Windows Defender used and now can't start up my computer properly

Okay the Active: Yes is the important info I want to find out about. So this was for the System Rese NTFS Partition 100 MB partition???

The only two we care about are the below

Code:

Volume 1 C System Rese NTFS Partition 100 MB Healthy nothing in info column
 
Volume 2 D eMachines NTFS Partition 686 GB Healthy nothing in info column

Did any of the volumes show as Boot or System

 

I'm going to give you an example of the kind of things I'm looking for. Obviously volume numbers, labels and sizes will be different than yours since this is not for your system, but I want to highlight some important items in bold purple below that I'm looking for.

Code:

DISKPART> list disk
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online         1863 GB  3072 KB        *
  Disk 1    No Media           0 B      0 B
  Disk 2    No Media           0 B      0 B
  Disk 3    No Media           0 B      0 B
  Disk 4    No Media           0 B      0 B
 
DISKPART> select disk 0
Disk 0 is now the selected disk.
 
DISKPART> list partition
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
[COLOR=purple][B]  Partition 1    System             500 MB[/B][/COLOR]  1024 KB
  Partition 2    OEM                 40 MB   504 MB
  Partition 3    Reserved           128 MB   544 MB
  Partition 4    Recovery           500 MB   672 MB
  Partition 5    [COLOR=purple][B]Primary           1850 GB[/B][/COLOR]  1172 MB
  Partition 6    Recovery            10 GB  1852 GB
 
DISKPART> list volume
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     H                       DVD-ROM         0 B  No Media
  Volume 1     C   OS           NTFS   Partition   [B][COLOR=purple]1850 GB[/COLOR][/B]  Healthy    [B][COLOR=purple]Boot
[/COLOR][/B]  Volume 2         ESP          FAT32  Partition    [COLOR=purple][B]500 MB[/B][/COLOR]  Healthy    [B][COLOR=purple]System[/COLOR][/B]
  Volume 3         WINRETOOLS   NTFS   Partition    500 MB  Healthy    Hidden
  Volume 4         PBR Image    NTFS   Partition     10 GB  Healthy    Hidden
  Volume 5     D                       Removable       0 B  No Media
  Volume 6     E                       Removable       0 B  No Media
  Volume 7     F                       Removable       0 B  No Media
  Volume 8     G                       Removable       0 B  No Media
 
DISKPART> select disk 0
Disk 0 is now the selected disk.
 
DISKPART> list partition
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  [COLOR=purple][B]Partition 1[/B][/COLOR]    [B][COLOR=purple]System  [/COLOR][/B]          [COLOR=purple][B] 500 MB[/B][/COLOR]  1024 KB
  Partition 2    OEM                 40 MB   504 MB
  Partition 3    Reserved           128 MB   544 MB
  Partition 4    Recovery           500 MB   672 MB
  Partition 5    [B][COLOR=purple]Primary[/COLOR][/B]           [COLOR=purple][B]1850 GB[/B][/COLOR]  1172 MB
  Partition 6    Recovery            10 GB  1852 GB

 

If we can get one partition marked as bootable, we may yet be able to boot.

There is a PQSERVICE partition on your eMachines PC that could possibly be used to reimage your drive back to factory ship state. That is as long as the malware and the change that Windows Defender Offline made did not break it. I'm not sure how to do this with eMachines but someone in the Software Forum may know.

Not really sure as there are thousands of people getting Alureon infections each week. They are very common and come from many differnt places. We fix them all the time. The running of Windows Defender Offline is what made this problematic.

We can try some more. I would like to have you make the below G-Parted CD which we should be able to boot from. We may be able to use it to show the partitions and see the flags ( like boot flag ) and mark one partition as bootable. The instructions are for an older version of G-Parted but we should be able to do this

• Please download: gparted-live ( approx 121 MB)
• Create a bootable CD for GParted.
• You can use ImgBurn to accomplish this.
  • If you need help on how to use ImgBurn, please view the below guide by dr.m
    • Using ImageBurn to Burn an ISO image

Now boot off of the newly created GParted CD.

