Solved Unable to boot windows even in safe mode due to Blaster32 worm

rbisawa

New member
Member
Local time
12:25 AM
Messages
44
Hello everyone,

This is my 1st post in this forum so please bear with me.

I'm a novice and need urgent help please :cry:

My Laptop :
=========
Dell Inspiron N4010
OS : Windows 7 SP1
Dual Boot ( Ubuntu )

My problem :
==========
1) Gave my laptop to one of my friends and got infected with Blaster32 worm or some malware.
2) Tried to remove the worm/malware using msert.exe d/led from microsoft website in safe mode.
3) It identified around 18 infected files and I guess removed them too.
4) Restarted the PC and started browsing the internet, but it again popped up and said you are
infected with Blaster32.worm n so on.
5) After this my laptop has stopped booting into normal, safe, safe with command prompt, etc.
6) Then I tried to restore windows using the Startup recovery ( Advanced Option ) to one of the earlier restore points but I'm unable to do so coz it says "Failed to restore successfully...could not extract AGM.dll file".
7) Now I'm unable to boot windows in any mode!
8) I don't even have a recovery CD ( from Dell or any other )
9) However I since my laptop is dual boot ( Ubuntu ), I can d/l and read all my files of windows if needed.

Waiting for help desperately.

Regards,
Rahul
 

My Computer My Computer

At a glance

Windows 7 Home Basic
OS
Windows 7 Home Basic
Hi, rbisawa. You don't have the Blaster Worm. Rather, it is a rogue (fake) called "Spyware Protection".

Please see this tutorial for the Microsoft Standalone System Sweeper.
This will show you how to update and use the Microsoft Standalone System Sweeper Tool to create a 32-bit or 64-bit Standalone System Sweeper bootable CD/DVD, USB flash drive, or ISO file to help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware. In addition, Microsoft Standalone System Sweeper can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC.

Next, I suggest the following additional steps:

If you cannot start the computer in Safe Mode with Networking, try downloading the following files to another computer and transferring them to your machine.

1. Please download rkill from one of the following links and transfer to your Desktop:

One, Two,Three or Four

  • Double-click rkill to run.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave rkill on the Desktop until otherwise advised.
  • Do NOT restart your computer after running rkill as the malware program(s) will start again.

Note: If you you receive security warnings about rkill, please ignore and allow the download to continue.

2. Please transfer Malwarebytes' Anti-Malware to your desktop.


  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
    MBAM_SR.png
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let us know how you make out.
 

My Computer My Computer

At a glance

Windows 7 & Windows Vista Ultimate
OS
Windows 7 & Windows Vista Ultimate
Update on my problem - "%hs is missing" error!

Hi,

Thankyou for replying.

Sorry for the delayed reply was busy with some other work.

Tried the steps mentioned by you as follows :

1) D/led the Microsoft Standalone System Sweeper and ran it on my laptop.
2) It found a trojan known as "Win32/Karagany.G" and removed it.
3) I exited from the sweeper and removed my USB drive and tried to start in safe mode with
networking to complete the remaining steps, but it threw the following error with a blue
screen :

"c0000135 The program can't start because %hs is missing from your computer. Try
reinstalling the program to fix this problem."

And let me tell you I definitely DO NOT have AVG installed on my laptop.

4) So again safe mode boot is NOT going through.

Please suggest me the next step of action.

Waiting anxiously for the reply! :cry:

regards,
Rahul
 

My Computer My Computer

At a glance

Windows 7 Home Basic
OS
Windows 7 Home Basic

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel(R) Core(TM) 2 Quad Q8200 @ 2.33 GHz2x2GB Kingston DDR21GB AMD Radeon HD 5450
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate x64
CPU
Intel(R) Core(TM) 2 Quad Q8200 @ 2.33 GHz
Motherboard
Asus P5KPL-AM SE Motherboard
Memory
2x2GB Kingston DDR2
Graphics Card(s)
1GB AMD Radeon HD 5450
Sound Card
VIA Technologies High Definition Audio Device
Monitor(s) Displays
Samsung SyncMaster 733NW
Screen Resolution
1440x900
Hard Drives
SEAGATE 320GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache x 2
Case
Custom Casing
Cooling
Ice cubes from the freezer ;)
Keyboard
Generic Plug & Play Keyboard
Mouse
Optical Mouse
Internet Speed
Very slow
Update on my problem - Still unable to boot in safe mode

Hi,

Thankyou Francis93 for your reply.

Tried the steps mentioned by you as follows :

1) D/led the Kaspersky rescue disk and ran it on my laptop.
2) It detected 6 trojans!! and I told it to remove all.
3) Hopefully after removing the trojans I tried to boot my laptop
in normal mode but in vain.
4) Then I tried booting it in Safe mode with Networking but again got the same
error as mentioned in 3rd post.

"c0000135 The program can't start because %hs is missing from your computer. Try reinstalling the program to fix this problem."

Now i'm trying to repair start-up using startup repair, but i don't think it'll work either.

Please let me know the next plan of action.

I'm losing hope now! :(

p.s. : Is it that the trojan removal tools which I hv used must hv also deleted some important system files??

Still cheers!
Rahul
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Basic
OS
Windows 7 Home Basic

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
My problem got resolved!!

Hi all,

Thankyou all for your inputs.

I was able to solve my problem.

Solution :
=======
1) Firstly I restored my windows 7 using the Dell Datasafe facility available through the Advanced Boot Options.

But since there was no bootloader for windows I had to install Ubuntu once again ( and which I also wanted to have )

2) D/led Ubuntu 10.04 and re-installed in on my laptop using USB drive.

3) Since earlier also I had Ubuntu + Windows 7, I didn't have to partition the disk n
all.

4) Ubuntu installation went about smoothly and it detected the presence of
windows too.

5) Thus I am now able to boot both windows as well as Ubuntu just like before.

And the first thing I did after resolving the issue was to d/l an antivirus s/w and all the microsoft updates.

Now I have d/led the Microsoft Security Essentials antivirus and I hope it will protect my laptop from future attacks.

Can someone please tell me if this is a good tool to have or is there anything better which you would like to suggest.

CHEERS!!!
Rahul :D :D :D
 

My Computer My Computer

At a glance

Windows 7 Home Basic
OS
Windows 7 Home Basic
Back
Top