Alureon and my broken laptop

[VistaKing]

X:\Windows\System32 is that inside the black window Command prompt or when you right-clicked on conhost ?

 

[SarahCali]

Actually, both. I accidently first selected open file location (location in black box), then realised you had said choose properties - it's listed there (same) also.

 

[VistaKing]

Close Task Manager by clicking on the Red X on the upper right side . Back in the black window Command Prompt . Type

regedit.exe

 

[SarahCali]

OK, am in the RegistrybEditor window

 

[cottonball]

SarahCali,

This 'other dude' is trying to help you.

Since you have the Repair your computer option when tapping F8, etc., found out that you can download a Windows file to a Mac, and, without executing it, move it to the USB flash drive.

You just need to download the file on the Mac using a web browser.
Next, you plug in a USB flash drive that is formatted as a FAT32 drive and copy the file from the Mac to the flash drive.

Then take the flash drive to the Windows machine.

Do you know if the Windows Operating System is 32-bit or 64-bit?

 

[VistaKing]

Ok minimize the registry window for now by clicking on the left button with " _" on it .

Back in the Command Screen Type

bcdedit | find "osdevice"

   Note

the | pipe symbol is the key above Enter . Hold shift down and press the key with \ on it

Press the enter key after you inputted the command . It will tell you the drive letter of Windows . It might say its os device partition=D:


@Cottonball … she has a x64 bit version

 

[SarahCali]

Yes, it says exactly that: Partition=D:

 

[SarahCali]

SarahCali,

This 'other dude' is trying to help you.

I know! Super grateful for you all, I'd still be crying and panicking if I were on my own with this!

 

[cottonball]

SarahCali,

If VistaKing's approach does not work, let's see if you can do the following...

On your Mac, please do a Farbar Recovery Scan Tool Download
Select the 64-bit option.

Save the program to the >>> USB flash drive.
Remove the drive from the Mac computer.

Next, plug the flash drive into the infected computer.

>>>Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Use the arrow keys to select the Repair your computer menu item.
Select your language settings, and click: Next
Select your User account and click: OK (If you did not set a password, leave blank.)

On the System Recovery Options menu you get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt

Select: Command Prompt

In the Command window, at the blinking cursor type notepad and press: Enter
In Notepad, under the File menu select: Open
Double-click Computer, find the flash drive letter, remember what letter it is, click on it, and press: Open

Close out of Notepad.

Click the Command Prompt window
Type x:\frst64.exe, and press: Enter
Note: Replace the drive letter x with the drive letter of your flash drive!

The tool starts and prepares to run. Follow the prompts.
Click Yes to the disclaimer.

Press: Scan

When done, the program saves the FRST.txt report, on the flash drive.
Click the Command Prompt window, and type exit, and press: Enter

Back at the System Recovery Options, press: Restart

When the computer boots back into Windows, please provide the FRST.txt in your reply.

 

[VistaKing]

Sarah … we will go with the easier way. On the Mac go to this website

http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe

Place the USB drive to your Mac and once you have the file downloaded copy the file to the flash drive . Unplug the flash drive and plug in the drive to the infected drive .

@Cottonball my approach was to delete the files manually from the registry by loading the hive from the D:\Windows\System32\config

 

[SarahCali]

Got it. Doing so now

 

[VistaKing]

Sarah here is the link that Cottonball has mentioned Farbar Recovery Scan Tool

http://download.bleepingcomputer.co...ies/f/farbar-recovery-scan-tool/64/FRST64.exe

We don't need to restart the PC . Plug the USB drive in the PC and in the command prompt type the commands and press enter after each command

Diskpart

press ENTER

 list volume

press enter

   Note

take note of the letter for your USB flash drive

then type

 exit

and press Enter . It should say Leaving DiskPart… then type in the driver letter of the USB flash drive with a back slash " \ " and the name of the .exe file .

 

[SarahCali]

Quick check - I can do so via burning to CD just the same, right? Because the USB won't play ball. Burning TDSS.exe onto CD was a success however. I realize this question probably inane

So now insert CD into laptop and ... It should automatically run the .exe, is hat right?

 

[SarahCali]

Wait, now confused. I am following the TDSS instructions?

 

[VistaKing]

No for now you should be getting the frst64.exe file. It will not work from a cd . We could format the flash drive to Fat32 if you would like from the command prompt .

 

[SarahCali]

I cannot get anything onto the USB via Mac, all I was able to do was burn it to CD. It can see mynUSB, but nothing more?

 

[SarahCali]

Ah, gotcha - you mean we can use laptop to make it Mac ready?

 

[whs]

Or just copy the cd content to the stick - on the PC

 

[VistaKing]

What version of Mac is it ? Mac OS X?

 

[SarahCali]

Or just copy the cd content to the stick - on the PC

This! I am having all sorts of problems with the Mac (not mine, don't use them) - could someone talk me through doing so via the command line thing, I'm afraid I haven't a clue