I need help getting my Sony Vaio to reboot after running power eraser

I ran power eraser on my Vaio because it had a google redirect virus based on an article in PC magezine.  It removed a few files (I did not record what these files were), and now the computer will not reboot in any boot mode.   I ran FRST64.exe.  The log is attached.  What do I do next?

Hi,

 

please try this first:

1. Before the Windows logo press F8 until you see a list

2. On that list find the options Restore to the last good configuration

3. Hit enter on that

 

Now windows should restore itself to the last working state if there's a good system restore point.

 

If this do not works, you can try to do a very similar, but better restore method what is available on the Windows 7 setup DVD:

When the setup is loaded on the first screen there's an option to Repair your computer. Click on that and try out the system restoring function of it.

 

Let us know the results.

PapauZ, 

 

That doesn't work as B_Chicago found out and then I had tio script to stop windows loading the startup repair  and System Restore after I broke the infection and repaired.

 

Don't try things people have found don't work and make things harder.

 

Quads

 

 

System restore did not help, nor could I boot in safe mode, debug mode or any other mode.

 

Greg Ward

a) what made you use NPE, did Norton detect anything??

 

b) due to doing other proceedures your previous log is now null and void as things have been done since.

 

Quads

The computer had (has) a google redirect virus.  I ran all the regular norton utilities and scans and the problem persisted.  I read on a google blog and a PC mag article that norton power eraser could remove such malware that the regular norton utilities would not be able to remove.  So, since I have norton utilities and trust it, I decided to give it a try.  I realize now that I was way to casual about running it.

 

Power eraser came back higlighting 3 files.  It claimed it was going to repair at least one of them and remove one or two.  I made no record of which files which was a mistake.  Norton power eraser first created a restore point before it removed the files so I thought I was covered.  When I tried to recover from this point (and a previous point as well) it failed.  No attempt to boot the computer in any mode has been successful.  System restore has not helped.  The computer memory and disk checks all indicate the hardware is fine.

 

It fails during boot up at the same place every time.  WIndows is about to launch, and then a quick blue screen flash that is too quick to read, and then the system tries to boot up in repair mode.  Repair mode runs but cannot fix the problem.

 

So, here I am.  Since I saw similar posts here that were ultimately successful I thought this was my chance to get the computer running again.

 

Is there a log somewhere I can access of what NPE did?

 

Thank you,

 

Greg

Because of " System restore did not help, nor could I boot in safe mode, debug mode or any other mode." since you did the FRST.txt log,  I need you to make a new FRST log, to look for any small changes that I may have to stop first before going in for the Kill (so to speak).

 

I dso see what wrong (well at least half of it).

 

People like me, run Malware on our systems to see what happens and also take note of what happens when others on the web do this or that and end up with like "Windows doesn't boot" problems and why tha cause, also then take note of what has been tried even a month or more ago and find it useless so remember that.

 

I will await a new FRST.txt.

 

Quads

 

 

OK.  Here the new file is attached.

 

Thank you,

 

Greg

This won't get your PC to boot yet, just to get more  info and to remove some items

 

Download the fixlist.txt

Save it in the Flash Drive, next to FRST.exe

Run FRST as you did before, except that this time around, click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


 

To others:-

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

 

Quads

Attached is the fixlog file.

 

Thank you,

 

Greg

New script attached

 

Quads

It just booted up perfectly.  Thank you so much.

 

I'm not sure if you want the new fixlog file, but it is attached.

 

Is there anything else that needs to be done to address the original problem, or does this take care of it?

 

Thank you again,

 

Greg Ward

All I did was stop what I didn't want to start, then get Windows to boot again, no other bits that might be left over.

 

In NPE's history what did it remove??

 

Download TDSSkiller from http://support.kaspersky.com/faq/?qid=208280684

 

Click on the TDSSkiller.exe link on that site to download and run,  In the change paramaters select  Detect TDLFS file system, click OK  and scan.

Don't have it fix anything, just see if it detects anything.

 

Quads

TDSSKiller found no threats.

 

Where would I find the NPE history file.   I have searched, but found nothing.

 

Thank you,

 

 

Greg

Start NPE, at the main window go to History . Look at the repair point and click  Next, it will show what was removed.

You can click on the Link for each item to see the exact file path.

 

Do Not Run a scan or Undo .

 

You can also remove / delete from the flash drive the files etc. to do with FRST.

 

Quads

The history says it removed:

 

Oasis2serice.exe

PhysicalDrive0

rikvm 9EC60124.sys

 

 

Thanks,

 

Greg

OK, NPE (with FixTDSS inside) detected the boot sector thinking I would say that it thought it's TDL4 that it was designed for.  Except it looks like you had Boot.Pihar which is NOT TDL4 but a mod or clone.  So incorrect cleaning and BOOM can't start Windows NPE is not designed for Pihar and the BCD.

 

Now a good second free scanner to go with Norton is Malwarebytes (MBAM) Free (no realtime protection) use that.

 

Other than if MBAM finds anything, you are then Solved and free to go.

 

Quads

Malware bytes found no threats.

 

Thank you so much for working on this.  It is a brand new computer and I am really happy to have it working again.

 

Thany you,

 

Greg Ward

You may have to install again the  Vaio messenger. (that's if you want it)

 

Quads

For info purposes, Just found a thread where the users system had Pihar and they downloaded FixTDSS and ran it, it fixed the redirects but caused BSOD, for this system it was every 15mins

 

Items noted that were created after infection,

 

2012-03-08 19:33:59 -------- d-----w- C:\Users\[username]\AppData\Roaming\FixTDSS
2012-03-08 19:33:58 27256 ----a-w- C:\Windows\System32\drivers\FixTDSS.sys

 

Quads