Help, Comp will not boot after useing Norton Power Eraser

JoeScalia · ‎07-22-2012

Yesterday I fell asleep and left my comp idle. The Same trojan started attacking my comp and norton blocked ech one. When I saw this I did a quick scan and a full scan, and found nothing. The day after I noticed a svchost useing a ton of memory. nearly 1gb. I deleted it and it came back with 100k.

This is when I did the Norton Power Eraser to see if the scans missed anything. It found a program I forget its name, it started with a P, had 2 words, second word started with a d, and had a .0 at the end, I'm not sure. It says that it could fix it, and restore it.

It deleted the file, and I reset my comp. Then it wouln't boot up, normal or in safe modes. System repair and last boot recovery wouldn't work. It says a rescent hardwere or softwere change could be the source of the problem.

I'm thinking NPE got a false positive and never restored the file. My comp dosent make it to the log in screen, it just resets itself after I go threw system repairs, normal starts, etc. The OS is upgraded to Windows 7 homePrem 64bit.

If I can get my comp to boot, then I can go into NPE and undo the last scan and that should restore the file it deleted. If anyone from Norton can get my comp booting again I would very much be thankful.

Quads · ‎07-21-2008

You have run NPE when you are not ment to.!!!

ANY other user other than the thread starter is not to use any instructions, scripts or proceedures, The work though in cleaning a system is individual and only for that system due to a number of factors.

Please do not run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask nothing extra or run things twice
If I ask a Question just answer it, don't run anything unless it states.
Major steps used:

1. Find

2. Break

3. Destroy

4. Cleanup (including system as a whole)

Please read every post completely before doing anything.

Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

What is your Operating System including 32 bit or 64 bit??

Quads

JoeScalia · ‎07-22-2012

should be 64bit

Quads · ‎07-21-2008

Do you have a Flash Drive??

Quads

JoeScalia · ‎07-22-2012

Yes, its ready to go, thanks for helping me

Quads · ‎07-21-2008

Read Slowly and all of it.

Please download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 64 bit version.

Transfer it on to the Flash Drive.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. restart the system and load Windows Please attach the log in your reply back..

Quads

JoeScalia · ‎07-22-2012

Ok done, I think I did this correctly, sorry if its wroung this is my frist time doing anything like this

Quads · ‎07-21-2008

You have a Bootkit (BCD) and zeroaccess, plus system restore is stuck

I am going to ask FRST for more information.

Download the script attached, needs to be the same file name as well (fixlist.txt), Copy across to flash drive

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again. Like previously

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe or frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply (attach).