Boot issues/ransomware

Hi there.

What operating system is this please?

 

http://img827.imageshack.us/img827/1263/frst.gif For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
• Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)

 

Where I have bolded out the type, do you not see that "repair your computer" anywhere?

 

Some pictures that may help:

http://www.sevenforums.com/tutorials/666-advanced-boot-options.html

 

Thanks Chas, nice link.

 

So you do not see the Advanced Boot Options screen? :confused (under step 3 of chas' link)

 

It means the Recovery Environment was not installed on this PC. A Windows 7 Boot DVD will be needed or possibly the Kaspersky CD can be used as with Win XP.

 

Try this and let us know how you get on:

Kaspersky Windows unlocker.

 

Seeking advice. Hang in there.

 

One thing you could try would be to slave the hard disk onto another PC and see if any of the scans can find anything. This could also serve to allow important data to be backed up since you could be heading towards a reinstall/reimage.

 

Check this disk to see if you can boot from it. If not, do you have a friend with a WIn 7 Boot DVD?

 

You need to get a real Windows 7 Boot DVD from a friend if they have one so that you can see things like in the below:

http://www.sevenforums.com/tutorials/668-system-recovery-options.html


If your discs are not the correct ones, find a friend with a Windows 7 x64 PC and create the disc as in the below to try it to get to the Recovery Options screen:

http://pcsupport.about.com/od/windows7/ht/system-repair-disc-windows-7.htm



Your other choice would be to reinstall but if you do not have anything but an upgade disk, you may have to reinstall Vista ( if you have full reinstall disks for it or the factory recovery disks ) and then upgrade to Win 7 again.

 

Sorry but it does not look like we are going to be able to help you! Your problems are beyond malware. If you cannot even boot up the Windows DVD then something is physically wrong with either your mother board or your DVD drive. Booting the Windows DVD does not boot to Windows. It should boot you from the DVD to the type of screens we linked you to previously. If you are not getting those screens then perhaps you are not booting from the DVD but rather are still trying to boot from your hard disk.

Are you 100% sure that you changed the BIOS boot order to boot from CD first and that you are booting from the DVD? If yes then you should either request help in the Software Forum for problems with this or you should just bite the bullet and reinstall from scratch. Not sure if you can even do that though if your DVD drive does not work properly. Perhaps you have a Factory Recovery partition on your hard disk that you can reimiage your drive from ( assuming your hard disk has not failed ).

 

Yes this is something we will sometimes recommend to people if we know they have another PC and have the ability/knowledge to slave the drive into another PC.

No! You are running as the user Jake who is a member of the administrator user group which is not the samething.

Can be quite normal for the permissions in Windows 7. Sometimes you cannot download directly to the root folder, but you can download to the Desktop which is why our procedures also give you this option.

Not a topic for this forum as it is not a malware problem. Try uninstalling and then reinstalling iTunes. If that does not help, please post in the Software Forum.

You have a little bit of junkware to remove.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

 

Looks good.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!