33 replies to this topic

[robe414]

I recently got infected with the police pro virus - i was attempting to log onto my computer as adminstrator but now blue screen appears. I can't boot up, not even in safe mode or using last working settings. need help getting computer to boot, then will need help removing virus. thanks.

[noahdfear]

Welcome to WhattheTech forums robe414, Do you have access to a pc from which you can burn a cd, and have a blank cd to use? You would be required to download a file to burn, and an app to burn it with (very small and simple to use), unless the machine already has software capable of burning an ISO and you know how to create a bootable cd with it.

[robe414]

i do have a computer available to burn a cd and a blank cd. thanks in advance for the help...

[noahdfear]

Great! Please download the Hiren's BootCD v10.0 + Keyboard Patch iso image from the following link, then extract the contents to a folder of it's own.

http://www.hirensbootcd.net/

Next download and install the ISO Recorder version for your operating system (the operating system used to burn the cd).

Once ISO Recorder is installed, insert a blank cd then right click the Hiren'sBootCD.iso file in the Hiren's folder.
Select Copy Image to CD from the right click context menu.
Leave all settings to default in the CD Recording Wizard that opens and burn the disc.
When complete, insert the cd into your computer and restart.
You should be presented with a boot menu.
Select Start Mini Windows XP

Let me know if successful.

*Please do not restart the computer, nor do any other browsing or run any other programs, until I've responded with further instructions. Running from the bootable cd is like God mode, and anything you do could be irreversible.

[robe414]

ok, i made the cd as instructed but when i insert it and restart the computer, it still goes to the page where it gives you the options of starting in safe mode, safe mode w/ networking, etc. any choice i pick goes to a blue page that says" a problem has been detected and windows has been shut down to prevent damage to you computer. page_fault_in_nopaged_area... technical information: stop:0x00000050 (0xc4b5da1c, 0x00000001, 0x80537009, 0x00000000) i've restarted and pressed F8 a couple of times and i get an expanded menu which includes disable automatic restart on system failure, and reboot but these don't work either, just goes to blue screen as described above. when i choose safe mode, it scrolls through a bunch of lines that say something about multi disk partision \windows 32\drivers\ ... then goes to the blue page again. when i choose start with last known good configuration, the windows xp start up page comes up for about a second and then it goes to the blue page again. seems like the bootable cd doesn't have a chance to boot, unless i did something wrong. but i downloaded the proper iso recorder and it burned the cd. any ideas?

[noahdfear]

You may need to change the boot order in the system BIOS. To do so, you will need to press a key after the initial beep upon starting the computer (as soon as you see something on the sceen). The key to press varies from system to system, but is generally either, Enter, Delete, or an F* function key. Often on the boot screen you will see 'Press * to enter setup". That's the key to press if you see it. There are many different BIOS configurations, so I cannot give you specific instructions for proceeding without knowing exactly what you have. What you will be looking for is commonly shown as Boot Order or Boot Options. There will be choices of Hard Drive, CD-ROM and Floppy disk, at least. The first boot device should be CD-ROM - change it if necessary. Second should be Hard Drive. Once verifying the CD-ROM is set as the first boot device, exit setup, saving the changes. The computer will restart and if the Hiren's disc is in the drive, and properly burned, it should boot to the cd where you will see the option to boot Mini XP *You should also be able to look up the manual for your computer online for specific instructions to enter setup and adjust the boot order, should the above not be helpful.

[robe414]

ok, it worked! i have mini xp open. what's next?

[noahdfear]

Once Mini XP has loaded, double click the Network icon on the desktop.
Your network adapter should be detected, drivers installed and configured for a connection.
Once the network connection has been established, a connection icon should be located near the clock in the notification area.
There should be a minimized program on the taskbar named Hiren's BootCD WinTools - click it to bring up the interface (or click Start>Programs>BootCD WinTools or double click the Hiren's BootCD Wintools icon on the desktop).
Click Menu on the interface, then select Browsers>Opera Web Browser.
Navigate here to the forum and click this link.
Download the program and save it to the desktop.
Once saved, close all other windows then double click the program to run it.
When completed, a log will open.
Save the log to the desktop using File>Save as, then post the log in a reply.

*Please do not restart the computer, nor do any other browsing or run any other programs, until I've responded with further instructions. Running from the bootable cd is like God mode, and anything you do could be irreversible.

[robe414]

i downloaded dds-bootcd.exe but it will not run.

[noahdfear]

What does it do when you try? Open the task manager (Task Manager-Procexp icon on desktop) then click File>Run, browse to and select dds-bootcd.exe, click Open then OK.

[robe414]

that didn't work either. it looks like its starting to run, i get a black screen for less than a second and then it dissappears and nothing happens. before i run the program, it sayys that the program is desinged to run in Hiren PE environment. if fails to identify OS, copy to root of targeted partions. i'm guessing this is standard language before the program runs.

[noahdfear]

Right click the dds-bootcd.exe file and select copy. Click Start>Programs>Windows Explorer In the left column, expand Local Disk C: to verify that it is your operating system's root (you may need to open Documents and Settings>yourusername to verify). Once the root drive of your operating system has been located, select it in the left column then right click in the right pane and select paste. Now double click the dds-bootcd.exe file in your drive root.

[robe414]

apparenly d drive was my root drive. the dds file is attached.

Attached Files

•  DDS.txt   17.66KB   347 downloads

[noahdfear]

Great!

We're going to do some minimal work - just enough to hopefully get you back into the system.

Using the Opera browser in MiniXP, highlight then right click>copy to text the contents of the code box below.

@echo off
ren D:\windows\system32\drivers\SKYNETwgvxwcme.sys SKYNETwgvxwcme.sys.old
ren D:\windows\svchast.exe svchast.exe.old
ren D:\windows\system32\winupdate.exe winupdate.exe.old
ren D:\fekyilju.exe fekyilju.exe.old
ren D:\gdfgdfgd.exe gdfgdfgd.exe.old
ren D:\tvjifbk.exe tvjifbk.exe.old
ren D:\favb.exe favb.exe.old
ren D:\windows\system32\plugie.dll plugie.dll.old
ren D:\windows\system32\pump.exe pump.exe.old
ren D:\windows\msa.exe msa.exe.old
ren D:\windows\system32\winhelper.dll winhelper.dll.old
ren D:\windows\system32\AVR09.exe AVR09.exe.old
ren D:\windows\system32\calc.dll calc.dll.old
ren D:\windows\system32\critical_warning.html critical_warning.html.old
ren D:\windows\system32\dx9vffbxa.dll dx9vffbxa.dll.old
ren D:\windows\system32\windrv.sys windrv.sys.old
cls
exit

Click Start>Run and type notepad then hit Enter.
Right click in the blank metapad that opens and select Paste.
Click File>Save As
Make sure Desktop is selected, then name it fix.bat
Make sure the Save as type is set to All Files Types
Now click Save
Close fix.bat then double click it to allow it to run.
It should run pretty quickly and close on it's own.

Now restart the computer and allow it to boot the hard drive.
If successful, post back here for further instructions.
I recommend you restrain from doing anything else with the computer, other than what is instructed, until we can get it cleaned up.

[robe414]

i did what you said and restarted but it goes to a screen saying windows 98 startup menu. enter a choice, normal, logged, safe mode, ste by step config, command prompt only, safe mode command promt only. below that it says "warning window has detecteda registry/configuration error. choose command prompt only and run scanreg it wont let me choose any of the options, it goes to the command prompt and it says the following file is missing or corruped: c\windows\himen.sys, \dblbuff.sys and \ifshlp.sys should i run the scanreg that it tells me to do?