Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Ran Windows Defender Offline, can't boot up computer. Help please!

20 Jan 2014   #1

Windows 7 64 bit
 
 
Ran Windows Defender Offline, can't boot up computer. Help please!

So a google search tells me that this seems to happen pretty often. Microsoft Malicious Software Removal Tool detected Alereon (sp?), directed me to use Windows Defender Offline. I did and now I can't boot up.

I have followed the directions given here to prior victims and have attached the FRST scan log. Thank you for any help you can give.



Attached Files
File Type: txt FRST.txt (14.8 KB, 9 views)
My System SpecsSystem Spec
.

20 Jan 2014   #2

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8 Pro all 64bit
 
 

Hello and welcome bsever mate try one of these I would try the Kaspersky one first.

5 Bootable AntiVirus Rescue CD for Windows: Free Download
My System SpecsSystem Spec
20 Jan 2014   #3

x64 (6.1.7601) Win7_SP1 HomePrem
 
 
alureon virus

ICit2lol gave you a starting point - Kaspersky is very good.

Follow one path at a time, take ICit2lol 's suggestion.

If your machine is still infected after running that, you can wait for someone more experience than I have to drop in.

This is a tough bug to squash, but members on the Security team have successfully tackled other cases.

I read through a few and the FRST report you posted jogeed something in my memory.

TDL4: custom:26000022 <===== ATTENTION!
There's a procedure to deal with the above. I believe it was one of the last things done to prevent reappearance. I just don't recall the details.

Hang in there, I'm sure one of the team will drop in to help.

Good Luck.
My System SpecsSystem Spec
.


20 Jan 2014   #4

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64 Ubuntu 12.04 LTS Tri-Boot
 
 

I dont think running another bootable rescue disk will help....he has already run WDO in an attempt to clean up the rootkit. Sounds like MBR is buggered as a consequence of that?

In this case, OP might consider clean install. Often a safe option with rootkits.
My System SpecsSystem Spec
20 Jan 2014   #5

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8 Pro all 64bit
 
 

Ok I only suggested cos the OP cannot boot at all so thought at least it was an option.

If the data needs saving then maybe using the Ubuntu to boot and retrieve that data might be worth a try before the clean install if he has stuff he needs to keep.

I know there is a tutorial on this but this is what I have used in the past

BOOTABLEUBUNTU

Make a bootable Ubuntu disk http://www.ubuntu.com/download

Set the BIOS to boot from theoptical when the machine boots it will show you a screen with TRY or INSTALL> select TRY

When it is finished - it takes verylittle time you will get a screen like in the pic .

Open the drive you want > Userand dig down until you get to the data / settings you may be able to copy /paste the material you want to an external source or other installed drive doingthis.

I am not sure if it will but I haverecovered tons of data etc using this method both on "dead" or justplain drives that you cannot get data from using Windows.


Attached Thumbnails
Ran Windows Defender Offline, can't boot up computer.  Help please!-ubuntu-screen.png  
My System SpecsSystem Spec
20 Jan 2014   #6

Windows 7 64 bit
 
 

Thanks for the suggestions! I don't want to have to try the ubuntu recovery or the clean install, but thank you for pointing me in that direction so I know what my options are. I have seen some folks here get some help after having WDO leave their machines un-bootable and it seems to be a happy ever-after story for some, so I guess I'm looking for a miracle too. A fellow can dream.
My System SpecsSystem Spec
21 Jan 2014   #7

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8 Pro all 64bit
 
 

Well mate you still have that rescue disk option it isn't going to cost you anything and what have you got to lose??

If you have all your data backed up then if it is store bought machine you have the option of factory defaulting it.

I just Googled the problem a while ago and there are a ton of refs there most mentioning that Aleuron problem.
My System SpecsSystem Spec
21 Jan 2014   #8

Windows 7 64 bit
 
 

Thanks ICit2lol, I appreciate the reply. I was hoping for some guidance in the same vein as in this thread:
Computer wont start after removing alureon virus with defender offline
But in the meantime, I will try to hunt down a writeable disc to pursue the Ubuntu suggestion to see what data I can back up. Thanks again!
My System SpecsSystem Spec
21 Jan 2014   #9

x64 (6.1.7601) Win7_SP1 HomePrem
 
 

I'm going to disagree that WDO cleaned up the malware. (Part of my Dale Carnegie training )
edit: I going to agree that the OP consider a clean install. Malware is getting "smarter" and it's possible that this bug knows about WDO and as a self defense mechanism, messes up the boot. Not sure at this point.

Quote   Quote: Originally Posted by Golden View Post
I dont think running another bootable rescue disk will help....he has already run WDO in an attempt to clean up the rootkit. Sounds like MBR is buggered as a consequence of that?

In this case, OP might consider clean install. Often a safe option with rootkits.
I'm also going to recommend the Kaspersky Rescue Disk that ICIT2lol started with.
- I'm not certain it has the TDSSkiller incorporated on the disk, but it's a good place to start.

Just be sure to write the disc on a clean machine

Quote   Quote: Originally Posted by Kaspersky
Kaspersky Rescue Disk 10 is designed to scan, disinfect and restore infected operating systems. It should be used when it is impossible to boot the operating system.

Kaspersky Lab products are always upgraded and renewed. In order to restore your system, Kaspersky Lab specialists recommend to use the latest version of Kaspersky Rescue Disk 10.

You can download the distributive of Kaspersky Rescue Disk 10 from Kaspersky Lab servers.
There are always different options, but the path taken is your choice, bsever.
The Rescue disc won't hurt and it might give you a head start when a member of the Security Team stops by.

Your thread, your machine, your choice.
When someone does stop by you will more than likely get your miracle and step by step help. You've seen some of those threads, it takes a while.

Wait or Kasperky - you know what I think

Good luck getting rid of that miserable bug.

Edit: Just saw Kaspersky USB drive option when I was closing down open browser windows.
Also make sure the machine you create this on is free of malware
http://support.kaspersky.com/8092
My System SpecsSystem Spec
21 Jan 2014   #10

Windows 7 Pro. 64/SP-1
 
 

Just a thought.
After WDO was the boot order set back to proper drive?
I will go back to watching.
My System SpecsSystem Spec
Reply

 Ran Windows Defender Offline, can't boot up computer. Help please!





Thread Tools



Similar help and support threads for2: Ran Windows Defender Offline, can't boot up computer. Help please!
Thread Forum
Windows Defender Offline Tutorials
Solved Computer won't boot after using Defender offline System Security
Computer wont start after removing alureon virus with defender offline System Security
Boot Failure after Windows Defender Offline Hardware & Devices
Windows Defender Offline crashed computer System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:07 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33