There were several options to take.
- Create a recovery disc, and appropriately fix the Master Boot Record, so the computer could boot again, and keep all of your data safe.
- If the Vista disc is on hand or easy to grab (which I would not be able to tell from here), use it instead of the recovery disc.
- Do a format from the Recovery partition and lose ALL of the data that was on your operating system.
Allow me to say that I was much more interested in keeping your data safe, because nothing is worse than the feeling of losing all of your data.
Having to work from your recovery partition, and format the OS is just a quick road to take, but quite risky if you have lots of important data.
Instead of kindly cooperating with my train of thought, it was more about I damaged your computer, without getting your computer fixed. I had doubts that it would be hard to have access to a different computer, to burn a recovery disc, then use it on the damaged computer to fix it, and rescue your data.
The fact that you had said specifically you need the data on there, was my signal to say "I've got a good recovery method so your data shall be safe."
These days, people care less about the disc for their operating system, and either don't have one, or have lost it or buried it away.
In the future, it would be most appropriate to have the disc on hand so it is easier to recover your computer.
Check out my new warning to users (below), now that this type of issue has happened, and maybe you can learn why this process of getting rid of malware is so difficult, and keep in mind that many malware experts outside of GeekPolice do not get machines fully clean. Luckily, you got with the right person for the job, otherwise you would not be in this mess, and still have an infected computer.
Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the
Master Boot Record (MBR) is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.
The following are signs of a damaged MBR:
- Invalid Partition Table
- Missing Operating System
- Error loading operating system
If it is the worst case scenario, and your computer cannot boot, please take note of the following:Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the
XP Recovery Console before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:
If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.
Keep in mind that even though I have not expressed being sorry, I have gone to great lengths to make sure your computer will get fixed. This was why I had someone else take over my topic with you. You obviously were no longer interested in my instruction to help, and patient enough to follow them. Therefore, I did not feel like saying much more, to avoid regretting what I might say.
Keep in mind, malware is a tough game, and a monster to mess with. I still have yet to figure out a new piece of malware, but instead of giving up or getting impatient with me, my users are relentlessly ready for me to fix the problem. However, without certain resources available for the fixing process, we must take alternative routes, ones that are safe and damage-less.
One route to go down is the way to fix the mess, without killing all of your data. The other way is the impatient way, which is the process to blame the helper, and urge the need to fixing it -- meanwhile destroying all of your data.
Rootkits are some of the toughest pieces of malware, and some malware experts totally miss them, and just let the user know they are clean.
Then, two weeks later... they repost and say "same problem as last time." Sometimes, their problem will never be resolved.
However, I have done the heroic way of removing the rootkit, but it looks like the rootkit had a trap waiting for you, that the instant the primary code was removed, a new malicious code that was on backup moved in, and destroyed the MBR, leaving your computer unbootable.
Whenever rootkit scanners, and antivirus software scan for the rootkit, it gets as close to the system kernel as possible. If the rootkit is beyond that point, it will not be detected.
Our way of malware removal is the hardest out there, because we are using tools that are specified as safe, tumbling our way through every trap, worming through every hole and blockage, and killing the malware. Malware authors are smart these days, they will take us, the forum helpers, at great lengths.
One of the worst rootkits right now is TDL3. The writers of that malware, bunch of idiots, are currently revising it repeatedly, making it harder to detect. We are still relentless, and they continually battle against us, trying to make us give up. All they want is their money, but we "take it out of their hands", and remove them from the victim's computer.
We are not like your next door neighbor, whom can come over anytime, get on your computer, and have it clean in an instant. Instead, we are online, communicating with you via a messaging board, attempting to take every road as possible to make sure your data stays safe. Without our help, the qualified to help remove, your computer would not be clean.
Sometimes, these downfalls can happen in malware removal on the forums. It is because we may leave out certain data to you, or not explain our way of fixing enough, or even trying to rush things through and miss every trace, the important stuff. However, this was not the case this time. I was completely sure the data to you made full sense, and that your computer would successfully make it through the fix, but instead...like the risks that come with surgery, your computer was a victim of a risk. I am sorry that your computer had to take a turn for the worse, but to think that you would lose cooperation with me was unexpected. And for that, I felt like closing the thread, put my head down, and walk away. I am relentless, and will not give up.
Take a look at this thread, and look at me constantly being relentless, and the user being relentless. It took FOREVER to figure out what was wrong, but we did it...we got it fixed:
http://www.pchelpforum.com/fixed-hijackthis-logs/91641-new-problem-s-need-post-advice.htmlNow, I'm not trying to point out that it is not our fault, or mine especially...however, I will not quit, ever.
If you would like help in the future from this site, any one of us will stay with you no matter what and make sure your computer gets clean. We are on quite a tight infrastructure, that the computer must be 100% clean, and both the helper and the victim must be 100% sure the malware is gone, or else the thread goes on.
We do not make excuses, because the data we learn and the methods we adapt to have a way of completing themselves eventually. And with that said, we shall not be ashamed of this moment that a fix failed, but keep us looking ahead to make sure that this never happens again, and that we have fully prepared the victim, before the fix is run.
Please keep in mind that I AM sorry, and that I hope it all gets sorted out.
However, I do not want this topic to continue, as my post shall serve as a lesson to the malware fighters here why this type of situation cannot be unhandled, and that we shall always be relentless.
This thread will be closed, to avoid any other sarcastic remarks, and avoid any other struggles.
If you would like to create a new feedback thread, feel free to. But, this thread has now run its course and shall be closed!