Sign in to follow this  
ArthurOPlasty

help with sys restore: problems after running GMER

Recommended Posts

here is the problem I had

[url="http://www.lavasoftsupport.com/index.php?showtopic=28473"]http://www.lavasoftsupport.com/index.php?showtopic=28473[/url]

I followed the instructions, I was able to do sysrestore and ERUNT. I then tried GMER which froze my computer twice, but i think it is because something was running in the background (rainlendar). So I closed that after restarting and reran GMER which seemed to work fine now so I left the scan running and when I returned, my computer had been restarted and now can't even get to the desktop! So I can't even access the log if it was created and can't run hijackthis. So I have no logs I can post - the only one I could save was the Adaware scan log on the desktop, but I can't get to it..

It seems like the computer does load up to the desktop but it is just a blank black screen with my mouse cursor on it. When I press ctrl+alt+del some options are displayed like normal, but without the task manager. Is it possible that GMER automatically deleted files?

What is happening, please help.

I think i need to use MS-dos to do a sys restore or something - i dunno, i'm lost please help - i'm a uni student without a scholarship and can't afford to have it looked at by an expert.


*************************

I left GMER running and when I returned my computer had restarted. It doesn't even go to the desktop now, it just shows up as a black screen with my mouse cursor on it. I can press ctrl+alt+del and all options show up except the go to task manager one. How can I get my computer the way it was before I ran GMER, so I can post my logs?

*************************

Hi,

You've used an advanced malware removal tool without supervision - unfortunately we can't offer support here.

You have two options:[list]
[*]Try the GMER website: [url="http://www.gmer.net/#start"]http://www.gmer.net/#start[/url] there is a contact page to contact the author of the tool for help
[*]Post in the HJT forum for advice from a malware removal expert who will have some knowledge about the removal tool
[/list]Casey


*************************
I was told to follow the HJT instructions which was to run GMER and get a log, which I did but it restarted my computer. I DID NOT select anything saying 'delete what was found in the scan'. I followed the instructions in 'read before posting' one of those pinned ones at the top, and this is what happened.


*************************

Ahh ok. I'll move this topic then to the HJT forum for one of the malware removal experts to have a look at and help you. Please do not reply to this topic until a VSA has replied.

Casey

*************************

EDIT: I found your original HJT topic and have merged it with this one. Please be patient and wait for a response. Casey Edited by casey_boy

Share this post


Link to post
Share on other sites
Hi,

Are you able to reboot normally into safe mode?

Share this post


Link to post
Share on other sites
[quote name='Blade81' post='116543' date='Feb 13 2010, 01:51 AM']Hi,

Are you able to reboot normally into safe mode?[/quote]

I tried straight after it happened. When i press f8 i get the safe mode option and when I select it, it loads up but the desktop still appears black and blank. I can see my mouse cursor and the safe mode tags in the corners but can't do anything else. Do I have to do something through dos, like a sys restore or something to undo the GMER deletions, so I can get my logs?

Share this post


Link to post
Share on other sites
Hi,

[quote]something to undo the GMER deletions[/quote]
GMER doesn't delete anything so the issue must be caused by something else. When you press ctrl+alt+del what options you see listed there?

Share this post


Link to post
Share on other sites
[quote name='Blade81' post='116565' date='Feb 13 2010, 10:17 AM']Hi,
GMER doesn't delete anything so the issue must be caused by something else. When you press ctrl+alt+del what options you see listed there?[/quote]

I see shutdown, switch user, change password, log off.

there is no task manager like there used to be.

Share this post


Link to post
Share on other sites
Hi,

Could you try ctrl+shift+esc key combination and then from file menu choose new task and type explorer.exe? If that worked do this:

Download DDS and save it to your desktop from [url="http://www.techsupportforum.com/sectools/sUBs/dds"][b][color="seagreen"]here[/color][/b][/url] or [url="http://download.bleepingcomputer.com/sUBs/dds.scr"][b][color="seagreen"]here[/color][/b][/url] or [url="http://www.forospyware.com/sUBs/dds"][b][color="seagreen"]here[/color][/b][/url].
Disable any script blocker, and then double click [b]dds.scr [/b]to run the tool. [list]
[*]When done, DDS will open two (2) logs: [list=1]
[*] DDS.txt
[*] Attach.txt
[/list]
[*]Save both reports to your desktop. Post them back to your topic.
[/list]

Share this post


Link to post
Share on other sites
How about debugging mode (if available on list) or last known good configuration option, have you tried it?

Share this post


Link to post
Share on other sites
The last known good configuration option is not available when I restart. It only has safe mode, safe mode with networking, safe mode with command prompt and start windows normally options. The cntrl shift esc thing does not work in safe mode either. Edited by ArthurOPlasty

Share this post


Link to post
Share on other sites
Last Known Good Configuration option should exist on the advanced boot options screen. Was it Windows XP that you have there? Do you have the installation media handy?

Share this post


Link to post
Share on other sites
[quote name='Blade81' post='116614' date='Feb 15 2010, 12:42 AM']Last Known Good Configuration option should exist on the advanced boot options screen. Was it Windows XP that you have there? Do you have the installation media handy?[/quote]

I am running windows vista. I am unsure where I've placed the installation discs, but could probably track them down if needed. I tried the last known configuration settings, but still ends up with the same result. I also put it in debugging mode and still can't do the ctrl shift esc thing. There were some system restore and repair options in that advanced boot settings list, should I try to restore it? or is this a bad idea since the malware tries to block this process from happening? Edited by ArthurOPlasty

Share this post


Link to post
Share on other sites
Hi,

Does safe mode with command prompt option work? If it boots long enough to let you type commands try to type [b]explorer[/b] command.

Share this post


Link to post
Share on other sites
[quote name='Blade81' post='116616' date='Feb 15 2010, 02:18 AM']Hi,

Does safe mode with command prompt option work? If it boots long enough to let you type commands try to type [b]explorer[/b] command.[/quote]

nope not able to type in any commands.
comes up with the same black, blank screen, with mouse cursor and safe mode tags in the corner.

Share this post


Link to post
Share on other sites
Ok. Looks like we're running out of options here. Please see if you can find the installation media.

EDIT: if that advanced boot options list has startup repair listed please try that.

Share this post


Link to post
Share on other sites
Hi,

Current content shouldn't get lost if you don't reinstall the operating system.

When you reboot is there startup repair option in advanced boot options menu?

Share this post


Link to post
Share on other sites
[quote name='Blade81' post='116646' date='Feb 16 2010, 02:21 AM']Hi,

Current content shouldn't get lost if you don't reinstall the operating system.

When you reboot is there startup repair option in advanced boot options menu?[/quote]

yes start up repair is an option. should I try that first before using the restore media cd for my computer?

If I do use the cd, how do I make sure it doesn't reinstall the operating system? Edited by ArthurOPlasty

Share this post


Link to post
Share on other sites
Hi,

Try that startup repair option and let me know if it fixes the issue. Don't do anything else yet.

Share this post


Link to post
Share on other sites
[quote name='Blade81' post='116656' date='Feb 16 2010, 04:14 AM']Hi,

Try that startup repair option and let me know if it fixes the issue. Don't do anything else yet.[/quote]


After getting to the advanced boot settings I selected 'repair your computer'. It then came up with a pop up box with a few other selections (startup repair, system restore, windows complete PC restore, Windows memory diagnostic tool, command prompt and TOSHIBA recovery wizard). I clicked the start up repair option but it said it could not detect a problem. The command prompt option works and I tried typing in explorer and explorer.exe like you mentioned before but it comes up with

'explorer.exe' is not recognized as an internal or external command, operable program or batch file.


before the text you type it has the following

X:\sources\recovery\Tools>

Share this post


Link to post
Share on other sites
[quote name='Blade81' post='116656' date='Feb 16 2010, 04:14 AM']Hi,

Try that startup repair option and let me know if it fixes the issue. Don't do anything else yet.[/quote]


After getting to the advanced boot settings I selected 'repair your computer'. It then came up with a pop up box with a few other selections (startup repair, system restore, windows complete PC restore, Windows memory diagnostic tool, command prompt and TOSHIBA recovery wizard). I clicked the start up repair option but it said it could not detect a problem. The command prompt option works and I tried typing in explorer and explorer.exe like you mentioned before but it comes up with

'explorer.exe' is not recognized as an internal or external command, operable program or batch file.


before the text you type it has the following

X:\sources\recovery\Tools>

Share this post


Link to post
Share on other sites
Hi,

It sounds like you ended up into Vista's recovery environment. Are you able to access c: drive there (by typing command c: in command prompt)?

Share this post


Link to post
Share on other sites
[quote name='Blade81' post='116703' date='Feb 17 2010, 01:25 AM']Hi,

It sounds like you ended up into Vista's recovery environment. Are you able to access c: drive there (by typing command c: in command prompt)?[/quote]

I believe I can

It comes up with C:\>

Share this post


Link to post
Share on other sites
Good. Try following commands in c: drive:
[b]cd\windows\erdnt
dir[/b]

You should see directories with timestamps. Look for one that matches your backup moment.

Then give these commands in c:\windows\erdnt location (replace nameofthefolder with correct folder name):
[b]cd nameofthefolder
batch erdnt.con[/b]

Share this post


Link to post
Share on other sites
[quote name='Blade81' post='116715' date='Feb 17 2010, 03:28 AM']Good. Try following commands in c: drive:
[b]cd\windows\erdnt
dir[/b]

You should see directories with timestamps. Look for one that matches your backup moment.

Then give these commands in c:\windows\erdnt location (replace nameofthefolder with correct folder name):
[b]cd nameofthefolder
batch erdnt.con[/b][/quote]


for the first command cd\windows\erdnt dir
it says the system cannot find the path specified

This is how it looks when I type it in, not sure if it was right.

C:\>cd\windows\erdnt dir
i also tried
C:\>cd\windows\erdnt


When i put ERDNT on my computer I didn't use the installer, i Just extracted the files into a folder on my desktop. I can't remember what I named the folder, but If I could somehow browse through them I would know which one it was. That is also where the .exe file for ERDNT was saved, incase I needed to back it up.

Share this post


Link to post
Share on other sites
Hi,

Please run this command in command prompt:
[b]dir /s/a \erdnt.con[/b]

Note down locations (if any).

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this