Will not START after removal of Alureon.A with Windows Defender

Discussion in 'Malware Help (A Specialist Will Reply)' started by roving, Mar 25, 2013.

  1. roving

    roving Private E-2

    Am trying to help my better half out of a mess. HP G71-340US laptop. Windows 7 v6.1.7600. MSSec Essentials found the Alureon.A trojan. Went through complete removal procedure using Depender Offline, etc. At end of process Defender screen showed the virus and a click to Remove button. I did so, and then it showed that it had been successfully removed. After that point the comp will not complete startup process so I have no access to files, etc. Repair procedures tried to no avail. HP Recovery Manager appeared offering several options. I did 7 system restores to no avail, each ending with 'unspecified error 0x8000ffff'. Used the 'start repair' several times, but would not do the job. One option is to reinstall Win 7 to original. Want to avoid that to save files if possible, but did a backup of those as offered just in case. One option it offers is a Cmd prompt. Can that be used to help? Suggestions really appreciated! Read other's posts but not sure the can help since I essentially have no access through keyboard at this point. TIA Roving
     
    roving, Mar 25, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Very bad idea. You should have come here first and you would not be in this state now. ;) Probably greater than 99% of people who run Defender Offline to fix this kind of infection are then really offline. ;)

    Not sure we will be able to fix this now but let's give it a try.

    Please do the below so that we can boot to System Recovery Options to run a scan.

    For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    On the System Recovery Options menu you will get the following options:
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)
     
    chaslang, Mar 25, 2013
    #2
  3. roving

    roving Private E-2

    Here is the log. Thanks for your interest and assistance!
     

    Attached Files:

    roving, Mar 26, 2013
    #3
  4. roving

    roving Private E-2

    Did the Log file I attached to my previous reply offer any hope for recovery? I noticed 3 or 4 references to "irregularities" about possible infection. I found that with the Cmd prompt I can get to regedit if that will be of help. Thanks again!
     
    roving, Mar 29, 2013
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Download this >> View attachment fixlist.txt


    Save fixlist.txt to your flash drive.
    • You should now have both fixlist.txt and FRST64.exe on your flash drive.
    Now reboot back into the System Recovery Options as you did previously.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt).
    Please attach this to your next message. (See how to attach)

    Now see if you can boot into normal Windows
     
    chaslang, Apr 1, 2013
    #5
  6. roving

    roving Private E-2

    Thank you Chaslang for helping the lady out of a real jam. I started righ up after applying today's fix. Following your excellent instructions really saved my bacon as well as making the lady very happy and most appreciative to you for your fine efforts. The Fixlog.txt is attached. We both thank you very much. Roving
     

    Attached Files:

    roving, Apr 1, 2013
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Apr 3, 2013
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds