No LAN connection after removing Virus

Another thing to try is running these commands from the recovery console:
Note: the dark green text is just informational.

• fixmbr <--- then press y when asked
• fixboot <--- press y when asked
• exit

 

tried fixmbr and fixboot and still blue.
I Loaded the Rescue disk but I am not sure what to do from here.
I got a screen that says

Kaspersky rescue disk. Graphic Mode
Kaspersky rescue disk. Text Mode
Harware info
boot from hard disk
reboot
shut down

 

This is way over my head.I don't think I will be able to handle using this rescue disk.

I guess its getting close to talk about what I should do next if we can't get anywhere with this.

 

I have another idea. I will go into more detail once I get home from work in a couple of hours from now.

 

I just tried the idea I had on another machine to see if it would make a difference. Unfortunately, it did not.. so instead I made you a step by step tutorial on how to scan your system with the Kaspersky Rescue disc.

http://img141.imageshack.us/img141/2305/krd10pressanykey.th.png

You have to press any key on the keyboard in order to continue using the Kaspersky Rescue Disk.

http://img849.imageshack.us/img849/5771/krd10language.th.png

Choose your language. English is the default selected language. Press Enter to make your selection.

http://img535.imageshack.us/img535/2731/krd10gfx.th.png
Press Enter for "Graphic Mode".

http://img10.imageshack.us/img10/4979/krd10loading.th.png

Please be patient, ultimately you will be brought to this:

http://img440.imageshack.us/img440/9721/krd10agreement.th.png

Here you need to type the letter "A" on your keyboard to "Accept" the agreement.
The next couple of screens are as follows:

http://img703.imageshack.us/img703/3011/krd10mounting.th.png
http://img263.imageshack.us/img263/6927/krd10swapfile.th.png


Then you will be brought to this screen, we need to update the virus definitions first. See the screenshot for details.
http://img402.imageshack.us/img402/6981/krd10updatewarning.th.png

You should be here updating the virus definitions. Be patient.
http://img198.imageshack.us/img198/4875/krd10updating.th.png

Update completed! Now click the "Objects Scan" tab
http://img585.imageshack.us/img585/9295/krd10updatesuccess.th.png

Place checkmarks in all 3 boxes given. The first two should be selected by default. When you have done this, click the Settings button as seen in the below screenshot.
http://img208.imageshack.us/img208/3396/krd10scancheckmark.th.png

Here are the settings we want you to use. Click "Apply" and then "OK"
http://img694.imageshack.us/img694/589/krd10scansettingsdisinf.th.png

Now begin scanning
http://img16.imageshack.us/img16/536/krd10startscan.th.png

When the scan completes, click the Report button.
http://img32.imageshack.us/img32/5532/krd10scancomplete.th.png

http://img11.imageshack.us/img11/8676/krd10getreport.th.png

Try to save it to a location that you can find it later and upload it here and try rebooting into Windows.

 

Here is the scan

 

Well I ran everything but had a couple problems.When I hit the update the virus definition it started then stopped and says error.I believe it is because it can't get my IP address.I tried the browser and could not get a connection and when I checked some other settings it said it could not get IP address.
Thats strange how the OTL browser worked fine though.



It gave me several pop ups that said

File C:/.../SpywareDoctor/BDT/Apdoms.dat.vir/data
Password protected

File C:/...data0008/data0150.
password protected

I almost thought there was another pop up that disappeared before I could write it down.Each pop up would appear over the other so that's why I had trouble writing them down.


Do you know why the pop ups don't appear in the scan results
Also when it quarantines items does that mean they are deleted or do we still have to do that?

 

Ok this log is basically clean. We removed everything that needed to be removed from OTLPE.

Now this error code (0x7b) is pretty generic, but so far we have ruled out that it's not a malicious driver causing it to BSOD.

The next thing I would like you to do is add another boot line to your boot.ini and then try booting from it. Later we can delete the old one if we are successful in booting from the new one. We can even rename it...

We can do this from the recovery console
So start up the XP Recovery Console again
type in:

• bootcfg /rebuild

First let me know what appears. This is important as we may not even need to add anything to this.
Do not choose to Add another Windows installation at this time!! You can safely reboot your PC without doing anything else.

I will answer your other questions when I have more time to.

 

ok so I put in bootcfg /rebuild and then it scanned all disks for windows installations

ok then it says the windows installation scan was successful
Note: these results are stored statically for this session.If the disk configuration changes during this session. in order to get an updated scan, you must first reboot the machine and then scan the disks.
Total identified Windows installs :1
(1):C:/Windows
Add installation to boot list? (Yes/No/All)

 

Hi,

Type in y for Yes.

Enter Load Identifier:
When you see this type in:

• windows xp test (press ENTER)

Next prompt is: Enter Operating System Load Options:
Type in:

• /fastdetect (press ENTER and note, the forward slash ( / ) must be there!!!)

Now type:

• exit (press ENTER)

Reboot your PC, when presented on which operating system you want to choose. You should have the following selection:

• windows xp test <--- Choose this one!
• Microsoft Windows XP Home Edition
• Microsoft Windows Recovery Console

Let me know if you still get the BSOD or not. I have a few more ideas.

 

darn, everything worked but still blue screen.
after picking windows xp test I made sure to try normal mode,safe mode and last working setting. All three blue screen

 

How comfortable are you with going into the BIOs? On Dell PCs you must press F2 at the Dell Splash screen to get into BIOs

 

Please start downloading this: UBCD for Windows v3.60 (269.34 MB)

 

Do you have your Windows XP CD by chance? We'll need it if we end up using UBCD for Windows v3.60

 

ok got it downloaded

 

yes I have the windows cd that they gave me when I got the Dell PC

 

What does it say on the CD?

 

it says

operating system
already installed on your computer
reinstallation cd
microsoft windows xp home edition
service pack 2

 

Ok that should work.
Using that CD and UBCD4WinV360.exe; Try to follow these instructions: How to Build the Ultimate Boot CD for Windows

Key note: "It is highly recommended that users copy their XP CD to their hard drive"

 

Ok downloaded program, copied XP cd folder/files to a folder in hard drive.
Went to build and burn it but as it was building it stopped before burn becuase it said 4 errors and 1 warning

Error:loadKey()failed:

Error:closHive()failed:RegUnLoadKey (key="PEBuilder.exe-C:/UBCD$WIN/BARTPE/I386?SYSTEM32/CONFIG/petmphive")return error 0: Acess is denied.

ErroreleteFile()"C\UBCD4WIN\BARTPE\I386\SYSTEM32\CONFIG\petmphive"failed

ErroreleteFile()"C\UBCD4WIN\BARTPE\I386\SYSTEM32\CONFIG\petmphive.log"failed

ErroreleteFile()"C\UBCD4WIN\BARTPE\I386\SYSTEM32\CONFIG\setuphiv"failed

ErroreleteFile()"C\UBCD4WIN\BARTPE\I386\SYSTEM32\CONFIG\setuphiv.log"failed

Warning building from an OEM version of windows can mean trouble...

 

I am not really sure why the errors happened.On the website with instructions it said I could go change settings in the plugins settings but I left it with default settings because I really didn't know what they meant.

 

You didn't do anything wrong, it just doesn't like the Dell XP OEM CD.

There is another command I would like to try from XP Recovery Console.

• bootsect /nt52 c: /mbr

Let me know if you got a successful message or not.

Ultimately I am thinking it is something to do with your Mass Storage drivers so I will need to find another way to repair these.

 

I tried the command but it was just say not recognized

 

Sorry, I should have realized that would not work from Recovery Console. It works from some WinPE environments but not others.

The below will work as I just tested it from a WinXP machine.

You will need

• A flash drive
• The OTLPENet Boot CD.
• FRST <--- download here

Place FRST.exe in the root of your flash drive. e.g: e:\FRST.exe

Now boot up OTLPE and have your flash drive with FRST.exe on it in the PC.
Open My Computer while in OTLPE.
Navigate to your flash drive and launch FRST.exe from your flash drive.
http://i646.photobucket.com/albums/uu186/farbar/FRST2.gif
Include a checkmark in List Drivers MD5
Now press the [Scan] button.
When it is finished, there will be a FRST.txt file in the root of your flash drive where the tool was run.
Attach this log to your next message.

 

everything was fine but when I run the scan I get this and it stops it

AutoItError
Line 6368 (File "D:\First.exe"):
Error:Subscript used with non-Array Variable

This happens when it is scanning
C:\Kaspersky save2


which is 3 kb, and I guess it was a one the scan logs.I tried to see if I could delete it from OTL and it can't and said cannot read from the source file or disk

 

hey let me ask you a couple things.Because the screwed up pc is the family pc they want me to take to pc to someone to look at. Who would you or the major geeks crew think would be the best option for someone like me(who just isn't that pc savy) to take the pc to? Out here in CA I guess some options are Best Buy, Frys and then smaller type shops.



Also is there any way to reinstall windows xp without losing the data,password and files? I did a google search and found stuff about how to Perform a Windows XP Repair Install without losing everything.
Would anything like that work?

