MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Closed Thread
 
Thread Tools Display Modes
  #1  
Old 10-26-10, 12:35
IcemanGER IcemanGER is offline
Private First Class
 
Join Date: Nov 2008
Posts: 36
Thanks: 6
Thanked 0 Times in 0 Posts
Default boot sector virus

I have BOO/Alureon.A on my Win 7 64bit Laptop.
Tried several procedures without any luck.

biggest problem is that combofix doesn't run on it !

any help is highly appreciated.
Sponsored links
  #2  
Old 10-26-10, 15:22
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 47,043
Thanks: 459
Thanked 4,737 Times in 4,472 Posts
Default Re: boot sector virus

Please do the following:
READ & RUN ME FIRST. Malware Removal Guide

Then:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!


Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_14.17.05_log.txt) will be created and saved to the root directory ( usually Local Disk C ).
  • Attach this log to your next message


Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some information that will contain either the below line if no problem is found:
    • Done! Press ENTER to exit...

  • Or you will see more information like below if a problem is found:
    • Found non-standard or infected MBR.
    • Enter 'Y' and hit ENTER for more options, or 'N' to exit:

  • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
  • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
  • Attach this log to your next message.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
  #3  
Old 10-26-10, 16:06
IcemanGER IcemanGER is offline
Private First Class
 
Join Date: Nov 2008
Posts: 36
Thanks: 6
Thanked 0 Times in 0 Posts
Default Re: boot sector virus

ran the TDSSKiller.exe !
laptop reboots into a BSOD now. tried last known good config, system restore.....

can't get into save mod either.......
  #4  
Old 10-26-10, 16:11
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 47,043
Thanks: 459
Thanked 4,737 Times in 4,472 Posts
Default Re: boot sector virus

What OS is it? XP, Vista, Win7? Do you have OS CD's?
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
  #5  
Old 10-26-10, 16:14
IcemanGER IcemanGER is offline
Private First Class
 
Join Date: Nov 2008
Posts: 36
Thanks: 6
Thanked 0 Times in 0 Posts
Default Re: boot sector virus

it's win 7 64bit. i have a couple CD's 32/64. they should work.
Sponsored links
  #6  
Old 10-26-10, 17:03
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 47,043
Thanks: 459
Thanked 4,737 Times in 4,472 Posts
Default Re: boot sector virus

We can either try using the disc to work in the recovery environment or to repair install. Which way are you wanting to proceed?
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
  #7  
Old 10-26-10, 17:15
IcemanGER IcemanGER is offline
Private First Class
 
Join Date: Nov 2008
Posts: 36
Thanks: 6
Thanked 0 Times in 0 Posts
Default Re: boot sector virus

looks like i only got the 32bit disc. already tried to use the recovery but comes up with a different version.
  #8  
Old 10-26-10, 17:17
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 47,043
Thanks: 459
Thanked 4,737 Times in 4,472 Posts
Default Re: boot sector virus

You can create this recovery disc that will let you access the Recovery Environment:
Vista and Win7 Recovery disc
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
  #9  
Old 10-26-10, 18:05
IcemanGER IcemanGER is offline
Private First Class
 
Join Date: Nov 2008
Posts: 36
Thanks: 6
Thanked 0 Times in 0 Posts
Default Re: boot sector virus

ok, that's done. booting the repair disc now.
  #10  
Old 10-26-10, 18:09
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 47,043
Thanks: 459
Thanked 4,737 Times in 4,472 Posts
Default Re: boot sector virus

If trying the Fix Startup doesn't work, we may need to get into the RC and try it that way. Let me know how it goes.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Sponsored links
  #11  
Old 10-26-10, 18:30
IcemanGER IcemanGER is offline
Private First Class
 
Join Date: Nov 2008
Posts: 36
Thanks: 6
Thanked 0 Times in 0 Posts
Default Re: boot sector virus

repair disc gives me an error.
Status: 0xc00000e9
Info: an unexpected I/O error has occurred

i burned the iso twice. still the same error
  #12  
Old 10-26-10, 18:33
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 47,043
Thanks: 459
Thanked 4,737 Times in 4,472 Posts
Default Re: boot sector virus

I don't know what is wrong with the disc, but it is looking like you may need to borrow a Win7 64 bit disc at this point.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
  #13  
Old 10-26-10, 19:30
IcemanGER IcemanGER is offline
Private First Class
 
Join Date: Nov 2008
Posts: 36
Thanks: 6
Thanked 0 Times in 0 Posts
Default Re: boot sector virus

exactly the same error with the 32bit disc.
  #14  
Old 10-26-10, 20:30
IcemanGER IcemanGER is offline
Private First Class
 
Join Date: Nov 2008
Posts: 36
Thanks: 6
Thanked 0 Times in 0 Posts
Default Re: boot sector virus

so, i downloaded a full version of win7 64bit and when i get into the system restore option it is telling me the same. this copy of windos is not compatible with the one installed !!!
  #15  
Old 10-27-10, 12:35
IcemanGER IcemanGER is offline
Private First Class
 
Join Date: Nov 2008
Posts: 36
Thanks: 6
Thanked 0 Times in 0 Posts
Default Re: boot sector virus

i'm reinstalling windows. too bad. was hoping to fix it.
Sponsored links
  #16  
Old 10-27-10, 15:56
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 47,043
Thanks: 459
Thanked 4,737 Times in 4,472 Posts
Default Re: boot sector virus

Sorry to hear that. Were you able to save any of your personal info and data? When you ran TDDSKiller, did you choose cure or delete and do you recall what it found?
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
The Following User Says Thank You to TimW For This Useful Post:
IcemanGER (10-28-10)
  #17  
Old 10-28-10, 10:31
IcemanGER IcemanGER is offline
Private First Class
 
Join Date: Nov 2008
Posts: 36
Thanks: 6
Thanked 0 Times in 0 Posts
Default Re: boot sector virus

yea, i don't recall what it found, but i double checked with your instruction before i hit OK. "cure" was set !
there wasn't much personal info on the machine. i could have taken the drive out and used my desktop to get the data off of it. it was my buddies machine btw. 3 weeks old.
no big deal, data wise.

thanks for your help, anyways. too bad it didn't work out this time.
  #18  
Old 10-28-10, 16:44
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 47,043
Thanks: 459
Thanked 4,737 Times in 4,472 Posts
Default Re: boot sector virus

It's a rare occurrence that TTDSKiller will kill a system. But good to know you didn't have any problems with doing a reinstall.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Boot Sector Virus won't remove with MBR fitch Malware Removal 3 08-31-10 17:32
BOO/Sinowal.D boot sector virus (1 of 2) ekalbs4 Malware Removal 9 10-03-09 20:49
Boot sector virus message?????? Narf44 Software 1 07-12-06 11:28
boot sector virus? daveman2 Malware Removal 1 05-16-05 00:12
Malware, virus, or boot sector? LCR Malware Removal 8 03-26-05 00:01


All times are GMT -5. The time now is 04:14.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger