Windows Resource Protetion Issue

[HopelessITGuy]

Third retry has combofix just frozen on the loading bar right before the end. I will leave it for a while

Correction... Entire pc has frozen. Mousewill not respond to movement.

Update - computer blackscreened and is redrafting again.....

 

[HopelessITGuy]

It won't work

 

[Jacee]

This is not a pretty infection. From this link, download one of these Antivirus rescue CD's. It will be in the form of an .ISO file. FREE Bootable AntiVirus Rescue CDs Download List
Hopefully you have the use of another computer!

Burn the .ISO file to a CD using ImgBurn (Installs the ASK toolbar unless you opt-out during setup...uncheck it!) ImgBurn download and reviews from SnapFiles
Burn the CD at a slow speed. Make sure your BIOS is set to boot from CD/DVD, then put the rescue CD in and run.

 

[HopelessITGuy]

Are those links completely safe? The only computer i will be able to get access to is a friends laptop. And thats also pending that i can find a disk that i can use

 

[HopelessITGuy]

is it posible to put it on a usb stick? i have spare ones of those, but not sure if i have a disk laying about (not much of a disk person)

 

[HopelessITGuy]

I have gone with Kaspersky as i noticed it said i could make a USB version so ive run with that.. i will give it a try as soon as my scan has finished off

 

[Jacee]

Re: Windows Resource Protection Issue

Let me know ... and yes, those sites are safe.

 

[HopelessITGuy]

just tried to run the usb; it says "boot error"

so i will burn a disc if i can

 

[HopelessITGuy]

ok the disk works, i am currently doing a scan of the disk boot sectors and hidden startup objects.

Scan showed nothing, says the databases are out of date. Trying to update them via the option but it isnt updating passed 0%

 

[Jacee]

If this was my computer, I would wipe and do a clean install.

No one can guarantee that you won't have problems down the line with a Bootkit/Rootkit involved!

 

[Jacee]

A bootkit is a boot virus that is able to hook and patch Windows to get load into the Windows kernel, and thus getting unrestricted access to the entire computer. It is even able to bypass full volume encryption, because the master boot record (where Stoned is stored) is not encrypted. The master boot record contains the decryption software which asks for a password and decrypts the drive. This is the weak point, the master boot record, which will be used to pwn your whole system. No one's secure!

Read this too
Getting Rid of MBR Rootkit’s (bootkit)

 

[americancritic]

Hello Hopelessitguy Jacee is 100% right how do I know because I am going to be down for 2 or 3 days while I do a Complete Factory Restore on my computer. I made some error's on mine that should have not happened knowing what I know and yes it will take you a while but in the end you will have your system back like it is brand new. Jacee will you tell everyone I will be back up and running in 2 or 3 days and then back on the forum. Thank You


americancritic

 

[HopelessITGuy]

Looks like I will HAVE to do a restore. I did what that link said and now thanks to it, it won't even log on. It instant black screen reboots.

 

[HopelessITGuy]

Ok so before I just go and kamikaze my computer I booted it in safe mode. It runs successfully. So any ideas what's killing it now after following the instructions to bootrec /Fixmbr.

Tried to do system restore in safe mode. I get the following;

To perform an offline system restore you must specify which windows installation you would like to restore.

 

[ilikefree]

A reinstall was the best thing to do.
Now, do you have anything you want to keep on the computer?

EDIT: It is not a windows resource protection issue now it is a Trojan and from what Jacee says not a nice one

 

[HopelessITGuy]

I have not performed the reinstall yet. As yes there are things I want to rescue

 

[richc46]

If you want to back up and cant boot.
The only problem, make sure that the virus is all gone or that may be back too
Use Ubuntu Live CD to Backup Files from Your Dead Windows Computer - How-To Geek

 

[HopelessITGuy]

How can I be sure the virus is all gone? The things I'm wanting to save are pictures, my art and office documents. Could these have become infected?

 

[richc46]

Very astute question, test with this:
VirusTotal - Free Online Virus, Malware and URL Scanner

 

[HopelessITGuy]

I will see about continuing this after I return from an appointment. I thank you all for the help so far, but anyone know why things just went bad to worse? I mean going from semi functioning to dead due to fixes doesn't make much sense to me. And more concerning to me is I don't have a clue about how this happened in the first place. (please don't get me wrong I am really grateful for the assistance)

So this will resume when I get back.