Virtumonde etc., + NO task manager, NO control over PC

[Cheche Silveyra]

Hey man, I can't type anything, any key I press reboots the computer. It starts and shows the HP logo and then goes to the black screen again.

The first time I ran ComboFix I dragged the Recovery Console into it and I have the option to start in Windows XP or in Recovery Console but if I choose the console it says Starting Windows Recovery and then it says:
"The recovery console provides system repair and recovery functionality. Type EXIT to quit the recovery console and restart the computer.
C:\:"

Thats it, but it says this for a moment too:
"To select non default keyboard layout press enter now" and a countdown.

Before it loads it says:
"press f6 if you need to install a third party SCSI or RAID driver"

Should I insert the Service Pack? Im replying from another computer.

 

[Cheche Silveyra]

Ok ok I got it now. Sorry about last post. It says "There are currently no boot entries available to display" after typing BOOTCFG /LIST

 

[steamwiz]

Go to recovery console & do this :-

Type bootcfg /rebuild to repair it

 

[Cheche Silveyra]

Hello Steam, I did the boot but now it says that the system32\config\system doesn't exist. I did a lot of stuff, one of them being another installation of Windows (named Windows2) and I was looking through the folders and found out that the original windows\system32 folder is quarantined inside the quoobox folder. That folder was created by combofix right?

What can I do?

Thanx man.

 

[steamwiz]

HI

Yes that's Combofix quarantine ... Obviously there are safeguards in place so that Combofix can't do this sort of thing ... the malware you have/had has interfered with the running if Combofix.

I have informed sUBs, the author of Combofix as he will want to try and find out what has happened ...

It should be possible to replace everything from the qoobox quarantine folder, but I want to hear what sUBs has to say first before I tell you to do anything.

Could you post the exact path where you see the windows/system32 folder in qoobox ...

Unfortunately I have to leave soon & will be away for a few days ... someone else may post to this thread while I'm gone.

steam

 

[steamwiz]

One other thing, once the files are back in place, the Boot.ini will probably have to be rebuilt again, running bootcfg /rebuild when there was no o/s to find will probably have corrupted it.

 

[sUBs]

Did you perform a parallel install? Or was it a Repair install?

 

[Cheche Silveyra]

Hey whats up guys? Hum, the path to the system32 folder is this

c:\qoobox\quarantine\c\windows\system32

And im really sUBs but I don't know about parallel or repair. I tried to repair it using the Sevice Pack 2 but couldnt do much so I installed another folder with windows (windows2) and then I was able to do the bootcfg. But after that it said that the system32\config\system file was missing.

Thats how I was able to look inside the folders and found out the system32 folder was quarantined.

Thanx guys, thanx steam.

 

[sUBs]

Please excuse me for I don't quite understand your last statement.

I tried to repair it using the Sevice Pack 2 but couldnt do much so I installed another folder with windows (windows2)

By Service Pack 2, do you mean an installation CD for Windows XP with SP2 included?

Where is this Windows2 folder located? Is it C:\Windows2 ?

Do you have another folder by the name of C:\Windows ... i.e. without numbers?

 

[Cheche Silveyra]

Hello.

Yes, it's c:windows2.

The original windows path is c:windows.

And yes, that's the cd.

 

[steamwiz]

Hi

Sorry for the delay, been away for a few days ...

when you look at the hard-drive from your second installation of XP...

Do you see a c:\windows2\ folder which includes a system32 folder & a lot of other files & folders ?

&

Do you see a c:\windows\ folder which DOES NOT include a system32 but has more or less the same files & folders as the windows2\ folder ?

This statement by you is confusing :-

And yes, that's the cd.

It almost sounds as if you are booting from a "live" CD ?

steam