Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Computer was attacked by antimalware doctor/security suite malware/computer wont boot

This is a discussion on Computer was attacked by antimalware doctor/security suite malware/computer wont boot within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi there, earlier today i was working on some video footage. I had went downstairs for an hour i came


Closed Thread
 
Thread Tools Search this Thread
Old 08-27-2010, 07:27 PM   #1
Registered Member
 
Join Date: Aug 2010
Posts: 7
OS: XP SP3



Hi there, earlier today i was working on some video footage. I had went downstairs for an hour i came up and i had all these anti virus pop ups flashing all over my screen. i dont know how they got on there as i scan my computer every 2 days. The only possible reason i can think of is visiting The Pirate Bay.org. I tried opening task manager but the software keeps closing it. No matter what i tried the software would tell my system not to open it. I tried restarting the computer but when it gets onto the windows loading screen it flashes a blue screen then resets and this continually happens. I tried safe mode and last safe config, it still happens.

Some of the malware i saw:

Anti Malware doctor
Security suite

and some more.

I cannot use my DVD drive as it doesnt work so my only option is to do some via USB stick.. Is there any other way? please help.

How can i fix this without having to use a DVD drive and formatting / recovery console?

Thanks.

Need this help urgently.
ldeleted 6789 is offline  
Sponsored Links
Advertisement
 
Old 08-29-2010, 07:31 PM   #2
Registered Member
 
Join Date: Aug 2010
Posts: 7
OS: XP SP3



bump!
ldeleted 6789 is offline  
Old 08-31-2010, 02:56 PM   #3
Registered Member
 
Join Date: Aug 2010
Posts: 7
OS: XP SP3



Bump.. Anyone?
ldeleted 6789 is offline  
Sponsored Links
Advertisement
 
Old 09-12-2010, 08:19 PM   #4
Registered Member
 
Join Date: Aug 2010
Posts: 7
OS: XP SP3



wow. bump
ldeleted 6789 is offline  
Old 09-13-2010, 05:56 AM   #5
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello Joeygfx,

Without a DVD or CDrom drive, you're asking for quite a lot. Does this computer support booting from a usb? If it doesn't, the usb would not be of any use. Do you have the Windows install disk? The Windows install disk will be necessary to create a working Windows environment.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-13-2010, 04:47 PM   #6
Registered Member
 
Join Date: Aug 2010
Posts: 7
OS: XP SP3



Hey, i've just ordered a new DVD drive and hopefully it arrives soon. Whats the procedure to curing this ?
ldeleted 6789 is offline  
Old 09-13-2010, 10:03 PM   #7
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Excellent. I'll have a better idea of the most efficient way to proceed if you can get me the bsod error code. Restart the machine and tap F8 to get the Advanced Menu. Select 'Disable auto restart' and press enter. The machine will proceed as usual to boot Windows, then at logon screen it should bsod for you and halt there. Write down the stop error code, and post that here, please. :)
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-14-2010, 08:52 AM   #8
Registered Member
 
Join Date: Aug 2010
Posts: 7
OS: XP SP3





Stop: 0x0000007B (0xB84C3524, 0xC0000034, 0X00000000 0X00000000)

There you go.
ldeleted 6789 is offline  
Old 09-14-2010, 09:27 PM   #9
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. Given your initial description, the malware you did cite for me, along with this bsod gives me a good idea of what I'm after. These instructions will seem overwhelming, but it's not as difficult as it looks - it's merely detailed.

You'll need a blank CD for this next set of instructions. Please download the Ultimate Boot CD for Windows. In the left side panel of that webpage, click 'How to Build' for step by step instructions to create this boot disk.

Please note: If your XP install disc is SP1 then please do the following:
  • Disable DComLaunch Service
  • Enable- LargeIDE Fix

This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections


Also note: If you have a Dell XP install disc you will need to follow the instructions here https://www.ubcd4win.com/faq.htm#dell


=============================

Next........

From your working computer, download OTLPE.zip and save it to a flash drive.


Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

==========

Plug your flash drive into the infected computer.

==========

Ensure the infected computer is set to boot from DVD/CDRom drive first, hard drive second.

Insert the UBCD4Win disc in to one of your CD/DVD drives and restart your computer.

The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
  • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support? Click on Yes if you want to use the PE environment to get online to post your log
You should now have a desktop that looks like this:

==========

Single click My computer from your UBCD4W desktop to navigate to the OTLPE folder that you saved to your flash drive.

Open the OTLPE folder and double click Start.cmd.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTLPE should now start

    Change the following settings
    • Change Services, Drivers, Standard and Extra Registry to All

  • Copy and Paste the following code into the textbox. Do not include the word "Code"

    Code:
    /md5start
    userinit.exe
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    CREATERESTOREPOINT
  • Push
  • A report will open. Save that log to your flash drive. Copy and Paste that report in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-15-2010, 09:00 AM   #10
Registered Member
 
Join Date: Aug 2010
Posts: 7
OS: XP SP3



Hey, i will do this shortly but i was wondering if i could possibly partition it and then install a fresh copy of windows or completely reformat my computer as i am willing to let go of whats stored on my computer since the majority is software and not work.
ldeleted 6789 is offline  
Old 09-15-2010, 02:07 PM   #11
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Yes, indeed. Although I wouldn't partition and install alongside as I can't see a reason to leave the infected OS on there unless you intend to fix it.

Certainly a format and fresh install of the OS is your safest and quickest way to ensure the machine is clean going forward.

If you'd still like to try to get it working, post the log and I can take it from there.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:40 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts