66 replies to this topic

[Blade81]

Hi,

It sounds like you ended up into Vista's recovery environment. Are you able to access c: drive there (by typing command c: in command prompt)?

[ArthurOPlasty]

Hi,

It sounds like you ended up into Vista's recovery environment. Are you able to access c: drive there (by typing command c: in command prompt)?

I believe I can

It comes up with C:\>

[Blade81]

Good. Try following commands in c: drive:
cd\windows\erdnt
dir

You should see directories with timestamps. Look for one that matches your backup moment.

Then give these commands in c:\windows\erdnt location (replace nameofthefolder with correct folder name):
cd nameofthefolder
batch erdnt.con

[ArthurOPlasty]

Good. Try following commands in c: drive:
cd\windows\erdnt
dir

You should see directories with timestamps. Look for one that matches your backup moment.

Then give these commands in c:\windows\erdnt location (replace nameofthefolder with correct folder name):
cd nameofthefolder
batch erdnt.con

for the first command cd\windows\erdnt dir
it says the system cannot find the path specified

This is how it looks when I type it in, not sure if it was right.

C:\>cd\windows\erdnt dir
i also tried
C:\>cd\windows\erdnt


When i put ERDNT on my computer I didn't use the installer, i Just extracted the files into a folder on my desktop. I can't remember what I named the folder, but If I could somehow browse through them I would know which one it was. That is also where the .exe file for ERDNT was saved, incase I needed to back it up.

[Blade81]

Hi,

Please run this command in command prompt:
dir /s/a \erdnt.con

Note down locations (if any).

[ArthurOPlasty]

Hi,

Please run this command in command prompt:
dir /s/a \erdnt.con

Note down locations (if any).

It says

Volume in drive C is S3A6274D004
Volume Serial Number is FE5D-6C8E

Directory of C:\Users\Roo\Desktop\reg backup\7-02-2010

[Blade81]

Hi,

In command prompt, type these commands one by one (hit enter after each):
c:
cd\Users\Roo\Desktop\reg backup\7-02-2010
batch erdnt.con

[ArthurOPlasty]

Hi,

In command prompt, type these commands one by one (hit enter after each):
c:
cd\Users\Roo\Desktop\reg backup\7-02-2010
batch erdnt.con

it says
'batch' is not recognized as an internal or external command, operable program or batch file.

[Blade81]

Hi,

While still in C:\Users\Roo\Desktop\reg backup\7-02-2010 folder please type this:
erdnt.exe

[ArthurOPlasty]

Hi,

While still in C:\Users\Roo\Desktop\reg backup\7-02-2010 folder please type this:
erdnt.exe

it comes up with a pop up saying

with this program you can restore a registry backup of your windows NT/2000/XP system.

i have vista though, should I click on okay?

[Blade81]

Yes, allow it to restore.

[ArthurOPlasty]

Yes, allow it to restore.

okay, done it. Computer still seems the same though. Should I restart my computer?

Is there anything else I should do while I still have this vista recovery window open, I had trouble getting into it last time trying to get the right timing when pressing esc.

[Blade81]

Hi,

After ERUNT has done its job please reboot and see if you're now able to log into normal mode properly.

[ArthurOPlasty]

Hi,

After ERUNT has done its job please reboot and see if you're now able to log into normal mode properly.

nope doesn't work. still the same.

[Blade81]

Hi,

Then I'm afraid the only solution is to backup your important documents, music, pictures and videos to removable drive in command prompt and then use that Toshiba recovery wizard (available in that advanced bootup menu) to restore system back to factory defaults.

[ArthurOPlasty]

Hi,

Then I'm afraid the only solution is to backup your important documents, music, pictures and videos to removable drive in command prompt and then use that Toshiba recovery wizard (available in that advanced bootup menu) to restore system back to factory defaults.

how do I back up things from command prompt? I do not need all of the c drive backed up, I have most things. I just need a few folders and files, but I can't remember exactly what they're called or where they are. Is there some sort of way of just browsing the files and then choosing which ones I want?

Also do u think I should try system restore first? Or do you think that the malware might block it from running completely?

Edited by ArthurOPlasty, 18 February 2010 - 08:32 AM.

[Blade81]

Hi,

how do I back up things from command prompt? I do not need all of the c drive backed up, I have most things. I just need a few folders and files, but I can't remember exactly what they're called or where they are. Is there some sort of way of just browsing the files and then choosing which ones I want?

You can use dir command for searching. If you recall file/folder names we can try to create a batch that lists the locations.

Also do u think I should try system restore first? Or do you think that the malware might block it from running completely?

Yes, you could attempt that since the option is available there.

[ArthurOPlasty]

Hi,
You can use dir command for searching. If you recall file/folder names we can try to create a batch that lists the locations.
Yes, you could attempt that since the option is available there.

sys restore worked, I can see my desktop now. Still got the malware though, I could not restore to a point before the infection, there was not anything listed.

i'm running adaware now to quarantine the file, then will run hijack this and post the logs.

Should I try running GMER again?

[Blade81]

Great! Let's see DDS log instead of hjt:
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
• Save both reports to your desktop. Post them back to your topic.

Let's skip GMER scan for now.

[ArthurOPlasty]

Okay here is the DDS log. I've also included two adaware scan logs. The one named scan log 3 was taken before the GMER problem, when it detected the malware. The one named log 4 was taken today, after the system restore, which didn't detect anything. When I restarted the computer, the malware pop ups still appeared - with one saying I have been infected with Win32.Netsky, and a few ones saying this file is infected, etc. but they have stopped now and internet explorer goes to the homepage now, instead of opening up a thousand different pages like it did before. I'm still d/c from the internet, and don't want to connect again until i know all the stuff has been cleared.

Attached Files

•  Attach.txt   14.21K   652 downloads
•  DDS.txt   17.85K   177 downloads
•  scan_log_3.txt   52.42K   166 downloads
•  scan_log_4.txt   50.59K   155 downloads