TechSpot

Rootkit Pilar.c - No OS on boot

Inactive
By Kyndri
Apr 1, 2013
  1. Hi, this is my first time coming to this forum. I can master software in no time at all, but anything about the computer itself and I'm stumped. I bought a Dell Windows 7 computer in July of 2012. Within 6 months I'd already "killed" it. I got a laptop soon after so I haven't really tried to fix the desktop, but I'd sure like to get it working again.

    I used to download games from torrent sites. I never really had any issues until one day none of the torrents for a game that I wanted would work. I decided to do a simple Google search and downloaded the game from a link. BAD IDEA! The programs that I had running all shut down, one by one, then the computer did. I knew I was in trouble. Sure enough, starting it back up got me past the Dell screen, but when it is supposed to go on to loading Windows I get invalid boot option.

    I went online to try and figure out how to fix it. Since then I've gone thru the F12 menu to repair, re-setup, revert to factory; tried the Kapersky Rescue Disk and the complete image backups that I'd made the day I brought home the computer. All to no avail. I searched some more and downloaded the online Kapersky Rescue disk onto a flash drive, ran it and it found the Rootkit.Pilar.c virus, but it says it cannot be deleted or disinfected. Thanks a lot!! More searching and I've run the AVG Rescue disk which continually hangs up at about 70% scanned. DrWeb Rescue doesn't find anything. Avira rescue wouldn't even load. I dont remember the error message, but I couldn't even get to the scan.
    About the only thing I've been able to get to work is the Farbar thingie. I've attached the scan log. What should I try next? After all the things I've done so far, I'm no longer getting an invalid boot option, now I'm getting a no operating system error on boot. I can't get to the F8 menu, only F12 works. I was able to get to the F8 menu once, but I don't remember how I went about it, F8 wont do anything except the no operating system error.

    I await the masters' assistance. Thank you in advance!!!!

    Ky
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    Please observe forum rules.
    All logs have to be pasted not attached.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 18 days old)
    Ran by SYSTEM at 31-03-2013 16:09:42
    Running from J:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    Tcpip\Parameters: [DhcpNameServer] 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10

    ==================== Services (Whitelisted) ===================


    ==================== Drivers (Whitelisted) =====================


    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========



    ==================== One Month Modified Files and Folders =======

    2013-03-31 16:09 - 2013-03-31 16:09 - 00000000 ____D C:\FRST

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    c:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 11%
    Total physical RAM: 6126.46 MB
    Available physical RAM: 5450.96 MB
    Total Pagefile: 6124.66 MB
    Available Pagefile: 5454.91 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:888.46 GB) NTFS
    2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.17 GB) (Free:0 GB) UDF
    7 Drive j: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT32
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    9 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:4.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 980 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 2C0C533A

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 12 GB 40 MB
    Partition 3 Primary 919 GB 12 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 FAT Partition 39 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y RECOVERY NTFS Partition 12 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 919 GB Healthy

    =========================================================

    Partitions of Disk 5:
    ===============

    Disk ID: 01287000

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 980 MB 16 KB

    ==================================================================================

    Disk: 5
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 J FAT32 Removable 980 MB Healthy

    =========================================================
    ============================== MBR Partition Table ==================

    ==============================
    Partitions of Disk 0:
    ===============
    Disk ID: 2C0C533A

    Partition 1:
    =========
    Hex: 80002C00000000002B00000000000000
    Active: YES
    Type: 00
    Size: 0 byte
    ATTENTION ===> 0 byte partition bootkit on partition 1

    Partition 2:
    =========
    Hex: 00010100DEFE3F043F00000086390100
    Active: NO
    Type: DE
    Size: 39 MB

    Partition 3:
    =========
    Hex: 8019150507FEFFFF0040010000F08701
    Active: YES
    Type: 07 (NTFS)
    Size: 12 GB

    Partition 4:
    =========
    Hex: 00FEFFFF07FEFFFF003089010030E772
    Active: NO
    Type: 07 (NTFS)
    Size: 919 GB

    ==============================
    Partitions of Disk 5:
    ===============
    Disk ID: 01287000

    Partition 1:
    =========
    Hex: 800101000B01FFFF20000000E0A31E00
    Active: YES
    Type: 0B
    Size: 980 MB

    ==================== End Of Log =============================

    *****************************************************************************************************
    *****************************************************************************************************

    • For 64bit systems, download Listparts64 and save it to your flashdrive
    • Download attached fix.txt file.
      Save it to your flash drive.
    Enter System Recovery Options again.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\listparts (for x64 bit version type e:\listparts64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • Press Fix button.
    • ListParts will process the script in Fix.txt
    • When finished please press the Scan button.
    • It will make a log (Result.txt) on the flash drive. Please copy and paste it to your reply.
    See if you can boot normally.
    If not re-run FRST and post new log.
     

    Attached Files:

    • fix.txt
      File size:
      112 bytes
      Views:
      3
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.