Unusual message during booting, virus assistance needed

Status
Not open for further replies.

LDog5000

Posts: 7   +0
Hello,
I have been experiencing difficulties with my computer and would greatly appreciate if someone knowledgeable could take a look at my logs (Malwarebytes Log, Super Anti Spyware Log and Hijackthis log) and let me know the extent of my problem.
To give a little background:

At first I couldn't run any scans or Hijackthis log, and my computer was freezing up and I was having to reboot by holding down the on/off button. In addition, when I would reboot, at the first screen, a message would appear:

"Invalid BOOT.INI file
Booting from C:\Windows\"

Sometimes I could successfully reboot and other times it would freeze and I would have do a manually reboot again. Also, when I was using the internet (Firefox) I would be redirecting to different sites and certain sites were being blocked (like Malawarbytes.com)

I was able to use a random generator to rename the Malwarebtyes application in order to run a scan successfully. Several items were detected and deleted, but I still couldn't install SuperAnti Syware or Hijackthis.
Finally, I downloaded AVAST and ran a scan, picked up a few more detections and deleted them and was able to run the Super AntiSpyware Scan and the Hijackthis log.
I still receive that message:
"Invalid BOOT.INI file
Booting from C:\Windows\"

So, that's the long and short of it, and I have those logs to post. I am not convinced that my computer is clean or in perfect working condition. Could someone take a look at the attached logs and let me know? Thank you ahead of time for your assistance and time.
 

Attachments

  • mbam-log-2009-06-20 (18-27-41).txt
    876 bytes · Views: 8
Run both MBAM and SAS again we need to see clean logs!

You did not elect to fix when you ran MBAM evidenced by "No action taken" in the log please clean this time.

After we have clean logs from above then do the below..

Download ComboFix

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Mike
 
Will do.

Ok. thanks for the response and direction. When MBAM detected that infected file, I tried to remove it but it told me it would have to restart the computer to do so. I clicked"restart now" and it apparently didn't remove it successfully. I will do as directed and run the scans again, run ComboFix and then post the logs. Thanks.
 
Ran Scans

Hi,
I have ran both the MBAM scan and the Super Antispyware scan again, as well as the Hijackthis scan. I will download and run the ComboFix when I get the ok from you- I am not sure that the two malware programs succeeded in removing what's infecting my computer. I have attached the MBAM log, Super Antispyware log and the Hijackthis log. I hope you can get back to me soon. Thanks!
 
Well they say they did on this run but we need clean logs so run both MBAM an SAS agin Quick scans, to confirm clean logs.

Clean logs or not then get me the ComboFix!

Mike
 
Combo Fix log done

Hi,

I ran the quick scans for MBAM and SAS and attached to this response. Also, I downloaded and ran Combo Fix. It apparently didn't successfully install the Mircorsoft Recovery Console, though I have wireless internet connected and I clicked 'yes' to download/install it- the error I received said the following:
"Boot Partition cannot be enumerated correctly"
I wonder if this is related to the "Invalid Boot.INI file" that I receive during the booting?
Anyway, I have attached the ComboFix Log as requested. I hope this helps to get us to the bottom of this infection. Lastly,I attached the most recent Hijackthis log.

Thanks again for you help and patience!
 
OK looks clean now! Finally!

On the Boot.ini do the below.

Hold down the Microsoft/Flag key and tap the Pause/Break key (end of top row).

This will bring up the System properties. Click Advanced - Startup and Recovery - Settings, then Advanced - Ediit. Copy for pasting the Boot.ini

Paste this to the thread.

Then to finish up and cover our bases do the below.

DrWeb

Go here Download DrWeb https://www.techspot.com/vb/post724044-3.html

Then....

Boot to Safe Mode only! Not with Networking and run...

DrWeb will fisrt do an Express Scan on its own when it completes then you should do a full scan.

The first Virus it finds select Cure and it will use this as the default automatically for all the rest. What it can't fix will be Quarantined!

This will take a while based on CPU and HD speed and size, but is worth it!

Mike
 
Hi Mike, I just tried to follow the first part of your instructions and got to the part in Systems Properties where you ask:
"Click Advanced - Startup and Recovery - Settings, then Advanced "
When I clicked 'Settings' in the Startup and Recovery section I received a message from System Control Panel Applet that read:
"The C:\boot.ini file can not be opened. Operating System and Timeout setting can not be changed."
This seems like a red flag. Any suggestions? I'll wait to here back from you before I download and run DrWeb.
Thanks.
 
Stuck

Hi Mike,
Just giving you an update. In the Startup and Recovery- Settings window, I clicked 'Edit' and it asked me if I wanted to create a Boot.ini file. I clicked 'Yes' and it brought up an blank Notepad file. So there isn't anything to copy and paste. It seems like I'll need to create a new one. Can you give me any advice? Thanks. I have included a screen shot of where I got to:
 
Status
Not open for further replies.
Back