Computer wont start windows after malwarebytes scan

[SilvercreekTech]

Relative Thread: https://forums.malwarebytes.org/index.php?/topic/153649-update-v2014072609-entire-system32-quarantined/  <---- Maybe possible not sure what databse version he was using to be completely honest.

 

 

Hello,

 

I am one of two techs here at Silvercreek Realty Group and I am posting as a disaster has struck our office! The CEO's computer has crashed after a quarantine and then a  restart. I say crash because it won't load windows and will onyl show a Samsung logo and a grey loading bar. I have been using malwarebytes for quite awhile as a last step or resort to cleaning malware and viruses this is the first time this has happened.

 

I can only boot to the bios no windows 8 recovery options are available not a system restore or repair or any windows options of any kind Safe mode etc..... When I tried to load to Bios and change boot priority to a external dvd drive with a windows 8 repair / recovery CD and it still wont load. Shy of disassembling my CEO's laptop pulling the hard drive to backup all dataq and performing a clean install I would like to know if there is anything I can do. If I could somehow get to a CMD prompt and run the SFc commands or something that would be  a start! Any help is greatly appreciated as time is imperative and this has created MANY additional hours for no reason!

 

Unfortunately as I was pressed for time I did not get to look at all of the infections found before apply actions only the first few which were malware such as Conduit, Spigot, Minspark etc were some of the names but not a excessive amount was found as that computer gets scanned regularly. I just wanted you to know something irregular did not pop out to me!

[Firefox]

Hello and Welcome to Malwarebytes

Being that the computer is probably still infected and the damaged was caused more than likely due to the infection itself, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

[SilvercreekTech]

No offense but this issue needs a little more attention then canned responses. I just told you windows wont load of any kind so regular malware troubleshooting steps isnt going to suffice as windows CAN'T be loaded at all.....I have been using this product for over 6 years and it is the first time I have ever needed to come to the forums for assistance or help. I have a bachelors in Cyber Security and am well versed in the malware world. Shall I just contact consumer support for this particularly advanced issue?

[iowaboy]

Backup Disk Images of your operating systems ?  Does the CEO's hard drive have any separate partitions with enough free space you could install a temp operating system so you can get it and and do a boot repair (dual boot config on a temp basis) I've had OS belly up numerous times and I'm sure you don't need to hear this from a self taught layman but it's wise to frequently make back-up image disk of your OS. Dual boot systems can come in handy as well. How are you doing with the meltdown. Any progress. 

[Firefox]

No offense taken, but it really is not a canned reply, the experts can help you even though your computer is not bootable, there are tools that can be run in a recovery environment to get you back working...

Give them a try...

[SilvercreekTech]

We just removed the hard drive and are copying files over as we speak probably just going to do a fresh install. Any ideas what critical boot files we could just try replacing and seeing if it will boot like normal without a fresh install?

[Firefox]

Without looking at the logs of what was removed there is no way we would know what files need to be restored, can you post the scan log, now that you are coping files, that was done and what was detected and removed?

[SilvercreekTech]

Where do we locate the logs on a Windows 8.1 machine? It is not in appdata roaming malwarebytes like normal Win 7 installations?

[SilvercreekTech]

Heres the log

 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/09/18 08:30:06 -0600</date>
<logfile>mbam-log-2014-09-18 (08-30-04).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.09.18.03</malware-database>
<rootkit-database>v2014.09.15.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Aaron</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>399158</objects>
<time>635</time>
<processes>0</processes>
<modules>0</modules>
<keys>1</keys>
<values>1</values>
<datas>0</datas>
<folders>0</folders>
<files>4</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY</path><vendor>PUP.Optional.OneSoftPerDay.A</vendor><action>success</action><hash>54c74fa081fa8caaabf9f90957ac8c74</hash></key>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>ospd_us_66</valuename><vendor>PUP.Optional.OneSoftPerDay.A</vendor><action>success</action><valuedata></valuedata><hash>ee2da44bed8e0333475f32d0db28ff01</hash></value>
<file><path>C:\Users\Aaron\AppData\Local\Installer\Installcr_22396\DCytdiegut_gutdu_setup.exe</path><vendor>PUP.Optional.Goobzo</vendor><action>success</action><hash>20fbf4fba1daf83e0eea78432bd629d7</hash></file>
<file><path>C:\Users\Aaron\AppData\Local\Installer\Installcr_9999\DCytdiegut_gutdu_setup.exe</path><vendor>PUP.Optional.Goobzo</vendor><action>success</action><hash>35e630bf106b53e313e57a41be432cd4</hash></file>
<file><path>C:\Users\Aaron\AppData\Local\Installer\Installiwebar_5090\DCytdiegut_gutdu_setup.exe</path><vendor>PUP.Optional.Goobzo</vendor><action>success</action><hash>9d7e3bb49be0a096eb0d02b9f809ef11</hash></file>
<file><path>C:\Users\Aaron\AppData\Local\Installer\Installiwebar_9999\DCytdiegut_gutdu_setup.exe</path><vendor>PUP.Optional.Goobzo</vendor><action>success</action><hash>3be0bb3452298aac17e139823cc51fe1</hash></file>
</items>
</mbam-log>

[SilvercreekTech]

I would like to add that I "applied actions" to the scan yesterday on 10/6/2014 which resulted in my issue and the start of this thread. From the looks of the log it was actually scanned on September 18th? So the viruses were sitting in that quarantined state for over half a month. Not sure if this matter but wanted to be sure I clarified any concerns.

[SilvercreekTech]

Is there anyway to restore the files that were quarantined in malwarebytes back to where they were. Without booting from the broken hard drive and opening malwarebytes up itself and clicking restore in the history section? If I could somehow restore them while accessing the drive or replace any critical windows or system files with new ones and then boot back up like normal would be ideal. Please let me know if anyone is still working on this issue or if we just need to do a fresh install and replace the data.

[Firefox]

All those questions and procedures are handled in the section of the forum I pointed you to earlier...