Jump to content

Hi, need urgent help

itsDANNY
 Share

Recommended Posts

itsDANNY

itsDANNY

Posted
Posted

Hi,

This morning as I booted up my computer and had successfully arrived on my Desktop, notifications were appearing from Malwarebytes anti-malware of Trojan.Downloader. I was of course very alarmed of this. I ran HijackThis to scan my computer, but it wouldn't be run, Malwarebytes would also display that a Trojan has been found after execution of HijackThis. I then ran Malwarebytes, but it couldn't run due to missing vbalsgrid6.ocx file. So, I decided to boot into safe-mode and execute it from there. HijackThis disappeared from the Desktop (perhaps malwarebytes removed it due to the false alert before). This lead me to download and copy TDSSKiller, ComboFix and aswMBR (Avast) onto a USB stick from another external computer and booted into Safe Mode on the supposed infected computer. I then ran aswMBR and TDSSKiller (forgot which order), both found no issues, then ran ComboFix (I'll retrieve the log) which deleted a few of my pictures from C drive which I still would like to recover. I then preceded to restart my computer following the issue of the log from ComboFix. Upon restart, computer POSTS, although the "Missing Operating System" error has appeared. Startup repair has not detected any issues, System Restore (which didn't detect the System Restore point created by ComboFix) is unable to restore to any previous or old restore points (returns that System Restore could not be finished succesfully; error codes - 0x800700b7 and 0x8000ffff).

I have now arrived home, and saw this new topic at my surprise: http://forums.malwarebytes.org/index.php?showtopic=125138

So... it was a false positive in the end... I've been advised to make a new topic if I'm unable to boot, so here it is. In addition, although I'm not sure if this relates to the files ComboFix found in its scans, I am pretty certain I did not have certain files on my computer although it displayed a few suspicious files that were deleted from SYSWOW64, I guess it's safe to assume that I had an additional infection in that case then? I would retrieve the ComboFix log, although I'm not sure how to via command prompt as I'm unable to boot up my computer because of the "Missing Operating System" error.

Basically, what I would like is to:

Return my computer back to its previous state, and restore the (2) deleted images from my computer from the result of ComboFix.

This has all been such a dramatic and tiresome issue as I have a huge sum of very important files on my computer.

I would really appreciate some help.

Thank you.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Greetings,

As I'm not versed in the usage of ComboFix, I can't assist you with restoring files removed by it, however our Support team is trained in its use and can assist you with that as well as any remaining issues. Please contact them here and they will work with you directly in order to get your system running normally again.

Thank you for your patience and we apologize for the inconvenience this has caused.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello Danny

So after reading the other topics what is the current state of your computer and do you still need assistance. There were no data files deleted - all files were executable type files in general and there is no link between what Combofix does and what MBAM does.

Please let us know how we can assist you.

Thanks

Link to post
Share on other sites
itsDANNY

itsDANNY

Posted
  • Author
Posted

Thank you both for the reply.

My current state is that I can not boot my computer, after POST I encounter a "Missing Operating System" message. Basically what I would like to do now is as advised in the original post, such that, the computer is returned to its normal state and if someone could assist me in the restoration of a few files deleted by ComboFix.

Thank you.

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
Posted

Not to step on anyone's toes, but have you contacted support? That seems to be the way to go, although I'm betting they've been slammed for the last 8 hours (I reported this 8 hours ago when I saw it happen).

If you have a Windows 7 DVD handy, pop it in and boot off the DVD, select Repair and then select System Restore and see if you have a System backup from recently that you can use to get your system in working order - if you do, report back here before restoring so that everyone will be on the same page....

Link to post
Share on other sites
itsDANNY

itsDANNY

Posted
  • Author
Posted

Not to step on anyone's toes, but have you contacted support? That seems to be the way to go, although I'm betting they've been slammed for the last 8 hours (I reported this 8 hours ago when I saw it happen).

If you have a Windows 7 DVD handy, pop it in and boot off the DVD, select Repair and then select System Restore and see if you have a System backup from recently that you can use to get your system in working order - if you do, report back here before restoring so that everyone will be on the same page....

Hi,

I have already attempted this procedure, and as stated in the original post, it results in errors (thus does not complete).

Can you tap the F8 key during the initial boot and get to a Safe Mode type menu?

Unfortunately no, that no longer works after the occurence of the "Missing Operating System" error.

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
Posted

Sorry, I didn't see any mention of the use of the Windows DVD to boot into a repair console and run System Restore off the DVD.

If you tried to run it from inside the broken computer, it will fail b/c MBAM hid all the necessary .DLLs and .EXEs into the quarantine so that the System Recovery console could not perform its job.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Well at this point if F8 is not working then a DVD or some other type of boot media will be needed to even attempt to repair the system. Do you have a Windows installation DVD or can you borrow one. You don't need any installation key you just need the DVD for repair work.

Though even if the entire OS was deleted that should not stop or break F8 normally

Link to post
Share on other sites
itsDANNY

itsDANNY

Posted
  • Author
Posted

Sorry, I didn't see any mention of the use of the Windows DVD to boot into a repair console and run System Restore off the DVD.

If you tried to run it from inside the broken computer, it will fail b/c MBAM hid all the necessary .DLLs and .EXEs into the quarantine so that the System Recovery console could not perform its job.

That makes sense. I did indeed run the Windows DVD to prompt the system restore.

Well at this point if F8 is not working then a DVD or some other type of boot media will be needed to even attempt to repair the system. Do you have a Windows installation DVD or can you borrow one. You don't need any installation key you just need the DVD for repair work.

Though even if the entire OS was deleted that should not stop or break F8 normally

That is definitely unusual then as I have attempted to perform the repair work off the Windows installation DVD. I will re-attempt.

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
Posted

Actually, you could try to fix MBR and fixboot and see if that helps - also performed from the Windows 7 DVD.

See http://www.tomshardware.com/news/win7-windows-7-mbr,10036.html for more info - Of course, when you enter the Repair console it will tell you rather quickly if you even have a recognizable OS on the HD or not - and if you do, that's one step in the right direction.

It sounds like you're savvy enough to run with this, and it's 3 AM here, so I'm probably gonna pass out. I'll check back in about 10 minutes or so and then I'll be gone - but you're in good hands here with these folks.

After all, I'm like one of the lost sheep from many moons ago from here. :D

Link to post
Share on other sites
itsDANNY

itsDANNY

Posted
  • Author
Posted

I was going to attempt that as a last resort, but fortunately an old system restore point has succesfully resulted in the computer in proper order now. Thank you for the help. May I ask if someone knows how to restore the files deleted by ComboFix or is that something I will have to do my own investigation on?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept