
    http://support.microsoft.com/kb/307545

    Let us know how you get on with those instructions.

    (You also need to know that there are only 3 of us who do this work, in our spare time and on a volunteer basis.....we do get to each and every person.)
     
    TimW, Sep 24, 2008
    #3
  4. RayM

    RayM Private E-2

    I tried that- no luck. I could not get past step two as there was no way to reach Windows. I also tried this thread and this one. On the second one there, I reached the conclusion that my SAM database was probably corrupt.

    Then after more troubleshooting on another forum and with Dell, it was determined my hard drive was shot.

    I understand you guys are busy and can't get to everyone right away. I applaud you guys for your commitment to the cause. You still may want to revisit combofix as a step to run in xp cleanup procedures without supervision though.

    Take care. Peace...
     
    RayM, Sep 24, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry to hear of the problems this has caused you Ray. As you noted, our lack of response had nothing to do with avoiding you. It was just a matter of getting to your position in our work queue.

    What happens exactly when you got to part 2?

    When you did part 1 did you run into any problems? If you were able to run part one and do all steps given in part one then there is nothing wrong with your hard disk since you were obviously able to write to it to perform those instructions.

    Before going any further, you may want to just take this hard disk over to another PC and put it in as a slave drive. Then you can copy ALL important data off of the drive. After doing that you could attempt to continue with repair of the OS and malware removal or you could opt to do a reinstall.

    Yes and this is why TimW gave you that link at Microsoft. We use this all the time to repair corrupted registry issues.

    As I said above, if you were able to perform part 1 of those instructions from Microsoft then there is nothing physically wrong with your hard disk.

    Actually this is a sticky area with malware these days. Any scan could potentially cause similar issues. Even the antivirus or antispyware programs you may have had installed already before coming here could potentially cause Windows boot issues. The root of the problem is the infections themselves. They are being designed to be more malicious and sometimes that act of malware removal by any method can cause a PC to become unbootable. The complexity of malware has grown tremendously in the last couple years. And with this so the power and type of tools being used had to change too. The end result is the tools have had to become so powerful that they could possibly break the operating system. If we were to stop using tools like ComboFix and Avenger, we may as well just change the READ & RUN ME to one simple statement which reads Reinstall your operationing system from scratch because without these tools, many of the new infections that exist just cannot be removed.
     
    chaslang, Sep 24, 2008
    #5
  6. RayM

    RayM Private E-2

    Hi Chas. Part 1 did work but what happens in Part 2 is that I cannot get into safe mode, so I cannot get access to Windows Explorer. My system stays in a perpetual reboot. I tried last good config and nothing. Safe mood with prompt and nothing. Only thing I can get access to is the recovery console, but I'm at a dead end there as well. I can't get past the access denied point even after typing in the changes that are supposed to grant me access.

    Dell is already sending me a new hard drive but the slave drive had skipped my mind. You think I will be able to gain access to it? I'll try it.

    I agree with your points made on the malware. It is unfortunate that so many malicious people are out there in the first place. Once again, I applaud you guys for your efforts. Keep up the fight!

    Ray
     
    RayM, Sep 24, 2008
    #6
  7. RayM

    RayM Private E-2

    No luck on the slave drive. Looks like I would have to run some sort of recovery program to make any headway on that end.
     
    RayM, Sep 24, 2008
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What happens exactly?

    Did you use jumpers to confure it a slave or are you using CS Select? You should make sure that you are putting it onto the same cable as your master hard disk. The below link may be hepful:

    http://www.dtidata.com/resourcecenter/2007/04/23/how-to-slave-hard-drive/

    Is the slave drive recognized in the BIOS before even trying to boot Windows?
    Is the slave drive recognized when you boot into Windows?
    If recognized, do you have any access to it at all?
    Do you get any error messages at all? If yes, give us the exact message.

    When Dell determined that the drive was bad, did have you run a diagnostic and did they get an error code?
     
    chaslang, Sep 25, 2008
    #8
  9. RayM

    RayM Private E-2

    Hi Chas. I tried a lot of things. I believe my hard drive is connected via cs select and it is on the same cable. I don't think this newer hard drive has the ability to be jumped. I am going to attach some pictures and I'll describe the pics in my next reply.

    To your questions:

    1. Slave drive is not recognized in the BIOS.

    2. No recognition when booting into Windows.

    3. No Access. Unable to locate in Disk Management either.

    4. I ran boot to utility configuration and did get an error code. It was error code 650F:137B. Msg: IDE device failed: Blank media or no media is present in optical drive. I don't even think this has to do with the hard drive in question.

    5. As for Dell we ran a battery of tests for 3 plus hours. To make a LONG story short, we did run a diagnostic (boot utility config) and it was frozen. No mouse movement and no arrow key movement. We then put in a good hard drive and the same thing. Then we went to f2 and set the computer back to factory defaults and good hard drive. It then worked and allowed access to Windows. Exchanged with old hard drive and it still would not work. Thus it was determined hard drive needed replacement.

    Let me know if you have any other suggestions. Somehow the new hard drive already arrived today. I guess I am going to start formatting it.

    I was recommended this to try and get my data off the old hard drive. You have any input on that?

    Ray
     

    Attached Files:

    RayM, Sep 25, 2008
    #9
  10. RayM

    RayM Private E-2

    Last pic attached. It's just a pic of the WD 160Gb hard drive from the front.

    Pic 1 in post above is misc power cables. If you see where the skinny blue one is plugged in to the mother board, that is also where I attached the the slave drive in the empty adapter next to it.

    Pic 2 is the backside of the hard drive. There are no options for slave.

    Pic 3 is both as plugged in. Only thing missing is the skinny blue connector I later plugged in below the main drive.

    I should have taken pictures after I plugged in the cable.
     

    Attached Files:

    RayM, Sep 25, 2008
    #10
  11. RayM

    RayM Private E-2

    Wow, I am experiencing some serious problems here. I can't even load Windows on to the new hard drive. Same thing happens as when I was trying to install Windows on the old hard drive. I get stuck on the licensing page. I can't hit f8 to accept. And no, it is not the keyboard as I have tried others.

    And when I reboot now, I get stuck on another error code:

    Floppy diskette seek failure
    Strike the f1 key to continue, f2 to run the setup utility

    I dont even have a floppy drive. This error did not appear until I swapped hard drives with the Dell tech. Then it started appearing. Now I'm stuck and back on with Dell.

    I think I am going to seriously contemplate moving on from a pc to an Apple. I have had it!:(
     
    RayM, Sep 26, 2008
    #11
  12. RayM

    RayM Private E-2

    Yep, another hard drive on the way. This time with Windows and drivers pre-loaded. Wish me luck...
     
    RayM, Sep 26, 2008
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes I do wish you luck! There seems to be too much going wrong. It may be a strange coincedence but I have to wonder if it is really only a hard disk issue.

    Way back when I asked you to run that Microsoft procedure, you said you did part 1. In order to do part one, the hard disk had to be recognized and running. Albeit not in Windows mode but it had to be recognized inorder to copy files as instructed. But then later you have said the drive is not recognize so something else changed after running part 1 of those Microsoft steps.
     
    chaslang, Sep 27, 2008
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds