Jump to content

Hearsesrock427

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. 7 is installing as we speak. Anything I can do in the interim to prepare before it's done? Pretty sure we still need to use MBAR and FRST a few more times.
  2. Ran out of time to edit. Couldn't find the secure boot option in the BIOS menu, checked under every menu. I just realized that backup files I got have a bunch of windows 7 ISOs, so I may be able to just use the Windows ISO Downloader at school. I'll also use Rufus for make the recovery partition while I'm there. I can't do it in safe mode on the PC. Read the two tutorials and they seem pretty straightforward. Should be set to reinstall 7 tonight. Will advise on progress.
  3. Just checked and secure boot was enabled. Will turn it off for when I use the flash drive. Think I also need to use Rufus for make the recovery partition? Can't do it in safe mode on the PC so I'll do it at school tonight. Read the tutorial here: https://www.eightforums.com/threads/uefi-bootable-usb-flash-drive-create-in-windows.15458/ so I should be set to reinstall 7 tonight.
  4. Yep, with some updates. Burnt system repair disc didn't work or even register as a valid disc when I put it in the drive. Had IT center copy all the files needed to reinstall Windows 7 on a flash drive today. They said it's the same thing as a disc or a recovery partition. 15 gigabyes of stuff. So I plug it in before turning on the PC. Go to boot order, check that It's enabled and set it to be the first thing on the boot order. Legacy Boot Sources reads USB Device, ATAPI C-ROM, Hard Drive, and Network Controller. I accept changes and then try to boot, only to get a blinking cursor in the top left of the screen. What am I doing wrong?
  5. Had the school IT center make a system repair disc. Boot Order is: UEFI Boot Sources, Legacy Boot Sources, ATAPI CD-ROM, Hard Drive, Network Controller. Is this correct? Should I go to the system recovery menu like I tried earlier?
  6. There are plenty of computers with 7 installed on campus, could probably use one of those. How do you go about making said recovery media or installation media? I don't think they just leave an iso lying around somewhere, do they? Imagine someone in the IT center could help in any case, just want to understand the process before I start doing stuff. By the way, I really appreciate you sticking with this, I'm shocked at how trashed my PC got in such a short time. The last time I had anything like this was in 2006 on my ancient Pavillion a250e. The trojan horse I had then was just one of those kinds that hogs memory and requires registry editing to be rid of for good. (Think it was called Trojan RuRich or something.) But it didn't attack things like system restore- I was able to access it just fine. Of course being an idiot tween, I had no restore points made. Had I made restore points, it would've been an easy fix. This Smartservice trojan is way, way, more thorough; it clearly benefitted from 10+ years of development. Whoever wrote it knew enough to not let you use the various recovery features, including system restore. Doesn't matter how many good restore points I made, the rstrui.exe won't work in any capacity.
  7. Won't even let me get to that point with FRST. Tried it two different ways: If flash drive plugged in when computer was shut down, and try to boot with it plugged in, I just get a black screen with what looks like a flashing underscore somewhere in the top left area. I didn't even make it to the splash screen. If I booted without the flash drive plugged in, I was able to get splash screen, alternative boot menus via pressing F8, etc. So I wait in the menus with Repair Your PC, Safe Mode ,etc. I inserted the flash drive, then went to Repair Your PC. and then insert the flash drive. When I hit enter on Repair Your Computer it says "Windows failed to start." Among other things. Status code: 0xc000000f. Info: The boot selection failed because a required device is inaccessible. Am thinking I need a fresh install of 7 Home Premium 64 bit. Product key won't work at Microsoft, they say "The product key you entered appears to be for software pre-installed by the device manufacturer. Please contact the device manufacturer for software recovery options." This makes sense, bought this HP computer from Best Buy in 2010. The key's valid enough to work, but not valid enough for me to download an ISO to burn or something like that. From what I remember other threads, you can use an installation disc to try and fix it. I don't have access to Windows 7 installation disc; I don't even think the PC came with one when I bought it.
  8. Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018 Ran by James (28-01-2018 10:59:39) Run:1 Running from J:\ Loaded Profiles: James (Available Profiles: James & Mcx1-GAMINGPC) Boot Mode: Safe Mode (minimal) ============================================== fixlist content: ***************** CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes ***************** ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= ==== End of Fixlog 10:59:39 ==== Fixlog.txt
  9. Have a nearly identical problem to the one in the linked topic above. Was installing DVD editor/menu creation tool that supposedly worked with a legitimate editing tool. Can post link to the site that sold the malware alongside the legitmate tool if you think it'd help to educate people moving forward. Not sure if you have a running list of programs/sites to not download stuff from. Anyway some of the specific file and folder names are different but the obviously fake TOSHIBA CORPORATION ownership, and weird names (Print driver host, Windows Process Manager, etc.) were the same. Was able to delete some of the registry keys, and run MBAR earlier today (see attached logs) but the malicious processes and folders are still alive even after MBAR supposedly deleted a bunch more registry keys and deleted some files. Curiously MBAR didn't find the three malicious folders in my Appdata\Local (see screenshot) mbar-log-2018-01-28 (08-08-46).txt system-log.txt malwarefolders.pdf
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.