Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Computer won't boot after using Defender offline


13 Aug 2013   #1

Infected is Win7 home premium 64 bit (clean is Vista home premium 32)
 
 
Computer won't boot after using Defender offline

Well, it seems this is a common problem. I'm mildly tech savvy, but this has me beat.

Kid's college computer got Alureon, ran Defender Offline from a USB which appeared to work to remove the virus, but now it's in the start cycle of black and white Acer screen, a quick flash from a blue screen, repeats this once or twice more, then into the system repair and then recovery. None of these worked. Trying not to do a total factory reset due to college things saved. No Windows discs. We were sure to reset the BIOS for the hard drive to boot first after using the Defender USB.

The (previously, I hope) infected computer is an Acer Windows 7 home premium 64 bit. Clean computer is a Vista home premium 32 bit which appears to have issues downloading some 64 bit things to a USB because it's "not compatible".

School starts again in a few days and we REALLY cannot afford the expense of a new laptop suddenly if I can get around this somehow. I'm not a super tech person but I can follow instructions! Any help on where to start is much appreciated, and I apologize in advance for much of my tech ignorance.

My System SpecsSystem Spec
.

13 Aug 2013   #2

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

friedpasta welcome to SevenForums

Run the tool below inside the command prompt in System Recovery

warning   Warning
You will need a USB FLASH DRIVE


Tip   Tip
Download the Tool from a non infected PC


Farbar Recovery Scan Tool

Choose one that goes with your OS bit version . Save the file to a USB Flash drive

32-bit Version OS Farbar Recovery Scan Tool

64-Bit Version OS Farbar Recovery Scan Tool x64


Note   Note
Click the button and right-click Computer .Select Properties . Look for System Type: which will say 32-bit Operating System or 64-bit Operating System


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select Repair Your Computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Select Command Prompt

In the command window type X:\FRST.exe (for x64 bit version type X:\FRST64.exe) and press Enter

Note   Note
Replace letter X with the drive letter of your flash drive.


Tip   Tip
Type the commands below to see what your letter is for the USB drive and press ENTER after each command


Code:
Diskpart
List volume
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file

Upload the FRST.txt file

Note   Note
FRST.txt file will be inside the root of the USB Flash Drive
My System SpecsSystem Spec
13 Aug 2013   #3

Infected is Win7 home premium 64 bit (clean is Vista home premium 32)
 
 

Probably a dumb question - the clean computer is 32 bit and the infected is 64. Do I download the 32 version on the clean and it will be okay to use on the infected 64 bit?
My System SpecsSystem Spec
.


13 Aug 2013   #4

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Download the 64-bit version save it onto a USB flash drive . Plug the USB flash drive into the infected PC . Boot to the System Recovery as it says to do select command prompt . Inside the command prompt find your USB drive letter by using Diskpart ( see above instructions ) then go from there .
My System SpecsSystem Spec
13 Aug 2013   #5

Infected is Win7 home premium 64 bit (clean is Vista home premium 32)
 
 

Never mind, got it saved. Thanks.
*********************
Thank you. My Vista 32 bit will download the 64 bit but won't save it to the USB drive, says the version is "not compatible". Is that normal? Maybe I'm missing something. Sorry for my ignorance.
My System SpecsSystem Spec
13 Aug 2013   #6

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

I Downloaded FRST64.exe on a 32 bit OS . You could download it but not run it . Plug your USB flash drive into the 32bit PC . Open the downloads folder right click on FRST64.exe and select Send To choose removable disk . Should work . Downloading works running the program won't on a 32 bit .
My System SpecsSystem Spec
13 Aug 2013   #7

Infected is Win7 home premium 64 bit (clean is Vista home premium 32)
 
 

Thank you, it worked. Here are the results.


Attached Files
File Type: txt FRST.txt (15.4 KB, 14 views)
My System SpecsSystem Spec
13 Aug 2013   #8

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

ON the 32 BIT OS . Open Notepad . Inside notepad paste the highlighted text below


start
HKLM-x32\...\Run: [PCFixSpeed] - C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe [384088 2013-03-20] (Crawler.com)
HKU\Brian\...\Run: [trident] - C:\Users\Brian\AppData\Roaming\trident\Installer.exe [454144 2012-12-21] ()
HKU\Default\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} [x]
HKU\Default User\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} [x]
AppInit_DLLs: [0 ] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll [2691536 2013-07-26] ()S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2847696 2013-07-26] ()
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
2013-08-12 18:41 - 2013-08-12 18:42 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-08-08 16:37 - 2013-08-12 13:06 - 00000000 ____D C:\Users\Brian\AppData\Roaming\BabSolution
2013-08-08 16:37 - 2013-08-12 13:06 - 00000000 ____D C:\Program Files (x86)\24x7Help
2013-08-08 16:37 - 2013-08-09 16:38 - 00000000 ____D C:\Users\Brian\AppData\Roaming\PCFixSpeed
2013-08-08 16:37 - 2013-08-08 16:37 - 00000000 ____D C:\ProgramData\PCFixSpeed
2013-08-08 16:37 - 2013-08-08 16:37 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-08 16:37 - 2013-08-08 16:37 - 00000000 ____D C:\Program Files (x86)\PCFixSpeed
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
C:\Users\Brian\0.5656880535661928.exe
TDL4: custom:26000022 <===== ATTENTION!
ATTENTION: Malware custom entry on BCD on drive y: detected.
end


Click on File select Save As

Save to : USB Flash drive

File Name : Fixlist.txt

Save as type : All Files

click on the Save button inside Notepad.

Unplug the USB Flash drive from the 32-bit PC plug back into the 64-bit PC Open FRST64.exe like you did before . This time click on the [Fix] button . Once done it will create a new log called Fixlog.txt it will be in your USB Flash drive.

Restart the PC and see if you could login to your Desktop on the 64-bit PC.
My System SpecsSystem Spec
13 Aug 2013   #9

Infected is Win7 home premium 64 bit (clean is Vista home premium 32)
 
 

Yes! It logged on and is to the desktop. But it was verrrry slow to get to the desktop, took several minutes to go from the login password screen to a black screen to the desktop. Desktop seems to be okay after it finally loaded.
My System SpecsSystem Spec
13 Aug 2013   #10

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Sweet. Run the next tool . We are not done cleaning the PC

TDSSKILLER

download link TDSSKiller

Save to the Desktop

Right-click the program and select


When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System

Click: OK


Press: Start Scan


If a suspicious object is detected, the default action is Skip, leave it as is, and click on: Continue
If malicious objects are found, they show in the Scan results.
Ensure Cure (the default) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)


When done, the tool outputs its log to the disk with the Windows Operating System, normally C:\


Logs have a name like:
C:\TDSSKiller.X.X.X_12.04.2013_15.31.43_log.txt


Please post the TDSSKiller log in your reply.
My System SpecsSystem Spec
Reply

 Computer won't boot after using Defender offline




Thread Tools



Similar help and support threads for2: Computer won't boot after using Defender offline
Thread Forum
Windows Defender Offline Tutorials
download link for Windows defender offline System Security
Problems with reboot after using Windows Defender Offline System Security
Boot Failure after Windows Defender Offline Hardware & Devices
Windows Defender Offline crashed computer System Security
Computer will not boot. Startup repair is offline? General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:59 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33