144 replies to this topic

[oldman960]

Hi forest5678,

Let's check a couple of things.

First, please run OTL by double clicking it's icon. If you recieve an error message that the program needs to close please look at the status bar at the bottom of OTL's screen. Is there an error message displayed there?

Next, we'll see if we made any progress in this area.

• Click start > run
• type cmd and hit enter
• In the command window that opens type ipconfig /all (note the space after config)
• When it is finished right click in the black window and click select all
• right click again and click copy
• click start > run
• type notepad and hit enter
• a notepad will open, right click in it and select paste
• Please save the notepad to a USB device or CD and post it's content here.

Thanks

[forest5678]

what is OLT? thanks!!!!!

[forest5678]

ok I figured out what it was, we had renamed it. Everytime I try to run the program I get a pop-up saying OTL has encountered a problem and needs to close. I even tried in safe mode. Thanks!!!!!!!!!!!!

[oldman960]

Hi forest5678, At the bottom of OTL under the Custom Scans/Fixes window is a narrow white box (see image). This is OTL's progress bar. It will show you what it is scanning or doing. What is the last action shown or does an error message appear before you recieve the popup message that the program needs to close?

[forest5678]

the program otl never starts, I get that message before it can open. Thanks!!!

[oldman960]

Hi forest5678, Thanks. Please go ahead with the instrucrions for ipconfig /all.

[forest5678]

Microsoft Windows XP [Version 5.1.2600] © Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\DJ Dash>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : mixer Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection 10: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ether net #3 Physical Address. . . . . . . . . : 00-04-4B-17-C2-FF Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : 169.254.148.149 Subnet Mask . . . . . . . . . . . : 255.255.0.0 IP Address. . . . . . . . . . . . : ? Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : ? ? ? Ethernet adapter VirtualBox Host-Only Network: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapte r Physical Address. . . . . . . . . : 08-00-27-00-74-98 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : 169.254.41.239 Subnet Mask . . . . . . . . . . . : 255.255.0.0 IP Address. . . . . . . . . . . . : ? Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : ? ? ? Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : ? Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled C:\Documents and Settings\DJ Dash> thanks!!!!!!!

[oldman960]

Hi forest5678, I'm checking with OTL's developer to see if there is a reason OTL will not run. Thanks for your patience.

[oldman960]

Hi forest5678,

You may have some missing or corrupt files. You might need your XP CD for this.

Click start > run

• in the run box type SFC.EXE /SCANNOW (note there is a space after .exe)
• hit enter
• Insert your CD if prompted

Let us know what happens.

[forest5678]

It keeps telling me that the cd I provided is wrong, but it is the right disk. Thanks!!!

[oldman960]

Hi forest5678,

Whay does it say on the CD?

I think I may know where the problem lies. We'll run a test to make sure before we continue.

On your working computer.

Open a new Notepad session

• Click the Start button, click run
• in the run box type notepad
• click ok
• In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  
• Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

[boot loader]
timeout=30
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=1 /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=2 /fastdetect
scsi(0)disk(0)rdisk(0)partition(1)\WINDOWS=3 /fastdetect
scsi(0)disk(0)rdisk(0)partition(2)\WINDOWS=4 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=5 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=6 /fastdetect

• in notepad go to FILE > SAVE AS and in the dropdown box, set the top box SAVE IN to your USB device
• in the FILE NAME box type (including the " " marks), "boot.ini"

Click save.

Transfer the file to the infected computer's desktop.

• right click the file and open with notepad
• a the top of the notepad click file > save as
• set the top box SAVE IN to C:\
• in the file name box type make sure the name is still boot.ini
• click save

Close the notepad.

Do not reboot your computer until I give you the ok.

Next

Go to start > Run and type the following line in the run box and click OK.

notepad c:\boot.ini

note the space after notepad.

Please post the contents of the notepad that opens.

Thanks

[forest5678]

[boot loader] timeout=30 [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=1 /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=2 /fastdetect scsi(0)disk(0)rdisk(0)partition(1)\WINDOWS=3 /fastdetect scsi(0)disk(0)rdisk(0)partition(2)\WINDOWS=4 /fastdetect scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=5 /fastdetect scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=6 /fastdetect thanks!!!!

[oldman960]

Hi forest5678,

Please print or write down these instructions then reboot the infected computer.

You will only need to do this until you find the option that will boot to Windows. Once Windows has loaded please stop there and post back which option started the computer.

After the reboot, you'll have 30 seconds to choose from the boot menu.

• Use your arrow key and select 1 /fastdetect in the list and press Enter
• Wait for it to boot Windows.
• If you receive an error, click OK to restart the system.

If you need to restart because of Windows failing to load you will see the boot menu again.

• Arrow up to 2 /fastdetect and press Enter.
• Wait for Windows to boot.
• If you receive an error message, same as before, click OK to restart.
• Continue using the arrow key, going in succession from 3 /fastdetect, etc., one at a time, until Windows boots up.

[forest5678]

It booted up with using number 1. Thanks!!!!!!!

[oldman960]

Hi forest5678,


Ok that's good.

On your working computer.

Open a new Notepad session

• Click the Start button, click run
• in the run box type notepad
• click ok
• In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  
• Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

• in notepad go to FILE > SAVE AS and in the dropdown box, set the top box SAVE IN to your USB device
• in the FILE NAME box type (including the " " marks), "boot.ini"

Click save.

On the infected computer's desktop locte the copy of boot.ini you transfered there earlier, right click it and select delete

Transfer the new boot.ini you just saved to the usb device to the infected computer's desktop. Don't do anything with it yet.

Open windows explorer and navigate to the C:\ folder

• Click on it
• in the right hand panel locate this file, boot.ini
• right click it and select rename
• on the keyboard type boot.old
• hit enter

Back on your desktop

• right click the new boot.ini and open with notepad
• at the top of the notepad click file > save as
• set the top box SAVE IN to C:\
• in the file name box type make sure the name is still boot.ini
• click save

Close the notepad.

Try running the SFC.EXE /SCANNOW as posted in reply #84.

Let us know how you make out.

Thanks