system wont boot

Discussion in 'Malware Help (A Specialist Will Reply)' started by offthefront, Apr 15, 2008.

  1. offthefront

    offthefront Private E-2

    Greetings ..... I did a search on Sunday nite for a boat part and when I went to one of the sites a window poped up ( pop up blocker on) saying that I could have a Virus and to click here to repair it (sumpthin like That) ...It was not my antivirus software but one of those popups that tries to get you to go its site and buy its antivirus software ....Anyway I just closed the window...I think that was the last thing I did sunday night .... I shut the computer down and went to bed ....Monday morning I discovered the PC did not shut down and I had 100's of those windows .... I finally had to hit power button to shut it down ..... Now the PC will not boot to windows ...just boots over and over again ....no error messages ...like a loop .... I tried system restore from the windows XP disk and it doesnt work ...or repair winows wont do it either .... I bought one of the window repair sofware ..one of your advertisers and when it tries to repair windows it sez no windows found ...any sujestions? thanks ....
     
    offthefront, Apr 15, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm moving this to the Software Forum where it is more appropriate at this point. We can help you remove malware in the Malware Forum, but PCs that cannot be booted and that do not respond to a Windows Repair, are not issues for the Malware Forum.

    I would expect that your first step would probably be what is in the below link. But you can see what others in the Software Forum think.

    How to recover from a corrupted registry that prevents Windows XP from starting
     
    chaslang, Apr 16, 2008
    #2
  3. offthefront

    offthefront Private E-2

    Actually I took my PC to work tonite and Finally got it to boot and McAfee found a trojan "Vundo" ... I tried a McAfee scan and while it has not detected it on a "scan" the McAfee real time keeps poping up but says it cant quarantine it and has to remove it and wants to reboot each time ... after a gazillion times obivious it cant remove it ...So I will try the "read and run me first" .... I guess it will be tomorrow though ..here at work everything with a DL is blocked ... :( ....will post results ... should I try " vundofix by atribune" first ? thanks .....mike
     
    offthefront, Apr 16, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay so if your PC is really bootable, and you have malware then you need to do the below.

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide


    Note: I have moved this thread back to the Malware Forum since you say that you can boot now.
     
    chaslang, Apr 17, 2008
    #4
  5. offthefront

    offthefront Private E-2

    OK Jumped thru all the hoops and it works great !!!!! everything seems ok ... actually seems faster than before .... I do get 2 errors on startup .....


    Any fixes for those?


    I have attached the logs except for the MGLogs.zip file ? I cannot find it .. even a search did not produce it ....
     

    Attached Files:

    offthefront, Apr 17, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The MGlogs.zip file is in your root folder of dirve C. That is, you should see C:\MGlogs.zip file

    We need this log to continue.
     
    chaslang, Apr 18, 2008
    #6
  7. offthefront

    offthefront Private E-2

    Chas .... I looked again for MGLogs.zip and also for the individual files named runkeys.txt, newfiles.txt and GetUnKey.txt. ...no where .... so I ran MGTools again and now it is there ....could be in all the confusion it was never run ...But I have never done the wrong thing before ...:D

    So now it is attached ... dont know if it matters after the fact or out of sync ....... m
     

    Attached Files:

    offthefront, Apr 18, 2008
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Uninstall the below old versions of software (requested in the READ ME):
    J2SE Runtime Environment 5.0 Update 11
    Java 2 Runtime Environment, SE v1.4.2_04
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) SE Runtime Environment 6 Update 1
    Viewpoint Manager (Remove Only) <-- should have been uninstalled in step 0 of the READ ME
    Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME
    Web Savings from Ebates <-- should have been uninstalled in step 0 of the READ ME

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {599C1190-AC7A-4753-BB18-4810A5E10E08} - C:\WINNT\system32\pmnoNHWM.dll (file missing)
    O2 - BHO: (no name) - {8DF1951B-7504-4D5B-952C-DEC0112266EF} - C:\WINNT\system32\byXRkLCr.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [1471e4cd] rundll32.exe "C:\WINNT\system32\fwwboajj.dll",b
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: Product Registration.lnk = D:\Construction2.exe
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.32.21/ttinst.cab.

    After clicking Fix, exit HJT.

    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 19, 2008
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds