BOO/TDss.M?

You didn´t mess things up - we´re dealing with a very new and tough infection and not being able to access your HD with a Vista setup disk means we have limited possibilities of killing this infection. If anyone failed here, it is me telling you to run new utilities.

Anyway: if you cannot boot up from this computer - do you have access to another computer? If so, we´re going to burn a boot CD that is hopefully going to allow us to enter your computer and see if we can fix it.

• Download OTLPEStd.exe by OldTimer from here (a big download)
  
• Double-click on OTLPEStd.exe to burn the boot CD
  
• Reboot your system using the boot CD you just created. If you don´t know how to boot from CD, check out this page
  
• Booting will take quite some time, so please be patient
  
• Finally you should see the REATOGO-X-PE desktop. Find the OTLPE icon and double click it to run OTLPE
  
• Answer Yes and OK to all prompts
  
• Ensure the option Automatically Load All Remaining Users is checked
  
• OTL should now start. Set the option Drivers to Non-Microsoft
  
• Copy and paste the following text into the Custom Scans/Fixes field:
  

  /md5start
  atapi.sys
  iastor.sys
  ndis.sys
  userinit.exe
  winlogon.exe
  /md5stop

  
  
• Click Run Scan to start the scan
  
• When finished, a log file C:\OTL.txt will be created
  
• Please post the contents of the file in your next reply

Leave your computer in REATOGO-X-PE. Don´t switch it off.

I have access to my wifes computer



She has windows XP though so don't know if it will help.

Should I use a usb device?
I only HAVE CD-R 700mb disks. I don't know which to use

charles_bullard wrote:

I have access to my wifes computer

She has windows XP though so don't know if it will help.

That is perfect. Any computer able to burn a CD will do.

charles_bullard wrote:

Should I use a usb device?
I only HAVE CD-R 700mb disks. I don't know which to use

I think it is possible to create an USB rescue stick to run OTLPE, but a boot CD is much easier.

An blank CD-R 700 disk is fine.
See if you can burn that CD and restart the problem computer from that disk.

It keeps telling me that no windows installation is found in that OTLPE. I even tried to get it to browse inside the disc and says that target didn't produce anything windows 2000 or newer.


I can't get to the screen that shows on the website you listed to boot with cd. I don't understand I pressed F12 and I can't find where it talks bout the key or anything when I boot it gives me 4 options I am so lost. Going to keep trying to find the BIOS screen at boot up

You downloaded the OTLPEstd.exe and ran it to burn the CD, right?
Can you try to restart your wife´s computer with the boot disk, just to check if the boot disk was created correctly?

What kind of brand/model is the problem computer?

Gabethebabe wrote:

You downloaded the OTLPEstd.exe and ran it to burn the CD, right?
Can you try to restart your wife´s computer with the boot disk, just to check if the boot disk was created correctly?

Yes I did. I will try to restart my wifes computer with the disk in and make sure it was created correctly.

Gabethebabe wrote:

What kind of brand/model is the problem computer?

My computer is a Dell XPS 420 with Windows Vista. The disks says Windows XP professional.

I have restarted wifes computer with the disk inside. However it does nothing but straight to my regular stuff.

Have I really messed things up that bad.. LOL

Wait a minute - have you tried to start up your Dell XPS 420 from a Windows XP setup disk?

Because then I understand that it fails - Windows XP setup disks generally cannot find SATA disk drives.

If your wife´s computer boots Windows normally, it is because it is not told to startup from CD.

No I have been using the right disk. My wife's computer didn't come with a disk. Dell has that problem from what I heard bout XP. I also used the disk you had me make, on my wifes computer and told it to start up with the disc it worked. The only problem is that I can't get the file to work on my COMPUTER. The Vista one. The disk was made right just can't get the file to work with the computer thats all. I don't know what is going on.

The computer running Vista is the one I am having the problem with. The disk you had me make says its loading xp on there. I don't understand.....

Yes, the OTLPE boot disk is windows XP based. From there I can also repair damaged Windows Vista/Windows 7 systems.

Your Dell XPS 420 is the first computer that I encounter that cannot boot up from the OTLPE boot disk.

I need some new ideas now.

I finally got a scan with the text to run. I haven't gotten to see a finised log yet. I am still waiting.


There wasn't any prompts to say yes and ok to and there wasn't an option to load all remaining users.

If a log is produced I will have to load it to my usb device to post it cause I couldn't use the internet with the other computer.

What? You managed to boot up the Dell with the OTLPE boot disk?

That is good news.

It's probably just me. Don't worry if we can't get it. I am not it's time for a new pc anyways. LOL

The scan has finished but it didn't produce a log.. I don't know why maybe is because I didn't get to use it the regular double click way i had to open the folder and use it. So it didn't give me the options that you said it would.

My brain is starting to fry from all the crap this thing is putting me through.

I am very appreciative to you and this forum for allowing me to get help.


My wife says that she wants to start the Academy after she comes through you guys and makes sure her computer is clean.

Yea good news and bad news... It won't do right. Like I have stated before it won't allow me to run the file you requested then I use it without the command prompt box and it scans but don't produce a log. MY computer hates us.



When it finishes the scan it opens a log but there is nothing in it. So weird. As well the C:\ is now a X:\ but I say yes to the prompt to open the log and it still don't have any text in it.

I sent you a PM

You have now started up the Dell with the OTLPE disk and are looking at the Reatogo desktop right?

I would like you to browse your computer and find your harddisk. In one of our previous steps we have run mbrcheck. I want to run that again and see if it produces something intelligent.

It should be here:
C:\Users\charlie\Desktop\mbrcheck.exe

(not sure about the C:, maybe your Dell harddisk has another drive letter)

Ok it has detected Vista

OK

So what happened is that TDSSKiller managed to kill the infection and cured the infected Vista MBR by replacing it with a standard Vista MBR.

The bad thing is that it broke your operating system. Your original MBR was a non-standard Vista MBR and your computer cannot work with a standard Vista MBR.

We need a way to recuperate the original non-standard Vista MBR or else your computer is cooked.

I´m going to discuss this issue with my colleagues from the forum.

The Vista setup CD what does it exactly say? Any brand name or version or service pack or anything?

Operating System

Already Installed on your Computer


Reinstallation DvD
Windows Vista Home Premium 32bit

The software is already installed on your computer. Only use this dvd to reinstall the operating sysem on a Dell PC.
The dvd is not for reinstallation of programs or drivers.
Support for these products is provided by Dell.
For Distribution only with a new dell pc

2007 dell inc.


I also have a Driver and Utilities disk.
It says pretty much the same thing it supports Dell XPS 420 and 720.

For reinstalling Dell XPS Desktop Computer Software.


When I try using it. It ask me which option to chose... Install or find compatability online. However the online don't let me do anything. And when I try to install it can't find a compatable driver even after using the driver and utilities disk.


Anyways yes thats fine I don't have anything better to do with the computer as it is. I will be awaiting a response as for now I am going to be logging off for the day or I might be back later to see if there is anything new to see. Thank you so very much for the time you have put into this. I hate malware/virus crap.

And yes bout the worst one being eliminated I totally agree with you there. That has made alot of people very very happy. Just sad that it took almost 10 years to do.

Here is the log from the MBRcheck



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: (build 2600)
Logical Drives Mask: 0x008000fe

Kernel Drivers (total 83):
0x80400000 \i386\system32\ntoskrnl.exe
0x80615000 \i386\system32\halaacpi.dll
0xF7987000 \i386\system32\KDCOM.DLL
0xF7897000 \i386\system32\BOOTVID.dll
0xF73EC000 setupdd.sys
0xF7A4F000 \i386\system32\drivers\SPDDLANG.SYS
0xF73DB000 pci.sys
0xF73AD000 acpi.sys
0xF7989000 \i386\system32\drivers\WMILIB.SYS
0xF7487000 isapnp.sys
0xF7A50000 \i386\system32\drivers\OPRGHDLR.SYS
0xF7497000 ohci1394.sys
0xF74A7000 \i386\system32\drivers\1394BUS.SYS
0xF7707000 \i386\system32\drivers\PCIIDEX.SYS
0xF74B7000 mountmgr.sys
0xF7370000 ftdisk.sys
0xF7717000 partmgr.sys
0xF7993000 dmload.sys
0xF734A000 dmio.sys
0xF74E7000 \i386\system32\drivers\CLASSPNP.SYS
0xF7727000 usbehci.sys
0xF72F0000 \i386\system32\drivers\USBPORT.SYS
0xF7737000 usbuhci.sys
0xF7507000 usbhub.sys
0xF7997000 \i386\system32\drivers\USBD.SYS
0xF789F000 hidusb.sys
0xF7747000 \i386\system32\drivers\HIDPARSE.SYS
0xF7517000 \i386\system32\drivers\HIDCLASS.SYS
0xF774F000 usbstor.sys
0xF78A7000 kbdhid.sys
0xF7757000 kbdclass.sys
0xF775F000 mouclass.sys
0xF78AB000 mouhid.sys
0xF72D8000 SCSIPORT.SYS
0xF78C7000 VMSCSI.SY_
0xF77BF000 VIAPDSK.SY_
0xF7193000 viamraid.SY_
0xF712C000 SISRAID4.SY_
0xF77C7000 SISRAID2.SY_
0xF75F7000 SISRAID1.SY_
0xF7607000 SISRAID.SY_
0xF70F6000 si3531.SY_
0xF70DF000 SI3132B5.SY_
0xF6C04000 iastor86.SY_
0xF614C000 dmboot.sys
0xF720B000 cdrom.sys
0xF71FB000 disk.sys
0xF6135000 ksecdd.sys
0xF6112000 fastfat.sys
0xF6085000 ntfs.sys
0xF71EB000 cdfs.sys
0xF6058000 ndis.sys
0xF603D000 mup.sys
0xF7B98000 \SystemRoot\System32\drivers\audstub.sys
0xF799F000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF6863000 \SystemRoot\System32\Drivers\Modem.SYS
0xF79A3000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF5EE9000 \SystemRoot\System32\DRIVERS\ks.sys
0xF5FDC000 \SystemRoot\system32\drivers\ramdriv.sys
0xF684B000 \SystemRoot\System32\drivers\vga.sys
0xBAFEC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xBAFBB000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF5FD0000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF7BA8000 \SystemRoot\System32\Drivers\Null.SYS
0xF772F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7767000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAFA8000 \SystemRoot\System32\drivers\ipsec.sys
0xF79A7000 \SystemRoot\System32\Drivers\Beep.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF781F000 \SystemRoot\System32\watchdog.sys
0xF5F94000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF7A8A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xF6EB5000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF788F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBAAB4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBAA45000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA9C5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA9A3000 \SystemRoot\system32\drivers\afd.sys
0xBA97B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF74C7000 \??\B:\aswMBR.sys
0x7C900000 \I386\SYSTEM32\NTDLL.DLL

Processes (total 15):
0 System Idle Process
4 System
260 X:\I386\SYSTEM32\CSRSS.EXE
320 X:\I386\SYSTEM32\SERVICES.EXE
332 X:\I386\SYSTEM32\LSASS.EXE
452 X:\I386\SYSTEM32\SVCHOST.EXE
480 X:\I386\SYSTEM32\REATOGOLOGON.EXE
536 X:\I386\SYSTEM32\SVCHOST.EXE
1548 X:\I386\SYSTEM32\SVCHOST.EXE
1720 X:\I386\SYSTEM32\SVCHOST.EXE
1852 X:\PROGRAMS\wbload\wbload.exe
1980 X:\I386\SYSTEM32\SVCHOST.EXE
2036 X:\I386\EXPLORER.EXE
972 X:\I386\EXPLORER.EXE
1648 C:\Users\charlie\Desktop\unused shit\MBRCheck.exe

\\.\B: --> error 1
\\.\C: --> \\.\PhysicalDrive4 at offset 0x00000003`c3000000 (NTFS)
\\.\H: --> \\.\PhysicalDrive4 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive4 Model Number: WDCWD3200AAKS-75VYA0, Rev: 12.01B02

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive4 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Hey Charles,

I have consulted with my colleagues and they agree with what we have done so far. Nobody screwed up, we´re just in a tough spot. Most computers would work properly with the standard MBR. Yours does not

I have some new instructions.

Insert you vista CD in the Dell and boot from it.
As you reported earlier, it will not find any harddisks on your system, correct?
Is there an option to install customs drivers, or something? What are the options you find?

If there is, I want to try the following.

Download this file on your working computer:

http://www.megaupload.com/?d=62Y9K1VQ
It is a zip file.
Unpack the zip file.
Burn the files on a CD.

If you don´t know how to burn files to a CD, download imgburn
http://www.imgburn.com/index.php?act=download

Use the write files/folders to disk option and burn all the files that are in the zip file to a CD.

These are Dell pre OS-install disk drivers.
See if you can install them and have you vista setup disk find your harddisk.
If it does, report back to me please.

I got a tip from a dude at another tech forum.

Based on what you describe, it sounds like the BIOS is configured to run the hard disk in AHCI mode, but the AHCI driver isn't installed, so I would check the BIOS settings to see if AHCI is enabled, and disable it if it is.

Feel free to try this. It is outside my scope of knowledge. Reboot normally after this step.

I have just returned from a day trip with family. While I was away I bought a new computer. I have a guy thats going to replace the Vista with Linux. He wanted the computer for spare parts. So I thank you so much for trying to help me get this working. I have never had so much head ache from one computer. Again thanks..

Hey sorry this took so long. But we just tried doing the disc you suggested and GUESS WHAT..... IT WORKED!!!!!!!!!!!!!


TY

YOU ARE AWESOME.