Please help virus destroyed BCD - no error message

[OldUser]

[Solved] Please help virus destroyed BCD - no error message

Hi, I'm writing this from a KNOPPIX Live CD as my computer cannot boot.
I have a triple boot system (7, vista, XP) and Windows 7 is my main OS. I was using it to surf the web only a few hours ago and suddenly my anti virus software which is Avast! (free) started popping windows about a program being blocked, I did not have enough time to read it but the title of the window was vid<something>.info , the "<something>" is the part I don't remember. Also, there was the name of the executable of the program and it was 4 letters, something like vwfv.exe , again I hadn't much time to look because after a few seconds a window popped up in the top left corner and immediately the screen went black for two seconds and then showed a BSOD but this was not a regular BSOD, it only had a few words in the top left part of the screen. I pressed the reset button and the computer passed POST but did not show the Windows 7 boot manager. There was no error message, only a blinking cursor in the top left corner.

I inserted the Win7 DVD and chose to repair windows. It said it found problems and restored the BCD and that the old BCD is backed up. I rebooted but nothing was changed - still only a blinking cursor. I booted the W7 DVD again and this time it let me to the advance repair options. I chose Command Prompt and verified that my files were still there - they are, so I believe the MBR and HDD data are OK it's just the boot process files that got sabotaged by the virus.
I tried to run SFC /SCANNOW but it won't let me do that from the DVD.
I'm stumped, any help would be REALLY greatly appreciated!

Some more useful info:
My main OS is Windows 7 Ultimate x64. My motherboard is ASUS M4N68T-M and my CPU is Athlon x3 435.
I'm using the onboard RAID in RAID 0 configuration (2 500GiB HDDs as one 1TiB drive).
I have several partitions on this drive, NTFS, FAT and FAT32 but the bulk of my data is in a one 500 GiB exFAT partition.
All of the 3 OSs are on NTFS partitions.

If I left out something important please be patient, it's very late at night here.

Thanks in advance,
OU

 

[OldUser]

Using BOOTREC /FIXMBR got me my boot manager back. I logged on to XP and now downloading the trial version of NIS 2011 that I hope to use to get rid of the virus. Apparently, Avast! sucks.

If I'll manage to get my W7 working again I will come back and flag this as solved.

 

[Golden]

Hi,

In addition in NIS, I recommend you also try MalwareBytes - it has a very good reputation here.

Regards,
Golden

 

[Borg 386]

This forum has a great section on tutorials on how to repair your system. This is the link to a startup repair. Also, at the bottom of that page there are related links (restoring your system, clean install, etc) which may help you out. Peruse those and I think you will find something there that can help you out. I hope this helps and you get it sorted.

http://www.sevenforums.com/tutorials/681-startup-repair.html?filter[2]=Performance%20Maintenance

You could also try using a boot rescue disk to clear out infections, which may still be remaining in the background. You have a choice of these

http://www.avira.com/en/support-download-avira-antivir-rescue-system

http://www.avg.com/us-en/avg-rescue-cd

http://support.kaspersky.com/viruses/rescuedisk

 

[OldUser]

Golden: I always do use MBAM in conjunction with my AV software, it has saved my behind numerous times before. MBAM has been running for the last 3 hours now and still going strong (I do have A LOT of files).

Borg 386: I think I already solved the startup problem, I'll be 100% sure when MalwareBytes finishes.
Ironically, it actually was the tutorials here that helped me to get it fixed.

 

[OldUser]

OK, MBAM finished, I am the proud owner of one Rootkit.TDSS.
I haven't heard about it until about an hour ago when this thread was just above mine:
http://www.sevenforums.com/system-security/143655-salvaging-tdl3-infected-hdd.html

Then I googled this TDSS/TDL3 and it turns out it's the Rootkit from hell... Whole systems have been destroyed, or so I understand. Now I'm really scared
I'll try TDSSKiller and Hitman Pro which turned up while reading some posts about this Rootkit. If anyone has another free tool which specializes in TDSS please tell me about it, I have 10 years of unbackedup data on this computer and it would really suck if everything will be lost because of this malware

 

[Borg 386]

Got a couple other possibilities....

Gmer

GMER - Rootkit Detector and Remover

Norton Power Eraser

http://security.symantec.com/nbrt/npe.asp?lcid=1033

Eliminates deeply embedded and difficult to remove crimeware that traditional virus scanning doesn't always detect.

 

[OldUser]

Thanks Borg, I will try them out.

 

[OldUser]

I booted Windows 7 and ran all the malware/antirootkit software from there but nothing was found. It seems like MBAM got rid of it all. I think I was lucky to catch it before it had the chance to wreak havoc and root itself deep within my system.
Thanks to everyone that helped, I really love your forums

 

[richnrockville]

of course you got a free ride and NOW is the time to:

BACKUP! BACKUP! BACKUP!

please..

Rich

 

[Borg 386]

Glad you got it sorted.

You may want to consider adding MSE to your arsenal, for the most part, it plays well with other AV's and every layer of protection you can get is worth it.

It would probably be wise to do a full system scan with whatever AV you choose to run. And do that in a day or so, most rootkits/viruses are notorious for reinstalling themselves back into the system if you didn't get it all.