BSOD problems

Welcome to Major Geeks!

You have a Master Boot Record infection. We will need to boot to the Recovery Console to remove this infection. You will need your Windows XP boot CD.

Now boot to the Recovery Console and run the fixmbrto clear a Master Boot Record infection that you have.

You can read the below to help you do this:

http://support.microsoft.com/kb/307654


After running the fixmbr command and boot back to normal mode, continue with the below. Don't bother doing any of the below until you have run fixmbr as the below will be a waste of time until fixmbr has run.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\TEMP
C:\Documents and Settings\Kyle\Local Settings\temp

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You need to be able to boot from the CD. The installed version of the RC is no good for this infection. If you cannot get to the RC from your CD then you have other issues and will need to work them with the manufacturer (as you suggested) or in the Software/Hardware Forum. Is your CD and original Windows CD? Do you have any strange harddisk partitioning or special drivers needed to run your system?

You better check out all of those \\Rnm-xp1\BENIVEY and similar networked systems too for malware.

 

Your new MGlogs.zip file is incomplete. Please run GetLogs.bat again and make sure you let it finish running. Then attach the new log so we can be sure the infection was really removed.

 

Let's continue with your MBR infection cleanup. We have some more to do.

Now download and run the newest MGtools which was just updated. Just download and run it. I don't want you to attach a log right now. We just need the new program installed before we can do the below.

Now run the C:\MGtools\hafix.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). When it finishes, it will pause, take note of any error message before hitting a key and then hit any key to close the command prompt window.

Now REBOOT your PC.

After reboot run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the new C:\MGlogs.zip file

Make sure you tell me how things are working now!

​

 

I'm extremely sorry about this! :-o Not sure what went wrong but this automated fix some how lost information and deleted the wrong folders instead of the HelpAssistant user account only. I'm try to see if there is any file recover software that could possibly be used to help recover the deleted info. Not sure if this will work. In the meantime it would be best not to install/run any addition sofware on the PC ( if that is even possible now) since it would make recovery more difficult.

 

However if you can install anything, see if the below will run:

Recuva (Slim)

Choose to recovery all the possible File types and then on the File location form select the option In a specific location and then click the Browse button and select C:\Documents and Settings

See if this can recover anything.

​

 

You're welcome. Again I'm very sorry about the problems this caused. It rarely happens, but procedures for new types of malware problems sometime result in problems even though we try our best to debug them before posting.

Make sure to check this out: How to Protect yourself from malware!