If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
trojan has highjacked pc
On 01/11/2012 23:36, glee wrote:
"Tony" wrote in message ... On 01/11/2012 22:51, Tony wrote: On 01/11/2012 21:18, philo wrote: On 11/01/2012 02:54 PM, Tony wrote: On 01/11/2012 19:28, philo wrote: On 11/01/2012 02:18 PM, Tony wrote: stupidly I have allowed a file_restore trojan to highjack my pc. I have tried running system restore in safe mode with cmd. I have rub Malwarebytes in safe mode. System restore just freezes and Malwarebytes doesn't help either. I thought I might re-install Windows from CD but this says I have a newer version already and stops. I've tried to format C to allow installation from the cd but the drive won't unmount. Can I create, somehow, a bootable flash drive so that I can re-inatall from my CD? Any ideas would be very welcome. Tony You cannot format your drive from within a running OS you need to *boot* with your install cd be sure to back up your data first and scan it for malware Thanks. I can't access any files to back up. I've tried *booting* from my cd however after lots of files have copied I get the BSOD with this message STOP:0x0000007B(0xF78D2524,0xC0000034,Ox00000000,0 x00000000) Tony Then you have hardware problems too. Could be a dirty or scratched cd. your cd rom may be bad or need a dusting out CAUTION: If you format your drive all your data will be gone so that needs to be backed up first. You need to use a live Linux cd and an external drive thanks. again, unfortunately now you've lost me, i'm afraid. Linux is something I read about but don't know what a live Linux cd is. I do have an external drive though. Also my pc hard disk is partitioned with all my data on drives other than "c" so I was hoping to reinstall windows to "c" & then access all my data from the other partitions. In the meantime I'll clean my disK & hoover out my cd rom I've now read up live Linux cd's, Ubuntu seems the most user friendly. I'm off to bed now but will try & create a live Linux cd tomorrow Before you go wiping everything out, create a bootable Kaspersky Rescue CD (which is Linux-based) from the downloadable ISO file, and boot with it (with your network cable connected so it can go online to update). Click the option to update, then when the update is done, click to scan, and make sure you check mark the C: drive to be included in the scan. It will find any malware and give you the option to remove it. Write down everything it finds and post back with the info before you remove anything, if you need help determining if it's ok to remove something it finds. Kaspersky Rescue Disk 10 http://support.kaspersky.com/viruses/rescuedisk How to Use the Kaspersky Rescue Disk to Clean Your Infected PC - http://www.howtogeek.com/howto/36403...r-infected-pc/ You can also use its Linux operating system after the scan is done and closed, to mount your Windows drive, and use the file manager to copy your files to a USB stick, if desired. Hi. Thanks so much for all the ongoing help. I've created a Kapersky Rescue Disk, Updated it and spend the morning Scanning my PC. It hasfound 2 Trojans, although it describes it as having found 3 malicious objects, perhaps because 1 is in two places. - Trojan-FakeAV.Win32.FakeSysDef.ekk in AppData/eKiousRYqssWq.EXE and also in HKEY Local Machine....\RUN and Root.Boot.SSTA. in /dev/sda In both cases Kapersky recommends removal. I've also taken your advice and used File Manager to back up my data to another drive Tony |
Ads |
#17
|
|||
|
|||
trojan has highjacked pc
On 11/02/2012 06:52 AM, glee wrote:
"philo" " wrote in message ... On 11/0troller and it's not set to IDE mode in the BIOS. If he needs those drivers and doesn't load them, he will get a 0x0000007B error. Advanced troubleshooting for "Stop error code 0x0000007B (INACCESSIBLE_BOOT_DEVICE)" errors in Windows XP http://support.microsoft.com/kb/324103 snip If the OP does in fact have an SATA drive and a non sp2/3 version of XP without the SATA drivers it would be normal for the setup to continue, then inform the user there is no drive avail to install XP on Yes, that is what one usually expects to see, but it isn't always the case. You can get a 0x7B stop error instead..... it's been documented in the field many times. You can also get the stop error if you load SATA drivers via F6, and they are not the correct drivers. I am pointing out that it is a possible reason for his error, if he has a SATA controller in use. The fact that you have not seen the error in this situation doesn't mean it hasn't happened. It's been noted before in real-world practice. Very well then. -- https://www.createspace.com/3707686 |
#18
|
|||
|
|||
trojan has highjacked pc
"Tony" wrote in message
