Computer Got Virus, Now Won't Boot Up

i dont have another desktop...just the laptop i'm on right now that runs vista.

can i use that with my broken computer? or will it not be compatible?

and if i need to go with the UBCD4Win disk or Ubuntu disk option...can you give me some guidance as to what that is and what i need to do.

thanks

 

I don't have much time this moring: I will check in again tonight.

Unfortunately, UBCD4Win is not possible without an XP installation CD.

Re: Linux version to download
This is one of the latest versions and very nice to use ... (I would suggest this version instead of Ubuntu)
Linux Mint 7 (700 MB download)
http://www.linuxmint.com/download.php

Ubuntu
http://www.ubuntu.com/getubuntu/download

Here is a guide that I think you could use with Mint 7, as well as Ubuntu ...
Use Ubuntu Live CD to Backup Files from Your Dead Windows Computer
http://www.howtogeek.com/howto/wind...backup-files-from-your-dead-windows-computer/

Do you have an external USB hard drive onto which you could save your data?
Do you have an external USB enclosure, into which you could place your problematic hard drive, in order to connect it to your laptop with Vista?
Do you perchance have a second hard drive in your desktop computer?

 

i dont believe i have a 2nd hard drive in my computer. i also don't have an external hard drive. however, if there's some value in buying one (or if that will save the computer), i'm open to it.

i read some of the guide to Ubuntu. this looks like a program to pull files off my computer...am i reading that right? it wont fix the computer, it will just give me access to copy the stuff on there.

 

so, im using ubuntu and now have access to all my files on the computer. i dragged a few of them to a flash drive, just so i have access to them on my laptop.

but, i know we had talked before about not getting explorer.exe to open in normal mode. is it possible to copy that file onto a flash drive, then somehow reinstall it? or, i guess on a very basic level, now that i can see all my files, is there a way to remove the problem, or deal with it?

 

That is very interesting to know: There is not too much wrong in that case. But what? How do you fix it?

My understanding of TimW's suggestion is that you should use Ubuntu to copy all your data/files from the problematic hard drive onto another hard drive or CD/DVD or flashdrive so that it is safely backed-up in anticipation of the possibility that you do not get your current operating system running again. You may then wipe the hard drive clean and re-install the operating system. That may be the quickest and easiest solution ... but for the fact that you don't have an XP installation CD.

You said: "we had talked before about not getting explorer.exe to open in normal mode. is it possible to copy that file onto a flash drive, then somehow reinstall it?"
Not being able to get explorer.exe to run is a problem. Your idea is possible, but I do not have any expectation that it would be the answer; that anything is in fact wrong with the explorer.exe file itself.

You said: "on a very basic level, now that i can see all my files, is there a way to remove the problem, or deal with it?"
I am inclined to think "Yes, there is the distinct possibility."

 

Very early in this thread, you started out to follow TimW's suggestion "How to recover from a corrupt registry" by following the instructions in a Microsoft article. That's when I entered this adventure: I gave you the choice of several options and you selected to download and use the XP Recovery Console. That didn't work and we aborted the attempt.

I would like you now to attempt the same manouver using Ubuntu.
Basically, this is equivalent to performing a "System Restore" to the most recently created Restore Point, normally done from within Windows itself. It is called an "off-line" System Restore.

Step 1
Using Ubuntu, navigate to
C:\WINDOWS\system32\config directory.

Change the name of each of the following files, by adding .old to the end of the file-name.
default
sam
security
software
system

... so that they now look like this ...
default.old
sam.old
security.old
software.old
system.old
------------------------------

Step 2
Using Ubuntu, navigate to
C:\System Volume Information\_restore{long set of numbers & letters}\RPchoose the highest number\

and then
C:\System Volume Information\_restore{long set of numbers & letters}\RPchoose the highest number\snapshot directory

Copy each of the following files
_REGISTRY_MACHINE_SAM
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_SOFTWARE
_REGISTRY_MACHINE_SYSTEM
_REGISTRY_MACHINE_.DEFAULT

and paste into the C:\WINDOWS\system32\config directory.
Now change the file-names, by removing "_REGISTRY_MACHINE_" (and in the case of "DEFAULT", remove the dot preceding "DEFAULT" so that the relevant files within the C:\WINDOWS\system32\config directory look like this
DEFAULT
SAM
SECURITY
SOFTWARE
SYSTEM
-----------------------

Now exit from Ubuntu and remove the CD from the drive bay.
Start your system normally. Does Windows load successfully?