Thanks

 

Not sure what this error means. Some brief search suggests permissions issues or conflicts with c:\BartPE

The tool may have been updated. You may want to try to download and run a new copy from your flash drive.

Yes, read and follow: http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/

 

For the problems I have do you think the reinstall windows xp without losing the data would be a good option or not?Also do you know if that would save my data like music/video.
Would that get rid of the blue screen?

Also is there any one I could take the pc to that you or the major geeks crew think are any good?

 

I would keep at this with you but my family is giving me hell to get the pc back to working somehow asap.
Thanks again for all the time you have put in

 

At this point I would recommend a repair installation using the Windows XP SP2 CD you have.

A repair installation does not remove any personal documents, music, pictures, videos, etc.

I do not know. I think you can manage the repair installation yourself.

 

I guess my PC is just screwed.
When it goes to find existing Windows XP installations
all that appears is the Window XPTest and not the original.
Does that mean the data or partition on my drive is too corrupted?
Or is there any way to get the original to show?


I tried to reinstall with repair the Windows XP Test but after it save the files and the restarts it says it will take 39 minutes. Five minutes in, a box pops up that says: "The file 'iaStor.sys' on Intel Matrix Storage Manager Drives is needed". Copy files from C:\Windows\Temp\iif\Winall\Driver

the mouse and keyboard freeze.


I found one other person through google that had this also.

 

No, not really. It may seem like that but anyone who knows about mass storage drivers will tell you it's far from screwed.

iaStor.sys is a mass storage driver. Remember I said this was the most likely the problem? Some of these malware infections are deleting mass storage drivers which will cause the BSOD 0x7B you are receiving.

I even had you look for some of the ones I could think of off the top of my head here with OTLPE.

Code:

/md5start
atapi.sys
intelide.sys
pciide.sys
pciidex.sys
/md5stop

The above files are all mass storage drivers and are often the ones that get deleted during malware removal or whenever you're installing a new motherboard and using the same hard drive as before (this doesn't apply to you).
I did forget about iaStor and that is my fault.

According to your MGlogs you have two of them here:

• C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\iaStor.sys
• C:\WINDOWS\system32\drivers\iaStor.sys <--- This one may have been deleted

I do not want to complicate things but all Windows Repair is asking is to point it to a location to where it can access iaStor.sys.

You can point it to C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles as the other location may be missing it.

It should not be defaulted to C:\Windows\Temp\iif\Winall\Driver

1. That's a temporary directory
2. Drivers should not even be in there

The "windows xp test" entry we created being the only one detected by Windows is interesting too. Malware authors are getting very smart. You may think you only had an internet connection problem before we started, but in fact you were still heavily infected. Some of the best malware infections nowadays are designed to leave a light footprint on your system so that you do not even notice it running.

Sorry that things did not work the way we wanted. If you have any other questions feel free to ask.

 

Let me ask you two seperate things.

I wanted to save some files to an external portable hard drive, do you if I could do that while running OTL. I was able to copy and transfer files with a USB while in OTL.

Also is there any other way besides OTL that I could get to files to copy and transfer?



What do you think my options are at this point?

Do you have any idea why the mosue and keyboard freeze so it won't let point it where to find the iaStor.sys?

 

Yes you can use OTLPE CD to transfer files.

Yes, but this one requires that you physically remove the infected hard drive (WHILE BOTH PCS ARE OFF!!) and attach it as a slave to a working computer.

Then copy/paste from there.

Sometimes it gets a bit more complicated than this.
There are other factors that come into play such as

• Does my bootable / working hard drive still have priority to boot over the infected hard drive?

• Does it only freeze here?
  • Does the PC freeze randomly if you are idle in the BIOS?
• Other factors come into play
  • Is all my hardware OK?
• The PC never freezes while it is in OTLPE?
  • If not, maybe something is wrong with my Windows XP SP2 CD? Scratches / smudges?

 

Do you think my pc is still heavily infected or if I can get the windows reinstall do think things may be ok?

 

The word that throws me off is "reinstall". I have not said anything about reinstall. I said Windows Repair. There is a difference between the two.

• A "reinstall" wipes the entire disk clean and you reinstall Windows and start from scratch. All data (docs, pics, movies, music, etc) is erased as well as all programs.
• A Repair installation will keep your programs and data in tact, the only files that are repaired are Windows related files/drivers which SHOULD in theory get your system booting again.

And no, according to your latest OTLPE log, the system is clean.

 

sorry my mistake. I meant the Windows repair.

So if I can get the windows repair to work, I should be ok?

 

That is correct.