... On 01/11/2012 23:36, glee wrote: "Tony" wrote in message ... On 01/11/2012 22:51, Tony wrote: On 01/11/2012 21:18, philo wrote: On 11/01/2012 02:54 PM, Tony wrote: On 01/11/2012 19:28, philo wrote: On 11/01/2012 02:18 PM, Tony wrote: stupidly I have allowed a file_restore trojan to highjack my pc. I have tried running system restore in safe mode with cmd. I have rub Malwarebytes in safe mode. System restore just freezes and Malwarebytes doesn't help either. I thought I might re-install Windows from CD but this says I have a newer version already and stops. I've tried to format C to allow installation from the cd but the drive won't unmount. Can I create, somehow, a bootable flash drive so that I can re-inatall from my CD? Any ideas would be very welcome. Tony You cannot format your drive from within a running OS you need to *boot* with your install cd be sure to back up your data first and scan it for malware Thanks. I can't access any files to back up. I've tried *booting* from my cd however after lots of files have copied I get the BSOD with this message STOP:0x0000007B(0xF78D2524,0xC0000034,Ox00000000,0 x00000000) Tony Then you have hardware problems too. Could be a dirty or scratched cd. your cd rom may be bad or need a dusting out CAUTION: If you format your drive all your data will be gone so that needs to be backed up first. You need to use a live Linux cd and an external drive thanks. again, unfortunately now you've lost me, i'm afraid. Linux is something I read about but don't know what a live Linux cd is. I do have an external drive though. Also my pc hard disk is partitioned with all my data on drives other than "c" so I was hoping to reinstall windows to "c" & then access all my data from the other partitions. In the meantime I'll clean my disK & hoover out my cd rom I've now read up live Linux cd's, Ubuntu seems the most user friendly. I'm off to bed now but will try & create a live Linux cd tomorrow Before you go wiping everything out, create a bootable Kaspersky Rescue CD (which is Linux-based) from the downloadable ISO file, and boot with it (with your network cable connected so it can go online to update). Click the option to update, then when the update is done, click to scan, and make sure you check mark the C: drive to be included in the scan. It will find any malware and give you the option to remove it. Write down everything it finds and post back with the info before you remove anything, if you need help determining if it's ok to remove something it finds. Kaspersky Rescue Disk 10 http://support.kaspersky.com/viruses/rescuedisk How to Use the Kaspersky Rescue Disk to Clean Your Infected PC - http://www.howtogeek.com/howto/36403...r-infected-pc/ You can also use its Linux operating system after the scan is done and closed, to mount your Windows drive, and use the file manager to copy your files to a USB stick, if desired. Hi. Thanks so much for all the ongoing help. I've created a Kapersky Rescue Disk, Updated it and spend the morning Scanning my PC. It hasfound 2 Trojans, although it describes it as having found 3 malicious objects, perhaps because 1 is in two places. - Trojan-FakeAV.Win32.FakeSysDef.ekk in AppData/eKiousRYqssWq.EXE and also in HKEY Local Machine....\RUN and Root.Boot.SSTA. in /dev/sda In both cases Kapersky recommends removal. I've also taken your advice and used File Manager to back up my data to another drive This newsgroup is not the best place to deal with malware removal, but in addition to the Fake/Rogue AV trojan, you have what looks to be a "boot kit".... a root kit which infects the Master Boot Record (MBR).... Root.Boot.SST.A This may also be involved in XP setup failing with a BSOD, if setup had reached the point where it was going to start from the hard drive..... and possibly even before that. Make SURE you have saved ALL your personal files to another drive, then have Kaspersky remove everything it finds, all copies of the malware. The first detection is a file... eKiousRYqssWq.EXE, the second detection is a Registry entry telling that file to run at every Windows start (HKEY Local Machine....\RUN). The third detection is the boot kit.... Root.Boot.SST.A When done, have Kaspersky shut down/restart the computer and see if Windows will start. Post back with your results.... even if Windows starts, you are not done cleaning. -- Glen Ventura MS MVP Oct. 2002 - Sept. 2009 CompTIA A+ |
#19
|
|||
|
|||
trojan has highjacked pc
On 03/11/2012 00:12, glee wrote:
"Tony" wrote in message ... On 01/11/2012 23:36, glee wrote: "Tony" wrote in message ... On 01/11/2012 22:51, Tony wrote: On 01/11/2012 21:18, philo wrote: On 11/01/2012 02:54 PM, Tony wrote: On 01/11/2012 19:28, philo wrote: On 11/01/2012 02:18 PM, Tony wrote: stupidly I have allowed a file_restore trojan to highjack my pc. I have tried running system restore in safe mode with cmd. I have rub Malwarebytes in safe mode. System restore just freezes and Malwarebytes doesn't help either. I thought I might re-install Windows from CD but this says I have a newer version already and stops. I've tried to format C to allow installation from the cd but the drive won't unmount. Can I create, somehow, a bootable flash drive so that I can re-inatall from my CD? Any ideas would be very welcome. Tony You cannot format your drive from within a running OS you need to *boot* with your install cd be sure to back up your data first and scan it for malware Thanks. I can't access any files to back up. I've tried *booting* from my cd however after lots of files have copied I get the BSOD with this message STOP:0x0000007B(0xF78D2524,0xC0000034,Ox00000000,0 x00000000) Tony Then you have hardware problems too. Could be a dirty or scratched cd. your cd rom may be bad or need a dusting out CAUTION: If you format your drive all your data will be gone so that needs to be backed up first. You need to use a live Linux cd and an external drive thanks. again, unfortunately now you've lost me, i'm afraid. Linux is something I read about but don't know what a live Linux cd is. I do have an external drive though. Also my pc hard disk is partitioned with all my data on drives other than "c" so I was hoping to reinstall windows to "c" & then access all my data from the other partitions. In the meantime I'll clean my disK & hoover out my cd rom I've now read up live Linux cd's, Ubuntu seems the most user friendly. I'm off to bed now but will try & create a live Linux cd tomorrow Before you go wiping everything out, create a bootable Kaspersky Rescue CD (which is Linux-based) from the downloadable ISO file, and boot with it (with your network cable connected so it can go online to update). Click the option to update, then when the update is done, click to scan, and make sure you check mark the C: drive to be included in the scan. It will find any malware and give you the option to remove it. Write down everything it finds and post back with the info before you remove anything, if you need help determining if it's ok to remove something it finds. Kaspersky Rescue Disk 10 http://support.kaspersky.com/viruses/rescuedisk How to Use the Kaspersky Rescue Disk to Clean Your Infected PC - http://www.howtogeek.com/howto/36403...r-infected-pc/ You can also use its Linux operating system after the scan is done and closed, to mount your Windows drive, and use the file manager to copy your files to a USB stick, if desired. Hi. Thanks so much for all the ongoing help. I've created a Kapersky Rescue Disk, Updated it and spend the morning Scanning my PC. It hasfound 2 Trojans, although it describes it as having found 3 malicious objects, perhaps because 1 is in two places. - Trojan-FakeAV.Win32.FakeSysDef.ekk in AppData/eKiousRYqssWq.EXE and also in HKEY Local Machine....\RUN and Root.Boot.SSTA. in /dev/sda In both cases Kapersky recommends removal. I've also taken your advice and used File Manager to back up my data to another drive This newsgroup is not the best place to deal with malware removal, but in addition to the Fake/Rogue AV trojan, you have what looks to be a "boot kit".... a root kit which infects the Master Boot Record (MBR).... Root.Boot.SST.A This may also be involved in XP setup failing with a BSOD, if setup had reached the point where it was going to start from the hard drive..... and possibly even before that. Make SURE you have saved ALL your personal files to another drive, then have Kaspersky remove everything it finds, all copies of the malware. The first detection is a file... eKiousRYqssWq.EXE, the second detection is a Registry entry telling that file to run at every Windows start (HKEY Local Machine....\RUN). The third detection is the boot kit.... Root.Boot.SST.A When done, have Kaspersky shut down/restart the computer and see if Windows will start. Post back with your results.... even if Windows starts, you are not done cleaning. I've given up on it. Having backed up all my data I've now carried out a clean installation. I am grateful however for all the assistance I've received. My installation has not gone as well as I'd have liked so I'll post a new question. Tony |
#20
|
|||
|
|||
trojan has highjacked pc
From: "Tony"
stupidly I have allowed a file_restore trojan to highjack my pc. I have tried running system restore in safe mode with cmd. I have rub Malwarebytes in safe mode. System restore just freezes and Malwarebytes doesn't help either. I thought I might re-install Windows from CD but this says I have a newer version already and stops. I've tried to format C to allow installation from the cd but the drive won't unmount. Can I create, somehow, a bootable flash drive so that I can re-inatall from my CD? Any ideas would be very welcome. Tony Please define what you think a "file_restore trojan" is. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp |
#21
|
|||
|
|||
trojan has highjacked pc
STOP:0x0000007B [etc]
Are you positive your install CD is genuine? |
#22
|
|||
|
|||
trojan has highjacked pc
Have you tried booting from another hard disk and
setting up this infected drive as a second drive? (Slave jumper) Then virus scan the heck out of the infected drive? Got a utility to wipe the MBR? Treat it as a data drive until you migrate the files off it. |
|
Thread Tools | |
Display Modes | |
|
|