Trojan horse, and other things

Bear with me on this because the under story about how moderators treat members is as important as the virus itself; maybe even more so.

I got this Trojan horse notice from LavaSofts Ad-Aware free on an old (8 yo or so) Gateway XP laptop. This was on May 16th 2011

Ad-Aware quarantined it. On reboot i got a message "Can not find: ( C/WINDOWS/irobovisidu.dll  )   

[ on some level we know that other problems may exist as a consequence of the invasion or perhaps for other unrelated reasons. i would like to talk about this thought and or idea, in a different forum....i'm open to suggestions about which forum might be best for that discussion]

I asked in a different help forum about this "irobovisidu.dll" message.

(  i forgot which forum evil fantasy belonged to and in fact thought that he belong to both of them so it was he who i was hoping to find since he had successfully helped me in the past.../ in any event i posted in the other forum and have stuck with them until today when i decided to ask here, present what has happened there and hope to get an answer to the question about the crashed computer and about forum protocols on behavior/etiquette ) 

On the irobovisdu.dll message The explanation and advice that I got was: " Its not unusual to receive such an error after using specialized fix tools. Download autorun, find the file, remove it and reboot. That worked well. It was also suggested to run ESET OnlineScan.

I tried to convey two other pieces of what i thought were important. 1 all programs intended to remove or fix threat problems took hours to run.
and 2
In full scan mode the computer always blue screened at about 80%

So several members chimed in but evil fantasy seemed not to be there. There was a long list of programs suggested to fix my ills. Every one suggested running in full scan mode and to post the log. Some people even mentioned that it might take a long time so be patient. Good advice. However, when none of the suggested programs would finish in full mode; there are no logs. i kept repeating this fact....

Almost every day i would invest the time to read the feedback, try to run the programs again exactly as i was told to. Everyday the computer blue screened during full scan.

i recalled Evil Fantasy had me run several of the programs that he had suggested for a different issue on a different computer to run in Safe Mode with networking. So while waiting for someone to reply to my post I ran a current updated version of superantispyware in Smart mode with a normal boot, it found 168 threats and eliminated them. Then i rebooted in Safe Mode with networking and ran a current updated version of DrWeb It ran for 9 hours and 22 mins. It found 6 or 7 issues. It moved them instead of removing them. But the DrWeb window would not close. DrWeb runs with that veil over the whole desktop so i couldn't restart the computer or shut it down. CtrlAltDel did not work. i held down the on/off button. It went through the motions to rebooting and came back to the black safe mode choices window. I tried rebooting using all of the choice since it seemed to be on a loop so no matter which action i chose it kept coming back to the choice window.

i posted a new post about not booting. A moderator replied for the first time and pulled my post for not following instruction and in particular not posting any of the FULL logs. i went back and re-read all of my posts and replies noticing that i kept saying No Logs because the programs quit before they finish. That post was June 14th. It wasn't until yesterday that a more senior moderator reopened the post. Nine days to get back to the issue of not booting and now i get the feeling that i'm the one perceived as something less than the ideal member.

i have always been grateful, thankful, and amazed at how admirable these help forums are...when i found some extra money i donated.

Now, with this issue, all i want to do is have access to my files. If i can get to them by pulling the hard drive and mounting it in a USB case then i will be pleased and thankful again to know the answer to that question and if there are certain things i need to do in order to do that then i am all ears.

If i posted in the wrong place then it's perfectly fine to move my post. If someone wants to help me reboot ( no OS CD with this purchased new Gateway; just a recovery D drive ) i will be grateful for that help also. It is now important to note how important it is to get to my file and remind my friends here at ComputerHope that i have invested 100's of hours already and as admirable and wonderful, and helpful and "free" the help is in these forums I would say that we should not lose our humanity and punish a member who is unable for some reason to get or do what is suggested. If you want to see an example of what i mean and my exchange with Evil Fantasy is still part of CH archive check it out. He worked with me for days until everything was right. It was shortly after that that i made my first donation.

Am i off base with this notion of civility while being helpful?

Best Regards,

Krypt

[Moderator]

I'm sorry, but is there a question here?

2 questions and a story about how it came to this point.

1 Can i get to my documents and contacts by mounting the hard drive externally/usb connection?

2 And is it unrealistic to expect a civility from the staff?

[Moderator]

Question two first - of course not. We all tend to get our feathers ruffled once in a while and I'm as guilty of that as anyone else. But absent abuse our outright rudeness from the original poster, our goal should always be to attempt to provide a courteous response and intelligent assistance. And even in the face of rudeness it isn't always necessary to respond in kind (something I continue to work on personally).

As for your first question, sure ----- as long as they aren't infected.

i forgot which forum evil fantasy belonged to

He's on quite a few. He hasn't been visibly active here for a while. (don't know about any of the others, or whether he is on the forum you posted).

in any event i posted in the other forum and have stuck with them until today when i decided to ask here, present what has happened there and hope to get an answer to the question about the crashed computer and about forum protocols on behavior/etiquette

Ahh... OK... first time I read through your post I thought you were referring to posts/threads here, but I couldn't find any posts/threads by you on CH that were related to what you were describing.

On the irobovisdu.dll message The explanation and advice that I got was: " Its not unusual to receive such an error after using specialized fix tools. Download autorun, find the file, remove it and reboot. That worked well. It was also suggested to run ESET OnlineScan.

full scan mode the computer always blue screened at about 80%

Is full scan mode an eset OnlineScan thing? (not sure if this other forum thread is still open, if so you might want to give them some information about the details of the bluescreen, which you can  get via BlueScreenView.

So several members chimed in but evil fantasy seemed not to be there.

Just to recap- I have no idea exactly which Forums EF is a member of, but I know he is a member on several. I also know that he hasn't been visibly active on this one for quite a while. He may simply be "AFK" due to priorities.


 

Every one suggested running in full scan mode and to post the log.

What the heck is "Full Scan mode"? Is that running in Normal Mode (Not safe mode)?

Well, anyway, that's beyond the scope of your problem now, I suppose.


As for the other forum, it may have been a misunderstanding. Or, also likely- the help forum was more "open".

Here, for example, only certain members are supposed to help with malware issues. What it sounds like, is the other forum (whatever it was) didn't have a similar rule and everybody can offer their advice. This results in advice from a wide range of skill levels and it's impossible to tell (from the perspective of somebody seeking help) which members actually know what they are talking about, and which ones are, for lack of a better term, blowhards. Anyway,  going by your account of what happened there I would say it's one of those Computer Help forums that is more concerned about enforcing rules than actually providing the help those rules are supposed to guide. That, and they  might have had less than stellar reading comprehension and missed the eleventy bajillion times you noted you couldn't get the requested logs.

So anyways, on to your issue:

all i want to do is have access to my files. If i can get to them by pulling the hard drive and mounting it in a USB case then i will be pleased and thankful again to know the answer to that question and if there are certain things i need to do in order to do that then i am all ears.

If I understand you correctly, as it is now, your computer simply refuses to boot into any mode, and instantly returns to the "boot options" screen?

-First you can try to get to your data via the external drive method. I've done this myself a few times. The only caveats can involve ownership of files, but that depends on the OS you are using to copy.

-you note you don't have the OS CD; as is being highlighted by your current situation- these are important and can get you out of situations exactly like this, or at least present more options for that. Obviously this is preaching to the choir at this point, but I feel it is worth noting. If you know anybody who has a standard Windows XP CD of the same SP level that you have installed (although I've personally had success using a SP2 CD with SP3 installed (I did have to reinstall SP3 afterwards to get everything consistent) you can use that as well. The purpose of acquiring such a disk would be to perform a Repair Install, instructions for which you can find here. Make sure it's not a recovery CD, of course.

Naturally your other option would be to use the former option, copy the data from the drive to some other drive or storage device, and then run the recovery partition to restore everything.

Having the OS drive as an external and trying to copy files can sometimes give you weird permissions issues. Personally I haven't encountered such problems, but they definitely do occur. The solution is usually to "take ownership" of the files on the disk. With Windows XP, the details for doing that can be found here.

Question two first - of course not. We all tend to get our feathers ruffled once in a while and I'm as guilty of that as anyone else. But absent abuse our outright rudeness from the original poster, our goal should always be to attempt to provide a courteous response and intelligent assistance. And even in the face of rudeness it isn't always necessary to respond in kind (something I continue to work on personally).

As for your first question, sure ----- as long as they aren't infected.

Thanks Allan for you considerate reply.

It is unknown if the Gateway laptop with the problem has, had, and still has an infection. It is possible that it does.

He's on quite a few. He hasn't been visibly active here for a while. (don't know about any of the others, or whether he is on the forum you posted).
Ahh... OK... first time I read through your post I thought you were referring to posts/threads here, but I couldn't find any posts/threads by you on CH that were related to what you were describing.

[  I often think that if we had another language to explain things more succinctly things would be so much easier. Since we do not all we can do is ask for clarification. I think I can now answer your questions simply and perhaps it will help other understand better too. ]

On the irobovisdu.dll message The explanation and advice that I got was: " Its not unusual to receive such an error after using specialized fix tools. Download autorun, find the file, remove it and reboot. That worked well. It was also suggested to run ESET OnlineScan.

[ ESET would not run. I will answer one of your other questions here and again where you asked it: "Full Scan Mode" is an option on almost every makeware program and antivirus program I have and have had. Often they offer a "Smart Scan" or "Quick Scan". The other forum insisted on running the full mode scan and posting the logs from them. Malewarebytes is a perfect example. It has a smart which would run, complete and finish deleting what it found. But it would not finsish running in full mode. It always caused the computer to blue screen the restart. I have never know a way how to freeze the blue screen but have copied the error messages that are presented when the desktop returns and a message informs me that the computer was turned off incorrectly ]

Is full scan mode an eset OnlineScan thing? (not sure if this other forum thread is still open, if so you might want to give them some information about the details of the bluescreen, which you can  get via BlueScreenView.
Just to recap- I have no idea exactly which Forums EF is a member of, but I know he is a member on several. I also know that he hasn't been visibly active on this one for quite a while. He may simply be "AFK" due to priorities.


 
What the heck is "Full Scan mode"? Is that running in Normal Mode (Not safe mode)?

[ I just pulled up my Malwarebytes program to see what it says exactly: "Perform a Quick Scan", Perform a Full Scan, "Perform a Flash Scan" for lisc version only". Sorry for the confusion with Safe Mode. EF had me run several programs from Safe Mode with Networking. Pretty sure DrWeb was one of them since the free lisc is only for that one run. ]

Well, anyway, that's beyond the scope of your problem now, I suppose.


As for the other forum, it may have been a misunderstanding. Or, also likely- the help forum was more "open".

Here, for example, only certain members are supposed to help with malware issues. What it sounds like, is the other forum (whatever it was) didn't have a similar rule and everybody can offer their advice. This results in advice from a wide range of skill levels and it's impossible to tell (from the perspective of somebody seeking help) which members actually know what they are talking about, and which ones are, for lack of a better term, blowhards. Anyway,  going by your account of what happened there I would say it's one of those Computer Help forums that is more concerned about enforcing rules than actually providing the help those rules are supposed to guide. That, and they  might have had less than stellar reading comprehension and missed the eleventy bajillion times you noted you couldn't get the requested logs.

So anyways, on to your issue:
If I understand you correctly, as it is now, your computer simply refuses to boot into any mode, and instantly returns to the "boot options" screen?

[ Yes with a message about the computer not being turned off correctly; which is true. How it was turned off the last time may reveal some critical information but no one seems to be interested in that information and just adding it in part causes confusion when I post]

-First you can try to get to your data via the external drive method. I've done this myself a few times. The only caveats can involve ownership of files, but that depends on the OS you are using to copy.

[ Not sure how ownership is determined and this may have nothing to do with that aspect but maybe it does: While the computer is preparing to start there is an order of things that still occur as if it was going to boot normally. I press the start button. On a black screen in the utter left hand corner is an option to F?  which says Reformat. I do not want to do that. Then it presents me in the lower right corner the options to F10 or F2 pressing them brings me to the bios screen ( Megatrends if i am not mistaking ) There i can change anything and everything. i changed the password to insure that i know the exact password of my computer. The change took. I know that because the next time i F10 it asked me for the password. I typed it and it took me back to the bios. I do not know if there should be a review of what is checked or not checked there but no one has asked me to go there. Thought I would just mention that fact. ]

-you note you don't have the OS CD; as is being highlighted by your current situation- these are important and can get you out of situations exactly like this, or at least present more options for that. Obviously this is preaching to the choir at this point, but I feel it is worth noting. If you know anybody who has a standard Windows XP CD of the same SP level that you have installed (although I've personally had success using a SP2 CD with SP3 installed (I did have to reinstall SP3 afterwards to get everything consistent) you can use that as well. The purpose of acquiring such a disk would be to perform a Repair Install, instructions for which you can find here. Make sure it's not a recovery CD, of course.

[ A friend of mine showed me on Tuesday that he has two unopened XP CD's with sp 2 and 3 on them. Mine was as up to date as MS offered. The one thing however that I must mention about the CD's is that I think they were purchased in Thailand. It was mentioned to me by a user group member that there is a good chance that they are bootlegged. The both have product numbers on the back. I did not purchase them so I can not say for sure. ]

Naturally your other option would be to use the former option, copy the data from the drive to some other drive or storage device, and then run the recovery partition to restore everything.

Having the OS drive as an external and trying to copy files can sometimes give you weird permissions issues. Personally I haven't encountered such problems, but they definitely do occur. The solution is usually to "take ownership" of the files on the disk. With Windows XP, the details for doing that can be found here.

Lastly i want to relate a short story about another incident that may even be part of this forum. My Dad's high end Dell would not start and may have been worse than mine is now. He even had an original CD if i recall correctly. Like my situation now, most people attempting to help me gave up and said to just buy a new hard drive and reinstall the XP. So i took their advice and got his PC up and running. But here is the part i want to mention: I mounted the hard drive in an external case and performed every possible scan on it including some of those online scans by directing the scan to that drive and that drive only. Long story short. i cleared it of all problems, maintained all of the files and data that had been collected over the time he had it. And reinstalled it in his computer just to see if it ran and it did. Never ever had anyone suggest an external drive method of fixing and debugging a system. Maybe that can not always be done but i did it that one time. Surely makes me want to try it again. Just not sure about mounting a laptop hard drive in an external case. Do you know if it can be done?

[Malware Removal Specialist]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.

Thanks Dave. Before i start i noticed that you said a CD-RW. i will have to buy some since the RW's that i have are DVD.

i noticed that there are a couple of choices. The sick computer used Avira and it crashed when i force closed Dr Web. Maybe that info will give you an idea which one might be best to use.

Might be able to get the CD's tonight. If not Saturday.

Kryp

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.

Dave,   Just a heads up

       It took me this long to find CD RW. 

Can i presume that the programs on my sick computer and the fact that it was Dr. Web would not allow me to move on to the next step and in fact would not allow me to turn the computer off.

I will go back and read about each rescue and program and move to the next step.

[Malware Removal Specialist]

Can i presume that the programs on my sick computer and the fact that it was Dr. Web would not allow me to move on to the next step and in fact would not allow me to turn the computer off.

I will go back and read about each rescue and program and move to the next step.

You need to start by creating a Rescue Disk and see if you can get that computer to boot.

You need to start by creating a Rescue Disk and see if you can get that computer to boot.

The CDRW has the file on it. Do I open ( double click it ) while it is on the good computer?

[Malware Removal Specialist]

1. Start the computer with the Dr Web LiveCD in the CD/DVD tray. As loading starts a dialog window will prompt you to choose between the standard and safe mode. Use arrow keys to select Dr Web LiveCD (Default) mode and press Enter on the keyboard.
2. When Dr.Web LiveCD (Default) is selected, all available disk drives will be detected automatically. The operating system will also try to connect to the local network if available.
3. When the system is loaded, check all disks or folders you want to scan and click Start
4. Let Dr. Web finish it’s scan and then remove any threats found and then exit out of the scanner..
5. Take the CD out of the CD/DVD tray and then restart the computer.

Dave,

Just to keep you updated:                    I chose the DrWeb LiveCD.

It has been running for 8 hours and 30 mins, scan 460,000 plus objects and so far found 15 threats 7 infected, 4 Malicious, 4 Suspicious.


*******************************************************************

About quarantined items. What is the purpose of keeping problems in quarantine?

If Dr.Web is scanning everything on my Gateway will it not identify those already removed files that are still kept on my computer even if they are in a safe area where they can not ( what exactly is a quarantine area? ) do harm. Why not delete them forever?

Thanks for your help Dave.

Computer Hoping that i get a healthy Gateway back. It is time to back-up everything and then buy a new 'puter that is lighter, faster, and more current.

[Malware Removal Specialist]

About quarantined items. What is the purpose of keeping problems in quarantine?

Sometimes, an important and legit file gets quarantined by mistake. If that happens, we can always recover the file. I usually empty the quarantine folder every few weeks.

will it not identify those already removed files that are still kept on my computer even if they are in a safe area where they can not ( what exactly is a quarantine area? ) do harm. Why not delete them forever?

Yes, it will identify where the files are residing.

Sometimes, an important and legit file gets quarantined by mistake. If that happens, we can always recover the file. I usually empty the quarantine folder every few weeks.Yes, it will identify where the files are residing.

Finished!

27 Detected 27 neutralized 1077942 files checked 9 infected 11 malicious 7 suspicious  time 19 hrs 37 min 03 sec 1000 unable to scan

It would be nice if i could find/post a log

now to take the disk out and see if it starts. If it does, then what?

Sometimes, an important and legit file gets quarantined by mistake. If that happens, we can always recover the file. I usually empty the quarantine folder every few weeks.Yes, it will identify where the files are residing.

No luck. Back to the black safe mode window. None of the options work

[Malware Removal Specialist]

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  
• Reboot your system using the boot CD you just created.
• Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.
  

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  
• Reboot your system using the boot CD you just created.
• Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.
  

Dave,

I need to go away of family matters but must continue to attempt to recover data on this sick computer.

Letters that I wrote and calls that I made back in April, May, and June are on that computer. They are to a health club who of course has no record of anything and is now asking me to present dates, times and copies all for a $44.00 termination fee. I am fit to be tied that I have a computer virus and crash at this time after never having one before in my life.

I am forwarding this link to one of the club managers Mostly to show that I have been locked into getting this resolved for well over a month now. This of course leads back to taking the hard drive out just to access that data if nothing else.

I have asked the club to forgive the $44.00 since I already paid an extra three months already waiting for the termination of the membership to take place.
Sorry to go on about a non computer issue but as you can see it is directly related. I expect to be back in a week or so. I hope that you don't mind.

BTW I got a brand new copy of XP with service pack 2 and three on it. Maybe that can be used to repair the issues which I have been able to see them named with the programs you had me use. It just will not save them to a place where i can copy them and send them to you for examination.

Thanks and Sorry again.

Kryp

[Malware Removal Specialist]

. This of course leads back to taking the hard drive out just to access that data if nothing else.

You can remove the harddrive, slave it to another and get your data. Make sure you scan the data before putting it on another computer.

BTW I got a brand new copy of XP with service pack 2 and three on it.

If it's the same as what you have on your computer, you could try a Recovery. It won't affect your data.

You can remove the harddrive, slave it to another and get your data. Make sure you scan the data before putting it on another computer.
If it's the same as what you have on your computer, you could try a Recovery. It won't affect your data.

Dave,

       I've been away on an extended trip.

Didn't realize how much info is on that affected computer.

Which method would you suggest I use to get it back running again?

I'm going to re-read all of your suggestions. The XP CD I got the day before I left on my trip.

Thanks

[Malware Removal Specialist]

Which method would you suggest I use to get it back running again?

You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk.

If you do not know how to set your computer to boot from CD follow the steps here

You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk.

If you do not know how to set your computer to boot from CD follow the steps here

Made CD yesterday. Will be interesting to see if it's downloaded to the CD properly. Sick computer was unplugged so long it needs full charge before I try it. Will post later today.

You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk.

If you do not know how to set your computer to boot from CD follow the steps here

I'm going to go back and check the bios post. Maybe i misunderstood. The CD made with the OTLPE file on it does not start my computer at all. Other CD's that were suggested along the way always booted from the CD without changing the bios. Maybe it's different for this one.

Once it get's into this mad loop of trying to restart then there is virtually no way to stop it except hold the on/off button down for a long time. Can't imagine that this helps but what else is there.

Will be back after seeing if the bios change can even be done with it like it is.

You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk.

If you do not know how to set your computer to boot from CD follow the steps here

I got to the setup screen by pressing F2.   Somehow pressing DEL lead me to the recovery section which had me in a panic. There did not seem to be any warnings like: are you sure you want to do this. It just started doing it. It kept asking for a CD and there is no CD with this Gateway. Just a D drive. Holding down the start button got me out of there.

My Boot Screen says this:
1: USB FDC:
2: IDE CDROM:HL-DT-ST DVD-RW GWA-4082N
3: HDD:     FUJITSU MHV2100AT PL-(PM)
4: NETWORK B2 DO YUKON PXE
5:USB HDD:
6 USB CDROM:

NOTHING ELSE EXCEPT INSTRUCTIONS TO RIGHT AND ON BOTTOM  The instructiomns to the right say: <Shift + 1> enables or disables a device.

What next?

[Malware Removal Specialist]

I'm going to go back and check the bios post. Maybe i misunderstood. The CD made with the OTLPE file on it does not start my computer at all. Other CD's that were suggested along the way always booted from the CD without changing the bios. Maybe it's different for this one.

Please go back and read the instructions on how to create the CD. It's an ISO file that you're downloading. You need to use an ISO burner to burn it to the CD. There is one included in the instructions. You should not have to change the BIOS to boot from the disk. Most computers are set to first boot from the CD rom drive. I put that there just in case you had to change it. You BIOS is set up to boot from the USB first, then the CD rom drive and then the harddrive. If you're going to make a rescue CD, you will need to change the BIOS to boot from the CD first. Since I don't own a Gateway computer I really can't advise you how to get into the BIOS. Why not concentrate on creating the CD first and then try starting your computer with the rescue CD in the drive.

SuperDave,

I had a similar problem, i.e. restarting after Malwarebytes found 2 Trojan horses with the result of the restart blue screening, then restarting ad infinitum.  The Dr. Web CD procedure did not help.  I then tried the OTLP CD solution, but I could not get to the "Remote registry" screen.  Double clicking the OTLP icon after loading from the OTLP CD gave a prompt for which drive to scan, and then "No Windows Components" indicated after C drive is indicated.  I am using Windows Vista OS, Toshiba Satellite notebook.  The problem now is that after exiting from and removing the OTLP disc,  the booting-up after the Windows screen gives a black screen with message "A disk read error occurred       Press Ctrl+Alt+Del to restart".  I re-attempted Dr. Web Default, scan finished, but this still results in the same black screen with message as just indicated.