Author Topic: Virus? (Read 17522 times)

UnstableWingman · « **Reply #15 on:** February 15, 2009, 09:33:58 PM »

I tried booting it without the XP cd in the cd-rom drive, and it kept giving me the BSoD
With the cd in the drive, it boots fine.

evilfantasy · « **Reply #16 on:** February 15, 2009, 09:45:05 PM »

Hmm. Not sure what to think about that.

Have you changed your boot order?

BC_Programmer · « **Reply #17 on:** February 15, 2009, 09:52:58 PM »

what was the bluescreen error code?

can you get into the recovery console via the CD and run fixboot,fixmbr, and perhaps a chkdsk /f for good measure.

This can occur when NTLDR, NTDETECT, or one of the other core boot files is corrupted or missing on the HD. I've only seen it with floppy disks and those three files, but I imagine it applies equally well to CD drives since they can be higher in the boot order then the HD.

tgp1994 · « **Reply #18 on:** February 15, 2009, 09:55:49 PM »

How about this, for looking at the BSOD error:

Get a video camera, and record the portion of the startup where the BSOD appears. Then play it back frame by frame to see if you can get a good look at the BSOD, and report it here.

BC_Programmer · « **Reply #19 on:** February 15, 2009, 10:04:18 PM »

or use F8 and "disable automatic restart on system failure"...

evilfantasy · « **Reply #20 on:** February 15, 2009, 10:08:30 PM »

Quote

can you get into the recovery console via the CD and run fixboot,fixmbr

That sparked a thought.

And since we are dealing with a malware issue it could be the MBR Rootkit.

Download mbr.exe to your Desktop.

Doubleclick mbr.exe and follow prompts.
When mbr.exe is ready, it will create a log.
Copy and paste contents of that file to your next reply.

UnstableWingman · « **Reply #21 on:** February 15, 2009, 10:19:35 PM »

mbr wont open. It just flashes a black box.

evilfantasy · « **Reply #22 on:** February 15, 2009, 10:23:03 PM »

That's all it does. There should be a new log file on your desktop called mbr.

UnstableWingman · « **Reply #23 on:** February 15, 2009, 10:26:37 PM »

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
MBR rootkit code detected !
malicious code @ sector 0x3a384c41 size 0x1c0 !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

BC_Programmer · « **Reply #24 on:** February 15, 2009, 10:29:37 PM »

well speak of the devil!

Thar be beasts in that thar MBR!

evilfantasy · « **Reply #25 on:** February 15, 2009, 10:42:16 PM »

Stinking rootkits are going to be the death of me man I swear. Sneaky b*stards.

Thanks BC, your diagnosis tipped of the perps location

OK, here we go...

Copy the MBR.exe on your desktop and place it in the C:\Windows folder

Now click Start > Run

Type in mbr.exe -f <- Note the space between mbr.exe and -f

Then click OK.

Should fix it.

evilfantasy · « **Reply #26 on:** February 15, 2009, 10:48:36 PM »

I should have had you put that in the C:\ directory so unless you have already started just put it there.

UnstableWingman · « **Reply #27 on:** February 15, 2009, 10:56:43 PM »

Do I get another log saying its gone?

evilfantasy · « **Reply #28 on:** February 15, 2009, 10:59:14 PM »

Look where you placed the MBR.exe and there should be a mbr.log

Please post that log.

tgp1994 · « **Reply #29 on:** February 15, 2009, 10:59:36 PM »

I think your comfirmation will be your computer starting up without the disk.

Computer Hope Forum

News:

Author Topic: Virus? (Read 17522 times)

UnstableWingman

Re: Virus?

evilfantasy

Re: Virus?

BC_Programmer

Re: Virus?

tgp1994

Re: Virus?

BC_Programmer

Re: Virus?

evilfantasy

Re: Virus?

UnstableWingman

Re: Virus?

evilfantasy

Re: Virus?

UnstableWingman

Re: Virus?

BC_Programmer

Re: Virus?

evilfantasy

Re: Virus?

evilfantasy

Re: Virus?

UnstableWingman

Re: Virus?

evilfantasy

Re: Virus?

tgp1994

Re: Virus?