Jump to content


Photo
- - - - -

Security Shield Help Please.


  • This topic is locked This topic is locked
65 replies to this topic

#41 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 08 June 2012 - 09:39 AM

Let's give this a shot:

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#42 jahjaylee

jahjaylee

    New Member

  • Members
  • Pip
  • 38 posts

Posted 08 June 2012 - 10:22 AM

I'm at work, but is there anyway to do this without using system recovery? The repair your Computer page shows up blank. There are no options just a some background.

#43 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 08 June 2012 - 10:27 AM

I suspect the reason your computer chocked is because ComboFix accidentally deleted a critical system file. We'll attempt to recover that and restore your computer to a working state.

Please do the following. You will need a USB drive with no less than 64 mb of space.
  • Insert your USB drive.
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Download xPUD 0.9.2 iso, saving the file to your Desktop.
  • Download UNetbootin and save it to your Desktop as well.
  • Double click the unetbootin-windows-latest.exe that you just downloaded.
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will write files to your USB device and make it bootable
  • Once the files have been written to the device you will be prompted to reboot ~ do NOT reboot and instead just Exit the UNetbootin interface
  • Next, download dumpit and save it to the same flash drive where you installed xPUD.
  • Remove the USB and insert it in the ailing computer
  • Power on the computer and press F12 then choose to boot from the USB
  • After selecting a language and readying the system, a Welcome to xPUD screen will appear
  • Click the File tab
  • Expand mnt by clicking the plus sign to it's left
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Double click dumpit.
  • It will create some MBR copies on the USB drive.
  • When it completes press Enter to exit the Terminal window.
  • Remove the USB drive, then locate on it an mbr.zip file, and upload that here as an attachment please.
mbr.zip should be created on your flash drive, please attach it to your next reply.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#44 jahjaylee

jahjaylee

    New Member

  • Members
  • Pip
  • 38 posts

Posted 08 June 2012 - 02:23 PM

--------------. Ok, I'll try this as soon as possible.



Profanity removed -screen317

Edited by screen317, 14 June 2012 - 06:44 PM.
Profanity


#45 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 08 June 2012 - 09:33 PM

Please keep in mind this is a family forum. Foul language is not appreciated.

Let me know how things go. If you need any help, I'm here to assist you.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#46 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 14 June 2012 - 06:44 PM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#47 jahjaylee

jahjaylee

    New Member

  • Members
  • Pip
  • 38 posts

Posted 20 June 2012 - 01:09 PM

Hey Sorry. I've been swamped with work. I'm gonna try this out tonight and I'll get back to you. Sorry about the silence.

#48 jahjaylee

jahjaylee

    New Member

  • Members
  • Pip
  • 38 posts

Posted 20 June 2012 - 01:14 PM

Is this the correct dumpit?
http://www.downloadc...le/23854-dumpit

#49 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 20 June 2012 - 04:55 PM

The correct link is in my post along with the xPUD instructions. ;)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#50 jahjaylee

jahjaylee

    New Member

  • Members
  • Pip
  • 38 posts

Posted 21 June 2012 - 07:27 AM

for me that just shows up as a txt file. Is that what it should be?

#51 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 21 June 2012 - 11:15 AM

It should be a zip file called mbr.zip
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#52 jahjaylee

jahjaylee

    New Member

  • Members
  • Pip
  • 38 posts

Posted 21 June 2012 - 11:21 AM

it shows up as dumpit.txt and when i click on it, it is a wall of text.

#53 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 21 June 2012 - 11:22 AM

Okay, go ahead and upload that here ;).
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#54 jahjaylee

jahjaylee

    New Member

  • Members
  • Pip
  • 38 posts

Posted 21 June 2012 - 11:26 AM

The Dumpit Txt is attached

Attached Files



#55 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 21 June 2012 - 06:42 PM

Did you go through the procedure of accessing dumpit through the xPUD main screen?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#56 jahjaylee

jahjaylee

    New Member

  • Members
  • Pip
  • 38 posts

Posted 22 June 2012 - 10:11 AM

That is the original dumpit file downloaded from the link that you provided. I was not able to get the mbr.zip file you were referring to.
Sorry for the trouble.

#57 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 22 June 2012 - 10:42 PM

That's okay, no worries.

Go ahead and run ComboFix once again and post the new log it creates. If asked to update to a newer version, please allow it to do so.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#58 jahjaylee

jahjaylee

    New Member

  • Members
  • Pip
  • 38 posts

Posted 25 June 2012 - 10:45 AM

Sorry I haven't actually done the process yet. Is it important for me to have the actual dumpit file or can I run this without the dumpit file?

#59 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 25 June 2012 - 02:50 PM

Please re-read the instructions I've posted for you to use here. http://forums.malwar...ndpost&p=558657

Everything you need is outlined for you there.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#60 jahjaylee

jahjaylee

    New Member

  • Members
  • Pip
  • 38 posts

Posted 27 June 2012 - 10:33 PM

After choosing the language, the screen flashes white and the computer restarts. Thoughts?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users