Critical hard drive failure

[Mathmosman]

hello all!

 

at the weekend, my PC started showing critical hard drive failure messages and a "Windows XP Repair" box.

 

After a major, MY PHOTOS moment, I somehow managed to get the PC going and restore to a previous point. The critical error had gone?! I then found that actually it appears to be malware and had simply turned everything to hidden.

 

However, now it appears to be back, I can't get into windows, can't restore to a previous point and I just can't error messages.

 

Can anyone suggest a course of action?

[etavares]

Hello and welcome to Bleeping Computer

 

My name is etavares and I will be working with you to fix your computer.

 

Please take note:

 

 

1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
   
2. Please tell us if you have your original Windows CD/DVD available.
   
3. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
   
4. Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
   
5. Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
   

 

 

Now....please start by telling me exactly what happens when you try to boot into Windows. Please be descriptive...that will change our plan of attack. Please answer:

 

What happens if you try to boot into normal mode?

What happens if you try to boot into Safe Mode?

What happens if you try to boot into Safe Mode with Command Prompt?

[Mathmosman]

hello.

 

Thanks for your reply. unfortunately absolutely nothing happened. in the end, windows itself stopped even trying to boot, so I very reluctantly did a system recovery (HP PC).

 

Thanks for the offer of help though, if you can offer any assistance about recovering any files from before the recovery, I would be IMMENSELY grateful.

[KenB]

so I very reluctantly did a system recovery (HP PC).

Have you done this already or

if you can offer any assistance about recovering any files

Do you still have files that you need?

[Mathmosman]

Thanks for your reply Ken.

 

I have already done an HP System Recovery. To be honest, I dont know whether the System Recovery erases all of my own created files or not.

 

That said, however, is it still possible for the malware to be in my PC after a system recovery? The reason I ask is that

 

1) my PC is still making this little (what I'd describe as) 'dark chirp' every 10 seconds, which it started doing when I was experiencing the attack from malware.

 

2) the PC is running almost exceptionally slow. If I click start and move through a few menus, they're almost all staying present when I move to another.

 

3) funny that I IE8 or Firefox will not allow me to visit sites such as avast.com to download a virus software.

 

4) if I attempt to open Norton Antivirus 2004! which came pre-installed in the PC, it opens and immediately closes.

 

Hope you can help.

[Mathmosman]

Just for information, I've given in, and taken it to a local repair company. Thanks.

[KenB]

I've given in, and taken it to a local repair company

I would have stuck with it a bit longer. Etavares would have been able to suggest a few things I am sure.

 

Let us know how you get on.

 

Good Luck.

[etavares]

If a restore was not done, we could have pulled of files. Restoring to factory condition literally does just that. Or should, as it sounds like it didn't completely restore the computer. No worries, best of luck with the repair. Hope they are able to help, if not, we are still here.

[Mathmosman]

Funny, I'm back!!!

 

My problem is that, because I use my machine SO much in my life, a problem grows [albeit in my head] so quickly... and I get impatient for a solution.

 

The guy who's "repaired" it says that there was near on 20 trojans inside the machine which he's removed. He also detailed that his scans indicated that the hard drive itself has some errors. The guy also informed me that Windows is on just Service Pack 1, so suggested that I update...

 

I've gotten home, plugged everything back in, and whilst the speed is back, it still gives that 'dark chirp' every 10 seconds (which I actually assume could be the hard drive issue?). Furthermore, IE8 and Firefox will not allow me to visit any antivirus sites such as avast.com; nor, connected to above will it allow me to visit any windows update pages.

 

The guy has offered for me to take it back to him, and he'll update to service pack 2 or 3, but he's away for a week... (as am I from Monday!)

[Mathmosman]

Just a little update... I suddenly realised what the 'dark chirp' was! It's my PC trying to read from a 'floppy disc'.

 

I've inserted a random disc, and the PC appears to be reading it, and the noise has stopped. If I remove the disc, the PC does that louder, more aggressive reading sound, and then continues trying to read from that drive every 10 seconds.

[KenB]

It is probably no consolation - but I remember having this very same problem when I had a floppy drive in my XP machine.

I can't however, remember if I ever solved the problem.

 

Without accessing the internet - try disabling your AntiVirus.

 

Also - do you use the floppy drive?

If not we could disable it.

 

=====================

 

so suggested that I update.

See here:

http://www.microsoft.com/downloads/en/details.aspx?FamilyId=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en

 

To d/l SP3 directly you need SP1a ( If you have SP1 only - you will need to d/l SP2 first ).

 

Start > Run ....type in ...winver ......ENTER

This will tell you what you have.

Edited June 24, 2011 by KenB

[RandyL]

IE8 and Firefox will not allow me to visit any antivirus sites such as avast.com

I might also add that this sounds like there is still an infection present. Others will likely advise you further on this.

[KenB]

I suggest that etavares takes a look first - get the all clear - and then address the other problems.

It doesn't look as if your tech person has done a very good job getting rid of the malware.

[RandyL]

I agree Ken. It is suspect. But then we do tend to agree often.

[etavares]

Hello, Mathmosman.

Agreed...it does looks like you are still infected.

 

My name is etavares and I will be helping you with this log.

 

Here are some guidelines to ensure we are able to get your machine back under your control.

 

 

• Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  
• Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  
• Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  
• Please reply within 3 days to be fair to other people asking for help.
  
• When in doubt, please stop and ask first. There's no harm in asking questions!
  

 

 

 

 

Step 1

 

We need to create an OTL report,

 

• Please download OTL from this link.
  
• (If that link doesn't work, try this alternate link
  
• Save it to your desktop.
  
• Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• Select "Use Safelist" under "Extra Registry"
  
• Under the Custom Scan box paste this in:
  
   
  netsvcs
  msconfig
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\system32\*.sys /90
  %systemroot%\System32\config\*.sav
  %PROGRAMFILES%\*
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
   
   
  
• Click the Quick Scan button.
  
• The scan should take a few minutes.
  
• Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.
  

 

 

 

 

Step 2

 

Please download aswMBR ( 511KB ) to your desktop.

 

• Double click the aswMBR.exe icon to run it
  
• Click the Scan button to start the scan
  
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  

 

 

etavares