 

im hoping all these good signs eventually pay off...im starting to feel better about it.

i went through step 1 without any issues.

step 2, on the other hand, isn't working. i went to the c:\system volume information folder, and there are only 2 things in it. a file called "MountPointManagerRemoteDatabase" and a file called "tracking.log". so the registry files i was looking for arent there.

i do have one other question. next to that folder in the c: is a folder called Qoobox. there are also folders named 32788R22FWJFW and fsaua.data.

those don't sound like my programs and when i search them in google, it looks like they are virus files/folders. any ideas?

 

Re: Qoobox
Apparently you have been using ComboFix: Qoobox is the ComboFix "vault".
Did your current predicament arise immediately after running ComboFix, by any chance? There is a good chance that it did!

You said: "there are also folders named 32788R22FWJFW and fsaua.data."
It is not clear from your post, but I am guessing that these two folders are contained within the Qoobox folder. Is that correct? I am not entirely sure, but both these appear to be related to your use of "cleaning" tools, and nothing for you to be concerned about. Please leave all these alone for the moment, so as not to confuse the issue.
-----------------------------

You said: "step 2, on the other hand, isn't working. i went to the c:\system volume information folder, and there are only 2 things in it. a file called "MountPointManagerRemoteDatabase" and a file called "tracking.log". so the registry files i was looking for arent there."
Apparently you have no System Restore points saved. Did you turn OFF System Restore at some time?
-------------------------

If you have no System Restore points, and you have no other form of registry backups, we are going to have to abort this attempt. Please REVERSE the changes that you have made in Step 1. Please comfirm that you have done this.
-----------------------

Please provide details of what you referred to in your first post, namely "Last week, my computer picked up a virus. ........... I went through my normal steps to get rid of it (running clean-up programs, removing files, etc)."

 

it seemed like we were so close to a breakthrough...then 1 step forward and 2 steps back.

i'll leave those folders alone. all 3 of those were separate folders in the c:.

i have no recollection about turning system restore off. in fact, im not even sure i would know how to do that. but, clearly, for whatever reason, there are no save points. so i'll go back in and change the names on those files to get rid of the .old.

as for the history of this problem...its tough to remember all the details (its been a couple of weeks). let me see if i can recap. a couple months ago, i had some sort of bug on the computer. i used several message boards and fixed it using a combination of programs (ccleaner, hijackthis, adaware, spybot, etc, and, yes, at some point, combofix, which did help fix the problem).

then, a couple weeks ago, i had another bug. i went through with the cleaners (not combofix) and got rid of some stuff. but part of using the cleaners and the advice from message boards involved restarting the computer. and during one of those restarts, it wouldnt boot up.

i know that was incredibly vague, but like i said, its been awhile since this happened, and i didn't document all the details, because, quite honestly, i fixed things and moved on.

because i have access to the files on my computer, is it possible to download an anti-virus program or cleaner to my laptop, transfer it to the desktop, and run it? or can i run one of the programs already on my desktop? just trying to think of something.

 

Using Ubuntu, please navigate to

C:\WINDOWS

and check that "explorer.exe" is present within the WINDOWS directory. What is the size of the "explorer.exe" file?

 

alright...in the c:\windows, there is a file named explorer.exe

its size is 1009.5 KB

 

Please try this ...
Start Windows > Safe Mode > Admin account
Ctrl+Shift+Esc > Task Manager
Highlight process WRSSSDK.exe (SpySweeper)
Click on "End Process"

Now try to start Explorer ....
Applications tab > New Task > type "explorer.exe" and press ENTER key.

Do you see the same message "Windows cannot access the specified device, path, or file. ........... "?

 

yep, got the same "Windows cannot access the specified file..." message

 

Please try this ..
Using Ubuntu, navigate to
C:\WINDOWS\explorer.exe

Copy the file "explorer.exe" and paste a new copy in the same folder and re-name it "aaa.exe".
Exit from Ubuntu and remove the CD.

Now try to start Explorer, using the file "aaa.exe" ....
Start Windows > Safe Mode > Admin account > Ctrl+Shift+Esc > Task Manager
Applications tab > New Task > type "aaa.exe" and press ENTER key.

What happens?
Do you see a Windows Explorer window, and are you able to browse your entire computer file system?
Is the Task Bar/Start button missing?

 

If the foregoing procedure is successful ...

Check that you can access the internet using Safe Mode with networking ...
Start Windows > Safe Mode with networking > Admin account > Ctrl+Shift+Esc > Task Manager
Applications tab > New Task > type "aaa.exe" and press ENTER key.
================

If the foregoing procedures are successful and you are able to use Safe Mode with networking successfully, I see that you then may have the following options to consider:

1. System recovery using the DELL hidden partition.
Use Dell PC Restore by Symantec only as the last method to restore your operating system.
PC Restore restores your hard drive to the operating state it was in when you purchased the computer.

Dell Dimension E510: Service Manual (&/or Owner's Manual)
http://support.dell.com/support/edocs/SYSTEMS/dimE510/
specifically see the following ....
a) Using Dell PC Restore ..... page 55.
NOTE: Dell PC Restore by Symantec is not available in all countries or on all computers.
OR
b) Using the Operating System CD, Reinstalling Windows XP ... page 57.
Contact Dell and request XP recovery CDs if the partition was not originally present, no longer exists or cannot be accessed.
---------

*You cannot be assisted in this forum with regard to specific procedures involving malware removal, according to the rules of the MajorGeeks Forums: That can only take place within the MajorGeeks Malware Removal Forum because of the inherent dangers involved, and the complex and ever-changing development of malware.

2. Malware removal: Use Safe Mode with Networking
MajorGeeks Malware Removal Forum
http://forums.majorgeeks.com/forumdisplay.php?f=35
There is probably some time to wait for assistance, since the malware removal forums everywhere are stretched to the limit. Be sure to read and follow the instructions:
READ & RUN ME FIRST. Malware Removal Guide
http://forums.majorgeeks.com/showthread.php?t=35407

Should you choose to "go it alone", then it is as always, at your own risk.

3. Malware removal: Use a bootable "rescue disk" .... select one or more ...

Avira AntiVir Rescue System
http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html

Dr.Web LiveCD
ftp://ftp.drweb.com/pub/drweb/livecd/
review: http://www.raymond.cc/blog/archives...an-and-remove-virus-without-starting-windows/

BitDefender 2009 Rescue Disk CD
http://download.bitdefender.com/rescue_cd/

Kaspersky Rescue CD
http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/

Panda SafeCD 3.4.3.5
http://research.pandasecurity.com/archive/Panda-SafeCD-3.4.3.5-Released.aspx

FREE Bootable AntiVirus Rescue CDs Download List
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

 

so i copied and renamed the file aaa.exe. when i booted up in safe mode and typed it in, it worked and i could see all my files in the windows explorer window.

then, i rebooted into safe mode with networking and was also able to start aaa.exe. i navigated to the internet explorer folder and was able to open that as well and use the internet.

so, at this point, it seems like i just need to get rid of whatever bugs are on my computer. and if that's the case, i need to move to the malware forum. am i right? if so, you have been amazing and a fantastic help and i cannot thank you enough

 

That is exactly what I am thinking.

I just had a quick check on activity in the Malware Removal Forum and it would seem you might be in luck here too: You may have a waiting time of only 2 days .... with a bit of luck.

Glad we could get this far, at least. It has been a pleasure working with you.
Take care and good luck

PS It may be helpful if you include a link to this thread when you first post in the Malware Removal Forum.

 

thanks again

i started a thread on the malware page - http://forums.majorgeeks.com/showthread.php?t=201799

I tried following the instructions, but because im in safe mode, under an admin acct, and basically forcing explorer to start, it wouldn't let me do much. hopefully someone over there can help me out.

thanks again for all your help in getting me to this point

 

I am extremely pleased and relieved to have been able to get you to this point: There is hope yet!

I realised that you would have considerable trouble performing the "READ AND RUN ME" steps. I could have/should have offered a little more guidance with that before sending you off on your lonesome.

The Malware Removal Forum helpers will be aware of your difficult circumstances. They will take care of you from now on and request what they need, and tell you how to go about doing it.

I will follow your new thread with interest.
Good luck.