Issue with Malware - Boot Loop

ryank007 · Jun 6, 2014

Hello, let me first thank you all in advance for any help you can provide! Now, for the meaty part...

My father-in-law is kicking himself for clicking on an attachment that caused his machine to become infected. The computer runs Win7 x64 Home. After the infection and subsequent reboot, Windows just constantly reboots after a glimpse of the Windows 7 boot screen. He immediately let me know, and I began my usual procedure for cleaning.

I took out his physical hard drive, connected via USB to a clean computer, and ran a full MBAM scan. The log came back with 5 infections: 4 separate Trojan.Agent.ED infections, and a ShopAtHome "unwanted program". I let MBAM quarantine / delete, and I re-installed the hard drive back into his tower.

However, Windows still would not boot. It would eventually get to the Windows Error Recovery screen after failing a couple of times, and I choose "Launch Startup Repair". The automated Startup Repair will not fix the problem, so then the "HP Recovery Manager" takes over. I was able to get to the Microsoft System Restore utility through this method, but I've tried restoring to a couple of different times (all before the infection, of course), System Restore completes successfully, but Windows still will not boot.

I have been able to F8 it on startup and get to Advanced Boot Options, but it will not boot into Safe Mode, either (just like a normal boot, you get a glimpse of the first driver loading, then it reboots). I haven't tried any other options from the Advanced Boot Options.

I'm kind of at the end of my rope here. My father-in-law has a lot of data that would be bad to lose (related to his business), so I really don't want to do a wipe/reinstall.

Again, I really appreciate any help you all can provide!

Thanks,
Ryan

chaslang · Jun 6, 2014

Welcome to Major Geeks!

This may be outside the realm of malware removal at this point but let's see if we can get the below to run and if we can find any obvious issues.

Please do the below so that we can boot to System Recovery Options to run a scan.

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options from the Advanced Boot Options:

Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

Use the arrow keys to select the Repair your computer menu item.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Click to expand...

Select Command Prompt

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)

Log in or Sign up

Issue with Malware - Boot Loop

ryank007 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member