You should be here...
Press ENTER

By default, do not touch keymap is highlighted. Leave this setting alone and just press ENTER.

Choose your language and press ENTER. English is default [33]

Once again, at this prompt, press ENTER
You will now be taken to the main GUI screen below


Let me know if/when you get down to this point where it is list partitions. Notice in the above how one partition has a Boot flag.

 

This may be indicating the problem. For this eMachines partition, is it the one that is 686 GB ( GiB on G-Parted screen ) ? And when you look in the Flags column, you do not see this partition marked as boot ?

Is any partiton at all marked as boot?

 

Okay, I'm not sure if the 100MB partition should be the have the boot flag or if the larger 68G GB partition which contains Windows should have the boot flag but the yellow triangle is probably indicating an corruption in the file system which is likely why you received the below error message earlier when we tried a fix

Boot back up to the command prompt with your Recovery Disk and see if you can run the below command.

chkdsk /f

Let me know if this runs and what it says when it finishes. This will take awhile to run.

EDIT::: We need to make sure that you run the chkdks /f on the actual hard disk and not the CD or some other drive. I'm going to assume the hard disk will be drive C so the command would be

chkdsk c: /f

 

Yes the below one because I believe your hard disk will be drive C and you are booting up from a CD

but did we determine earlier that a different drive letter was used for the 686 GB drive partition

 

Yes I believe we said it was D so use

chkdsk D: /f

 

Yes, see message 62 that I posted

 

Okay now just for the heck of it, try booting up normally.

If it does not boot, then reboot back into G-Parted and let's see if the "yellow triangle" is gone.

 

Okay then let's try changing the D drive to have the boot flag.

• Right click on the 100MB Partion and select "Manage Flags"
• Remove the Ticks from Boot as follows ( ignore the hidden flag item in the below image ) and close then Manage flags form

• Right click on the 686GB Partion and select "Manage Flags"
• Add a check for from boot flag
• Now click the Apply selection ( the green check mark ).
• You should now be here confirming your actions per the below.

Did all that work thus far?

 

I will not be back until late tomorrow night. I too have a 6AM meeting tomorrow as I'm working with people from other countries ( China and Germany ) for real work. And I will not be back home until after 9 PM tomorrow.

 

Okay before we try something like grub, I want to check out a few things.

Okay boot from your Recovery disk and at the command prompt type in C:
and hit enter. Does the prompt change to show the C drive?
Type in dir
and hit enter. Do you see your files listed and do you see a folder named boot

Now type in the below command and hit enter. Note there are spaces before the -r, -h, -s and boot. And note that -s is the letter 's' not a number 5 as you used way back in message # 27 on drive D.

attrib -r -h -s boot

Now type dir and see if you see the boot folder.

Also I want to check on the disk partitions again now that we used G-parted to make some changes. So from the C prompt, also run the below commands.

diskpart
select disk 0
list volume

I want to see what the list volume command shows. I only care about the below two partitions so you don't need to type all the other info

I'm looking to see if the boot flag showed up on Volume 2 and if Volume 1 is showing as System. Like in my example back in message #53 which showed the below

Code:

DISKPART> list volume
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     H                       DVD-ROM         0 B  No Media
  Volume 1     C   OS           NTFS   Partition   [B][COLOR=purple]1850 GB[/COLOR][/B]  Healthy    [B][COLOR=purple]Boot[/COLOR][/B]
  Volume 2         ESP          FAT32  Partition    [COLOR=purple][B]500 MB[/B][/COLOR]  Healthy    [B][COLOR=purple]System[/COLOR][/B]
  Volume 3         WINRETOOLS   NTFS   Partition    500 MB  Healthy    Hidden
  Volume 4         PBR Image    NTFS   Partition     10 GB  Healthy    Hidden

We need to have a Boot and a System partition for your PC to come up.

 

Hmmm! No Boot flag. This is troubling. But the symptoms did change to where you got the BOOTMGR missing message so let's try something that sometimes will fix this. Boot your PC from the Recovery CD again and this time Retry the Startup Repair selection and see if that works. This can sometime repair/replace the bootmgr.

