Unable to boot windows even in safe mode due to Blaster32 worm

Hello everyone,

This is my 1st post in this forum so please bear with me.

I'm a novice and need urgent help please

My Laptop :
=========
Dell Inspiron N4010
OS : Windows 7 SP1
Dual Boot ( Ubuntu )

My problem :
==========
1) Gave my laptop to one of my friends and got infected with Blaster32 worm or some malware.
2) Tried to remove the worm/malware using msert.exe d/led from microsoft website in safe mode.
3) It identified around 18 infected files and I guess removed them too.
4) Restarted the PC and started browsing the internet, but it again popped up and said you are
infected with Blaster32.worm n so on.
5) After this my laptop has stopped booting into normal, safe, safe with command prompt, etc.
6) Then I tried to restore windows using the Startup recovery ( Advanced Option ) to one of the earlier restore points but I'm unable to do so coz it says "Failed to restore successfully...could not extract AGM.dll file".
7) Now I'm unable to boot windows in any mode!
8) I don't even have a recovery CD ( from Dell or any other )
9) However I since my laptop is dual boot ( Ubuntu ), I can d/l and read all my files of windows if needed.

Waiting for help desperately.

Regards,
Rahul

Hi, rbisawa. You don't have the Blaster Worm. Rather, it is a rogue (fake) called "Spyware Protection".

Please see this tutorial for the Microsoft Standalone System Sweeper.

This will show you how to update and use the Microsoft Standalone System Sweeper Tool to create a 32-bit or 64-bit Standalone System Sweeper bootable CD/DVD, USB flash drive, or ISO file to help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware. In addition, Microsoft Standalone System Sweeper can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC.

Next, I suggest the following additional steps:

If you cannot start the computer in Safe Mode with Networking, try downloading the following files to another computer and transferring them to your machine.

1. Please download rkill from one of the following links and transfer to your Desktop:

One, Two,Three or Four

• Double-click rkill to run.
• A command window will open then disappear upon completion, this is normal.
• Please leave rkill on the Desktop until otherwise advised.
• Do NOT restart your computer after running rkill as the malware program(s) will start again.

Note: If you you receive security warnings about rkill, please ignore and allow the download to continue.

2. Please transfer Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, be sure Quick scan is selected, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  
• Click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let us know how you make out.

Hi,

Thankyou for replying.

Sorry for the delayed reply was busy with some other work.

Tried the steps mentioned by you as follows :

1) D/led the Microsoft Standalone System Sweeper and ran it on my laptop.
2) It found a trojan known as "Win32/Karagany.G" and removed it.
3) I exited from the sweeper and removed my USB drive and tried to start in safe mode with
networking to complete the remaining steps, but it threw the following error with a blue
screen :

"c0000135 The program can't start because %hs is missing from your computer. Try
reinstalling the program to fix this problem."

And let me tell you I definitely DO NOT have AVG installed on my laptop.

4) So again safe mode boot is NOT going through.

Please suggest me the next step of action.

Waiting anxiously for the reply!

regards,
Rahul

Download and burn ANY of the following bootable rescue CDs from a clean computer to remove the virus since you are not able to boot into the infected computer's safe mode.

Rescue CDs:

• Hiren's BootCD 15.0
• Shardana Antivirus Rescue Disc Utility (SARDU)
• Avira AntiVir Rescue System
• Norton Bootable Recovery Tool
• Kaspersky Rescue Disk 10
• ...more info

Related Articles:

• Rescue CDs: Tips for fighting malware
• Analyst's View: Antivirus Rescue CDs

Hi all,

Thankyou all for your inputs.

I was able to solve my problem.

Solution :
=======
1) Firstly I restored my windows 7 using the Dell Datasafe facility available through the Advanced Boot Options.

But since there was no bootloader for windows I had to install Ubuntu once again ( and which I also wanted to have )

2) D/led Ubuntu 10.04 and re-installed in on my laptop using USB drive.

3) Since earlier also I had Ubuntu + Windows 7, I didn't have to partition the disk n
all.

4) Ubuntu installation went about smoothly and it detected the presence of
windows too.

5) Thus I am now able to boot both windows as well as Ubuntu just like before.

And the first thing I did after resolving the issue was to d/l an antivirus s/w and all the microsoft updates.

Now I have d/led the Microsoft Security Essentials antivirus and I hope it will protect my laptop from future attacks.

Can someone please tell me if this is a good tool to have or is there anything better which you would like to suggest.

CHEERS!!!
Rahul