NTLDR corrupted

[Limbabnees]

Hi, im Limbabnees from holland.
I encounter much problems.

Virus that i have found are:
Backdoor.IRCbot.TK
Backdoor.Trojan
Backdoor.Bionet.4.0.0
BDS/Bonet.405
Agobot.SDBot
Win32.Worm.VB.DW
*Executables in Taskmanager - Processen active (online)
svchost.exe
csrr.exe
LuCallBackProxy.exe
ALEUpdat.exe

Windows/temp :
Perflib_Perfdata_258.dat
Perflib_Perfdata_4a0.dat

Panda Active scan stopt at NTLDR.

Seems like a big problem.
Can some one help me with this?

Greetings,

Limbabnees.

Update: Try to download Smart Killer, but not completed :(

[fudoki]

Some malware relocates critical system files, renaming them in their new, undisclosed location and inserting a file to load the malware with the name of the critical system file (in this case NTLDR). Doing this insures that 1) the malware will be automatically loaded on boot, and 2) if the malware is removed the system will not boot because the link to the critical system file will be gone and it cannot be loaded from the wrong location with the wrong filename. Dead machine.

If you are a technical user, you can trace the loading process (press F8 at boot, select "Step by step load of modules" from the menu, and step through the startup until you [hopefully] can find where the real NTLDR (NT Loader) is located. Then you can boot with a Linux disk, manually mount the partition, remove the malware NTLDR and rename the real NTLDR back to the correct name (NTLDR). You will not be able to do anything with the NTLDR file with Windows because it is "in use by the System" and cannot be erased, moved, or renamed.

Of course, you will have to use a Linux version that fully supports the NTFS file system if you have used the default Windows install (not necessary if you installed on a VFAT/FAT32 partition) and be sure to UMOUNT before exiting. This will work if the malware only moved the NTLDR once. Admittedly, this is a difficult and tricky solution, but it will keep you from losing all data not previously backed up.

Otherwise, attempt to back up all the data you need to save, re-partition and re-format your disk and re-install (preferably SUSE, Kubuntu or Debian Linux) on your machine. If you re-install Windows, be sure to have install CD's prepared in advance with IE6.0, appropriate Service Packs, major update "roll-ups" from Windows Update, your anti-virus software, SpyBot, etc. to install BEFORE you re-connect to the Internet.

All re-installs should be done PHYSICALLY DISCONNECTED from the Internet, only re-connecting after you have installed Service Packs, major update "roll-ups" (there are 3 for WinXP sp2), SpyBot, anti-virus, and firewall.

Otherwise, in the few minutes it will take you to update Windows and install your protective software your machine will be infected with more malware and other problems than you had to begin with! (One client of mine re-installed Win2K Pro and had 53 different malwares on his computer after connecting [only] to Microsoft Update and installing SP4 and IE6!!!!! Less than 15 minutes on his high performance connection!!! These DO NOT come from Microsoft - bad hackers monitor traffic to the Windows Update site and pounce on "naked" machines connecting for initial updates. In all fairness, there is nothing Microsoft, or anyone else, can do to prevent this.)

Sorry for the bad news, but keeping Windows free of problems is VERY difficult. The good news is: If SpyBot and a good anti-virus program (AVG, Avast, etc.) are installed, together with a firewall (the Windows firewall is adequate) BEFORE you re-connect to the Internet you will have as safe and protected a system as possible using the insecure Windows OS.

You should check the Net (using a different computer) and try to find a Removal Tool for what SpyBot has detected. If you are lucky, there will be a removal tool that can get rid of the malware and correct the moved NTLDR problem for you. This will be well worth the time and effort if one exists.

Otherwise - re-install as noted above. Remember, NO WINDOWS COMPUTER SHOULD EVER CONNECT TO THE INTERNET WITHOUT SPYBOT AND AN ANTI-VIRUS PROGRAM INSTALLED AND ACTIVE. NEVER RUN WITHOUT SPYBOT'S TEA TIMER RUNNING!

Good luck!

fudoki

Hi, im Limbabnees from holland.
I encounter much problems.
Virus that i have found are:
Backdoor.IRCbot.TK
Backdoor.Trojan
Backdoor.Bionet.4.0.0
BDS/Bonet.405
Agobot.SDBot
Win32.Worm.VB.DW
*Executables in Taskmanager - Processen active (online)
svchost.exe
csrr.exe
LuCallBackProxy.exe
ALEUpdat.exe

Windows/temp :
Perflib_Perfdata_258.dat
Perflib_Perfdata_4a0.dat

Panda Active scan stopt at NTLDR.

Seems like a big problem.
Can some one help me with this?

Greetings,

Limbabnees.

Update: Try to download Smart Killer, but not completed :(

[tashi]

Otherwise, attempt to back up all the data you need to save, re-partition and re-format your disk and re-install (preferably SUSE, Kubuntu or Debian Linux) on your machine.

We rarely suggest a user reformat.

Limbabnees.

Please follow the procedure in this link: "BEFORE you POST" -Preliminary Steps

Then start your own thread in the Malware Removal Forum

Once you have posted a helper will advise you as soon as available.

Also see: Sun Microsystems~Java. Security vunerability in older versions left on system

Cheers.