can't get rid of win32.fraudload.edt

Status
Not open for further replies.
Hi,

Whats happening here is that your infected with the TDSS Rootkit, and this rootkit has infected your Master Boot Record. TDSSKiller is fixing it but the rootkit returns. Where going to have to rebuild your master boot record, this can be dangerous if not done correctly, to be on the safe side I would like you to back up to a CD, External Hard drive or a thumb drive any of your important documents , photos , music files. Let me know when you have done this and we can proceed
 
ok I don't have anything here to back up to so it will take me until tomarrow or so to get a disk or something. I did just install a dvd drive that a friend gave me is it possible that could have it embedded in it or something, I don't really know just want to make sure it isn't that cause then it would keep coming back. Anyway I appreciate you time and effort on this.
 
No, your DVD drive is fine, some viruses infect removable drives like a usb flash drive.

By chance do you have your windows CD ?
 
no I don't actually, I got this computer off of a friend when they were getting knew ones. Sorry about that, will that be a problem.
 
ok I have backed up my pictures to a disk, that is the only thing I really needed to worry about, rest of it is no big deal, so I am ready when ever you get the chance, thanks again for the help.
 
I am working on a tutorial for you that may make it easier to understand, be back in a bit
 
Here we go , been checking this over and over again, dont want any mistakes, any questions please ask before you proceed

ComboFix installed the Recovery Console. We're going to use that now


Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to do this quickly , you only have a few seconds or your computer will boot to windows)
RC_BootMenu.gif


RConsole_A.png


When you get to the above screen, take note of the number that references your operating system.
If it's '1' like the picture above, type 1 and press Enter

If it asks for admimistator password just press enter

RConsole_Fixmbr.png


Next type FIXMBR

RConsole_FixmbrB.png


If it ask if you're sure you want to write a new MBR, answer 'Y'

Then type EXIT to reboot the machine.


Your damaged MBR will be replaced with a new one, and you should then be able to boot your system normally. In some cases, you may need to repair the boot sector in addition to the MBR. If your system still doesn't boot properly, repeat the steps above, but issue the fixboot command instead.


After you boot back into windows do this

Press Start > Run or Windows Key + R then copy and paste the following command into the run box that opens and press "Enter"
cmd /c mbr -t>"%userprofile%\Desktop\mbr.txt"

That will place a file called MBR.txt on your desktop. Please copy and paste the contents of that file into your next post.
 
I have attempted to do this twice and each time it would get to the part saying starting the recovery console would then load the time bar across then basically do nothing but sit there like it was locked up. Don't know, I let it sit there for a about 5 minutes and it did nothing.
 
Ok, what your going to need is a windows CD for Microsoft Windows XP Professional, your going to have to try to borrow one from a friend. There really is no way around this
 
ok I will see what I can do about that, Might be kind of hard, alot of the people I know have the newer vista and 7 now but I will try to find one.
Thanks again I will get back as soon as possible.
 
I was kind of afraid of that. Its the rootkit preventing the RC from running.

I will leave this thread open for you until you return
 
Good Morning,

May have found away around this. Does your DVD drive work, can you burn files to it ?
 
This thread is closed due to lack of response. If you still require assistance please start a new thread.
 
Status
Not open for further replies.
Back
Top