Solve : Trojan horse, and other things?

1.	Solve : Trojan horse, and other things?
Answer» Quote from: SuperDave on June 30, 2011, 04:30:28 PM Sometimes, an important and legit file gets quarantined by mistake. If that happens, we can always recover the file. I usually empty the quarantine folder every few weeks.Yes, it will identify where the files are residing. Finished! 27 Detected 27 neutralized 1077942 files checked 9 infected 11 malicious 7 suspicious time 19 hrs 37 min 03 sec 1000 unable to scan It would be nice if i could find/post a log now to take the disk out and see if it starts. If it does, then what?Quote from: SuperDave on June 30, 2011, 04:30:28 PM Sometimes, an important and legit file gets quarantined by mistake. If that happens, we can always recover the file. I usually empty the quarantine folder every few weeks.Yes, it will identify where the files are residing. No luck. Back to the black safe mode window. None of the options work We are going to be using a Windows Recovery Environment to help disinfect the system so it MAY BOOT again. Download the OTLPE Standard REATOGO Windows Recovery Environment. Place a blank CD-R disc in to your CD burning drive. Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here. Reboot your system using the boot CD you just created. Note : If you do not know how to set your computer to boot from CD follow the steps here Your system should now display a REATOGO-X-PE desktop. Double-click on the OTLPE icon. When asked "Do you wish to load the remote registry", select Yes When asked "Do you wish to load remote user profile(s) for scanning", select Yes Ensure the box "Automatically Load All Remaining Users" is checked and press OK OTL should now start. Change the following settings Change Drivers to Non-Microsoft Press Run Scan to start the scan. When finished, the file will be saved in drive C:\_OTL\MovedFiles Copy this file to your USB drive if you do not have internet connection on this system Please post the contents of the OTL.txt file in your reply. Quote from: SuperDave on June 30, 2011, 05:30:38 PM We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again. Download the OTLPE Standard REATOGO Windows Recovery Environment. Place a blank CD-R disc in to your CD burning drive. Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here. Reboot your system using the boot CD you just created. Note : If you do not know how to set your computer to boot from CD follow the steps here Your system should now display a REATOGO-X-PE desktop. Double-click on the OTLPE icon. When asked "Do you wish to load the remote registry", select Yes When asked "Do you wish to load remote user profile(s) for scanning", select Yes Ensure the box "Automatically Load All Remaining Users" is checked and press OK OTL should now start. Change the following settings Change Drivers to Non-Microsoft Press Run Scan to start the scan. When finished, the file will be saved in drive C:\_OTL\MovedFiles Copy this file to your USB drive if you do not have internet connection on this system Please post the contents of the OTL.txt file in your reply. Dave, I need to go away of family matters but must continue to attempt to recover data on this sick computer. Letters that I wrote and calls that I made back in April, May, and June are on that computer. They are to a health club who of course has no record of anything and is now asking me to present dates, times and copies all for a $44.00 termination fee. I am fit to be tied that I have a computer virus and crash at this time after never having one before in my life. I am forwarding this link to one of the club managers Mostly to show that I have been locked into getting this resolved for well over a month now. This of course leads back to taking the hard drive out just to ACCESS that data if nothing else. I have asked the club to forgive the $44.00 since I already paid an extra three months already waiting for the termination of the membership to take place. Sorry to go on about a non computer issue but as you can see it is directly related. I expect to be back in a week or so. I hope that you don't mind. BTW I got a brand new copy of XP with service pack 2 and three on it. Maybe that can be used to repair the issues which I have been able to see them named with the programs you had me use. It just will not save them to a place where i can copy them and send them to you for examination. Thanks and Sorry again. KrypQuote . This of course leads back to taking the hard drive out just to access that data if nothing else. You can remove the harddrive, slave it to another and get your data. Make sure you scan the data before PUTTING it on another computer. Quote BTW I got a brand new copy of XP with service pack 2 and three on it. If it's the same as what you have on your computer, you could try a Recovery. It won't affect your data.Quote from: SuperDave on July 04, 2011, 04:19:04 PM You can remove the harddrive, slave it to another and get your data. Make sure you scan the data before putting it on another computer. If it's the same as what you have on your computer, you could try a Recovery. It won't affect your data. Dave, I've been away on an extended trip. Didn't realize how much info is on that affected computer. Which method would you suggest I use to get it back running again? I'm going to re-read all of your suggestions. The XP CD I got the day before I left on my trip. ThanksQuote Which method would you suggest I use to get it back running again? You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk. If you do not know how to set your computer to boot from CD follow the steps hereQuote from: SuperDave on August 13, 2011, 05:24:53 PM You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk. If you do not know how to set your computer to boot from CD follow the steps here Made CD yesterday. Will be interesting to see if it's downloaded to the CD properly. Sick computer was unplugged so long it needs full charge before I try it. Will post later today.Quote from: SuperDave on August 13, 2011, 05:24:53 PM You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk. If you do not know how to set your computer to boot from CD follow the steps here I'm going to go back and check the bios post. Maybe i misunderstood. The CD made with the OTLPE file on it does not start my computer at all. Other CD's that were suggested along the way always booted from the CD without changing the bios. Maybe it's different for this one. Once it get's into this mad loop of trying to restart then there is virtually no way to stop it except hold the on/off button down for a long time. Can't imagine that this helps but what else is there. Will be back after seeing if the bios change can even be done with it LIKE it is.Quote from: SuperDave on August 13, 2011, 05:24:53 PM You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk. If you do not know how to set your computer to boot from CD follow the steps here I got to the setup screen by pressing F2. Somehow pressing DEL lead me to the recovery section which had me in a panic. There did not seem to be any warnings like: are you sure you want to do this. It just started doing it. It kept asking for a CD and there is no CD with this Gateway. Just a D drive. Holding down the start button got me out of there. My Boot Screen says this: 1: USB FDC: 2: IDE CDROM:HL-DT-ST DVD-RW GWA-4082N 3: HDD: FUJITSU MHV2100AT PL-(PM) 4: NETWORK B2 DO YUKON PXE 5:USB HDD: 6 USB CDROM: NOTHING ELSE EXCEPT INSTRUCTIONS TO RIGHT AND ON BOTTOM The instructiomns to the right say: enables or disables a device. What next?Quote I'm going to go back and check the bios post. Maybe i misunderstood. The CD made with the OTLPE file on it does not start my computer at all. Other CD's that were suggested along the way always booted from the CD without changing the bios. Maybe it's different for this one. Please go back and read the instructions on how to create the CD. It's an ISO file that you're downloading. You need to use an ISO burner to burn it to the CD. There is one included in the instructions. You should not have to change the BIOS to boot from the disk. Most computers are set to first boot from the CD rom drive. I put that there just in case you had to change it. You BIOS is set up to boot from the USB first, then the CD rom drive and then the harddrive. If you're going to make a rescue CD, you will need to change the BIOS to boot from the CD first. Since I don't own a Gateway computer I really can't advise you how to get into the BIOS. Why not concentrate on creating the CD first and then try starting your computer with the rescue CD in the drive.SuperDave, I had a similar problem, i.e. restarting after Malwarebytes found 2 Trojan horses with the result of the restart blue screening, then restarting ad infinitum. The Dr. Web CD procedure did not help. I then tried the OTLP CD solution, but I could not get to the "Remote registry" screen. Double clicking the OTLP icon after loading from the OTLP CD gave a prompt for which drive to scan, and then "No Windows Components" indicated after C drive is indicated. I am using Windows Vista OS, Toshiba Satellite notebook. The problem now is that after exiting from and removing the OTLP disc, the booting-up after the Windows screen gives a black screen with message "A disk read error occurred Press Ctrl+Alt+Del to restart". I re-attempted Dr. Web Default, scan finished, but this still results in the same black screen with message as just indicated.

Answer»

Quote from: SuperDave on June 30, 2011, 04:30:28 PM

Sometimes, an important and legit file gets quarantined by mistake. If that happens, we can always recover the file. I usually empty the quarantine folder every few weeks.Yes, it will identify where the files are residing.

Finished!

27 Detected 27 neutralized 1077942 files checked 9 infected 11 malicious 7 suspicious time 19 hrs 37 min 03 sec 1000 unable to scan

It would be nice if i could find/post a log

now to take the disk out and see if it starts. If it does, then what?Quote from: SuperDave on June 30, 2011, 04:30:28 PM

Sometimes, an important and legit file gets quarantined by mistake. If that happens, we can always recover the file. I usually empty the quarantine folder every few weeks.Yes, it will identify where the files are residing.

No luck. Back to the black safe mode window. None of the options work
We are going to be using a Windows Recovery Environment to help disinfect the system so it MAY BOOT again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

Place a blank CD-R disc in to your CD burning drive.
Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
Change Drivers to Non-Microsoft
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\_OTL\MovedFiles
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

Quote from: SuperDave on June 30, 2011, 05:30:38 PM

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
Place a blank CD-R disc in to your CD burning drive.
Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
Change Drivers to Non-Microsoft
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\_OTL\MovedFiles
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

Dave,

I need to go away of family matters but must continue to attempt to recover data on this sick computer.

Letters that I wrote and calls that I made back in April, May, and June are on that computer. They are to a health club who of course has no record of anything and is now asking me to present dates, times and copies all for a $44.00 termination fee. I am fit to be tied that I have a computer virus and crash at this time after never having one before in my life.

I am forwarding this link to one of the club managers Mostly to show that I have been locked into getting this resolved for well over a month now. This of course leads back to taking the hard drive out just to ACCESS that data if nothing else.

I have asked the club to forgive the $44.00 since I already paid an extra three months already waiting for the termination of the membership to take place.
Sorry to go on about a non computer issue but as you can see it is directly related. I expect to be back in a week or so. I hope that you don't mind.

BTW I got a brand new copy of XP with service pack 2 and three on it. Maybe that can be used to repair the issues which I have been able to see them named with the programs you had me use. It just will not save them to a place where i can copy them and send them to you for examination.

Thanks and Sorry again.

KrypQuote

. This of course leads back to taking the hard drive out just to access that data if nothing else.

You can remove the harddrive, slave it to another and get your data. Make sure you scan the data before PUTTING it on another computer.

Quote

BTW I got a brand new copy of XP with service pack 2 and three on it.

If it's the same as what you have on your computer, you could try a Recovery. It won't affect your data.Quote from: SuperDave on July 04, 2011, 04:19:04 PM

You can remove the harddrive, slave it to another and get your data. Make sure you scan the data before putting it on another computer.
If it's the same as what you have on your computer, you could try a Recovery. It won't affect your data.

Dave,

I've been away on an extended trip.

Didn't realize how much info is on that affected computer.

Which method would you suggest I use to get it back running again?

I'm going to re-read all of your suggestions. The XP CD I got the day before I left on my trip.

ThanksQuote

Which method would you suggest I use to get it back running again?

You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk.

If you do not know how to set your computer to boot from CD follow the steps hereQuote from: SuperDave on August 13, 2011, 05:24:53 PM

You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk.

If you do not know how to set your computer to boot from CD follow the steps here

Made CD yesterday. Will be interesting to see if it's downloaded to the CD properly. Sick computer was unplugged so long it needs full charge before I try it. Will post later today.Quote from: SuperDave on August 13, 2011, 05:24:53 PM

You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk.

If you do not know how to set your computer to boot from CD follow the steps here

I'm going to go back and check the bios post. Maybe i misunderstood. The CD made with the OTLPE file on it does not start my computer at all. Other CD's that were suggested along the way always booted from the CD without changing the bios. Maybe it's different for this one.

Once it get's into this mad loop of trying to restart then there is virtually no way to stop it except hold the on/off button down for a long time. Can't imagine that this helps but what else is there.

Will be back after seeing if the bios change can even be done with it LIKE it is.Quote from: SuperDave on August 13, 2011, 05:24:53 PM

You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk.

If you do not know how to set your computer to boot from CD follow the steps here

I got to the setup screen by pressing F2. Somehow pressing DEL lead me to the recovery section which had me in a panic. There did not seem to be any warnings like: are you sure you want to do this. It just started doing it. It kept asking for a CD and there is no CD with this Gateway. Just a D drive. Holding down the start button got me out of there.

My Boot Screen says this:
1: USB FDC:
2: IDE CDROM:HL-DT-ST DVD-RW GWA-4082N
3: HDD: FUJITSU MHV2100AT PL-(PM)
4: NETWORK B2 DO YUKON PXE
5:USB HDD:
6 USB CDROM:

NOTHING ELSE EXCEPT INSTRUCTIONS TO RIGHT AND ON BOTTOM The instructiomns to the right say: enables or disables a device.

What next?Quote

I'm going to go back and check the bios post. Maybe i misunderstood. The CD made with the OTLPE file on it does not start my computer at all. Other CD's that were suggested along the way always booted from the CD without changing the bios. Maybe it's different for this one.

Please go back and read the instructions on how to create the CD. It's an ISO file that you're downloading. You need to use an ISO burner to burn it to the CD. There is one included in the instructions. You should not have to change the BIOS to boot from the disk. Most computers are set to first boot from the CD rom drive. I put that there just in case you had to change it. You BIOS is set up to boot from the USB first, then the CD rom drive and then the harddrive. If you're going to make a rescue CD, you will need to change the BIOS to boot from the CD first. Since I don't own a Gateway computer I really can't advise you how to get into the BIOS. Why not concentrate on creating the CD first and then try starting your computer with the rescue CD in the drive.SuperDave,

I had a similar problem, i.e. restarting after Malwarebytes found 2 Trojan horses with the result of the restart blue screening, then restarting ad infinitum. The Dr. Web CD procedure did not help. I then tried the OTLP CD solution, but I could not get to the "Remote registry" screen. Double clicking the OTLP icon after loading from the OTLP CD gave a prompt for which drive to scan, and then "No Windows Components" indicated after C drive is indicated. I am using Windows Vista OS, Toshiba Satellite notebook. The problem now is that after exiting from and removing the OTLP disc, the booting-up after the Windows screen gives a black screen with message "A disk read error occurred Press Ctrl+Alt+Del to restart". I re-attempted Dr. Web Default, scan finished, but this still results in the same black screen with message as just indicated.

Solve : Trojan horse, and other things?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment