12 replies to this topic

[Adasha]

I am not sure what kind of virus I have on my Hp laptop, Windows 7. It boots up to a System Recovery window that appears to be fake. First, a black box flashes really fast, then it goes to Startup Repair which searches for problems and asks me to send details. Then, all of a sudden, this fake Recovery Manager shows up. I tried pressing F8 upon startup and anything I choose (safe mode, safe mode with command prompt) redirects back to this same window. I tried doing system restore from this fake program and it appears to work until it gets to finalizing the files, then gives me the error "System Restore did not complete successfully. An unspecified error occurred during System Restore. (0x80070002)" When I close it, it reboots. I also get a startup repair error saying "it cannot repair this computer automatically. Problem event name is StartupRepairOffline." Then it has a lot of Problem Signature 01, 02, etc. How can I get past all of this? I have run all diagnostics and found no problems with memory or hard drive.

[CatByte]

Download these tools from another machine, and transfer them to the affected machine via USB flash drive.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Link 1
Link 2
Link 3
Link 4



Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try to run DDS and aswMBR

If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

• Disable any script blocking protection
• Double click dds to run the tool.
• When done, two DDS.txt's will open.
• Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

[Adasha]

How do I get to the USB tool when every time I boot it only takes me to the Recovery window?

[Adasha]

I attached a picture of the only screen I can get to, no matter what I choose.

Attached Thumbnails

• 

[CatByte]

does it look like this one?

http://h20000.www2.h...ectID=c01895783

Is your machine HP?

Did you try the system recovery?

[Adasha]

It is a Hp. It's a year old. I did not do the system recovery because it says it will erase all data and I have programs I can't lose. My system recovery screen does not look like the one in the link. It does not have all of those options. I tried the creating a backup, but it gets to the 3rd disc to enter and it freezes every time.

[CatByte]

If you reboot and start tapping F8 until an options menu appears, do you have an option to "repair my computer"? Are you able to select that?

If you don't have that option, you may only have the option of booting to a boot disk and saving the programs that you need once booted into the boot disk then reformatting:

Download GETxPUD.exe to the desktop of your clean computer

• Run GETxPUD.exe
• A new folder will appear on the desktop.
• Open the GETxPUD folder and click on the get&burn.bat
• The program will download xpud_0.9.2.iso, and when finished, it will open BurnCDCC which will be ready to burn the image.
• Click on Start and follow the prompts to burn the image to a CD.
  
• Boot the computer with the CD you just burned
• The computer must be set to boot from the CD
• Follow the prompts
• A Welcome to xPUD screen will appear
• Click on File
• Expand mnt
• sda1 or sda2 will usually correspond to your HDD
• Insert a USB drive
• sdb1 is likely your USB

You will now be able to navigate to the files you need on your hard drive and copy and paste them to your USB

I haven't ever encountered a fake HP recovery screen, it may just be the real thing but isn't working properly

[Adasha]

I have tried to reboot to the discs. I have the Windows 7 recovery disc, but it bypasses the boot to CD and goes straight to that same window. I am able to get to Repair My Computer. What do I need to do from there?

[CatByte]

Your computer needs to be set in the BIOS to Boot from CD first try pressing F9 to get to boot options when you first boot up and arrow up to boot from CD first. Allow the computer to "Repair" That won't reformat your computer, it should just repair the corrupt files

[Adasha]

It still takes me to that same screen. No matter where all I put boot to CD, it still goes to the same screen. NOW - NEW PROBLEM Some "not so bright person" decided they would fix my laptop and hit some recovery option to reinstall windows. Well guess what? It didn't work. It starts windows then says "Preparing Computer for First Use". Then it goes to starting windows. Then I get an error "Windows could not complete the installation. To install Windows on this computer, restart the installation."

[Adasha]

I have a Windows 7 repair disc and it won't let me boot from the disc. I just continue to get the loop above.

[CatByte]

Can you access the BIOS if you tap F2 on bootup? You may be stuck at this point having to slave your hard drive to another computer and accessing the hard drive thatway. I think at this point it would be wisest for you to post a new topic in our hardware forum and see if our tech wizards can figure out a way to resolve this for you as really I only do malware removal. Good luck

[CatByte]

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic