HELP: Computer not starting after running Norton Power Eraser

Hi,

I was getting browser redirects. I ran both Norton 360 and Microsoft Security Essentials. Tried an earlier restore point. Nothing fixed the issue. I tried the Norton Power Eraser for the first time. I think it detected a couple of files (I wish I had saved them). I oked the Remove and Repair Option. From that point on, computer would not start up. I tried the Norton Bootable Recovery Tool and that did not help either. I called Norton and they told me to re-install Windows 7. My computer is a Sony Vaio running on Windows 7. I desperately need your help to restart my computer, so i do not loose some critical documents. PLEASE HELP !!!!!!!!!!!!!!

 

Hi and welcome to Major Geeks, LAX!

http://img827.imageshack.us/img827/1263/frst.gif For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
• Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)

 

Hello,

Thanks much for responding to me quickly. I am attaching the file for your review.

Thanks.

 

No problem. This should do the trick.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

• Save fixlist.txt to your flash drive.
• You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now attempt to boot normally.

If you were able to boot normally and still need help removing malware, follow this guide: How to Remove TrojanOS/Alureon.A

 

I will follow your instructions and get back to you shortly. Appreciate your speedy response

 

Hi, how long will the Fix option run? It seems to be taking a while....Please let me know. Thanks.

 

It should not take long (under a minute).

I have attached another fixlist.txt for you to try.

Replace your existing fixlist.txt with this new one and try to run FRST -> Fix again.

 

Ok, I will try the new one. The other one seems to be running for more than an hour now.

 

I have attached the log from the second run. Please let me know what I should do next? Thanks.

 

Are you able to boot into Windows? Remove the flash drive and try booting.

 

Hello,
Yes, the computer booted normally. You are marvellous!!!!!!!!. Absolutely awesome!! Indeed a super malware fighter. To he honest, I have never been tempted to join any forum before, but after I came across MajorGeeks, was in awe of the superbly talented folks providing solutions to novices like me in this forum. I will be sure to use this forum and seek expert advice before I run any tools that could damage my computer. I learnt a lot technically in the last few days. Did some critical system file get deleted when I ran NPE? Did the fix you sent me also remove any trojans and also set back my bios to default? I had enabled bios to jump start off my flash drive. But after I applied your fix, I noticed I did not have to go back and change the bios to its default.

I checked browser. It does not appear to be re-directing for now. I am able to connect to internet and check my mails. My docs seem to be intact. Should I be doing any other checks?

Some technical questions (only if you have some spare cycles):
1. In the future, if i suspect virus or malware and if Norton 360 or Microsoft Essentials does not resolve my issue, what should I do? What is the best tool to remove Trojans and any other virus?

2. What backup practices should I follow for system recovery (i only backup docs and pictures today)? How do I backup my entire system to an external disk?

Again, thanks much. If there is a place in the forum to convey my feedback, I will be glad to do so.

Thanks,
LAX

 

I'm glad to hear that and thank you for your kind words

No, it just failed to fully remove the infection (TDL4 rootkit) you had.

I did remove a couple of infected files but I didn't do anything to change your BIOS boot order.

Yes as there are quite often minor traces left. See: How to Remove TrojanOS/Alureon.A

There is no "best tool" for everything. Each tool has its strengths and weaknesses.

I use Norton Ghost for this, although I'm sure there are some equally good / free alternatives.

You're welcome.
We do not have a designated forum for this but if you wanted to give feedback I think the Lounge would be most appropriate for this.

__

If you go through the How to Remove TrojanOS/Alureon.A thread I will review those logs as well.

Otherwise, surf safely!