Also now your volumes are reversed and drive D is the System drive so run the below on drive D

Now type in the below command and hit enter. Note there are spaces before the -r, -h, -s and boot.

attrib -r -h -s boot

Now type dir and see if you see the boot folder.

 

And just as an FYI, let me explain the System and Boot partitions ( also sometimes called volumes ).

• Microsoft developers really messed up with the choice of names being used because they are actually the exact opposites of what the names are coveying and this has a tendancy to confuse everyone.
• The System partition and boot partition on a hard disk are what Windows uses when starting.
• The System partition actually contains the files used to boot Windows 7 while the boot partition contains the system files required to start up the PC and points to which Windows installation to run.
• So on your PC, the 100 MB partition should be a System partition and when you boot your PC there should be a \boot folder on this "System" partition containing a BCD file that provides information on your where your Windows installation is located ( which for you is the 686 GB partition ) so that the Windows Operating System can be "booted" ( which is why they use the word boot ).

 

I'm not sure I follow what you did. Were you actually able to run the startup repair or did you never get to that menu?

 

It sounds like you are booting from the hard disk not the CD. Make sure BIOS settings are still correct and that you are botting from the Recovery CD not the hard disk.

 

You're welcome. I do recommend that you run thru the below now that you can boot. This way we can be sure there are no other malware issues:

READ & RUN ME FIRST. Malware Removal Guide

While AVG is not one of my favorites ( mostly due to how they bogged PCs down and a few other issues ) it is probably not much worse than other choices. Definitely not better but not too much worse. No antivirus programs, not even the big names like Symantec and McAfee are protecting people against these types of infections. If they were, we would not be so busy here. The bigger problem than the lack of protection is the lack of detection and removal which all of these programs are VERY BAD at. It is just a state to where malware has evolved. Much more manual interaction and removal is commonly required now because the protection tools do not work well enough for the common every day infections that we see in this forum and dozens of other forums like ours see the same issues.

 

Why? Is it a paid version that is expiring?

Do you want a full security suite ( personally I don't like them as them have too much baggage ) but some users really need a security sute because they just don't practice safe surfing..... at least not well enough.

And what was the age level of the person who was able to infect this particular PC? Sometimes with teenagers and below, the fastest way to add more security is to not allow them to have a user account with administrator priviledges. This can become and issue when they want to install games,.....etc because they will not be able to do so without an admin doing it for them, but it does stop a lot of other problems from happening. It will however possibly increase you work load as the administrator.

 

Even when they are careful, they can still manage to get infected unknowingly and kids just really will not remain that careful as they are always in a rush.

When we get to final instructions, I would be posting the below for you to read. It would be a good read for everyone.

How to Protect yourself from malware!

As stated in it, there just is no perfect solution, but the end user can be the best first line of defense, or their own worst enemy especially if uneducated in good surfing habits.

They all have an effect. Some more than others. Also it is a matter of exactly what you install from them. For example:

• Just the antivirus ( which these days always includes antispyware)
• AV + Firewall
• AV + Firewall + email protection + antispam
• The whole internet security suite which typically may include a bunch of things you really don't need.

Also some tools have interface or operational moded that can be too difficult for some users to handle. For example there are many things about Comodo's Security Suite that are really good and it seems to provide very good protection. But some people can handle getting the firewall all setup and configured for all the things you run and it needs tweaking when updates occur. But I find this good.


If you are a safe and smart surfer, you can easily get away with just the below even though the Windows Firewalls are far from the best:

1. A good router with a hardware firewall which most include these days. If you don't have a hardware firewall, you must get one.
2. An antivirus with antispyware only - example Avira
3. Windows Firewall for a firwall but there are better choices, like any of the below
   • Comodo Personal Firewall
   • Private Firewall
   • Outpost Firewall Free

As with all free software today, you have to be careful when installing not to install misc toolbars and other items that come with them. Free software really cannot be totally free anymore. It costs too much to make and keep updated.