Windows XP no reboot after System Tool virus - disk corruption?

[NineMilesHigh]

Hi.
On Dell Dimension 4600 /Windows XP system - it will not reboot after getting the 'System Tool' virus. It comes up with a blue screen saying:-

'A problem has been detected and Windows has been shut down to prevent damage to your computer.
If this is the first time you've seen this Stop screen restart your computer. If this screen appears again follow these steps:-
Disable or uninstall any anti-virus, disk defragmentation or backup utilities. Check your hard drive configuration and check for any update drivers. Run CHKDSK /F to check for Hard Drive corruption and then restart your computer.'

Chkdsk found one or more errors on the volume, but ran to completion.

Now when I insert the Windows XP disk to see if a repair may be possible the partitions on the first disk show up as:-
-: Partition1 [FAT] 47MB (40MB free)
C: Partition2 [Unknown] 76238 MB (76238 MB free)
Unpartitioned space 8MB

There is also a 2nd disk with a D [FAT] and E [NTFS] partition which appear ok.

Now, the C drive should have Windows XP on it.
So, do I assume that [Unknown] means it does not recognise the file system and it is therefore corrupt?
Would fixmbr or fixboot be worth a try?
What do you recommend?
Any recommendations on how I may try recover files from the drive?

Thanks
William

 

[Route44]

First thing, go to our Virus and Malware Removal forum, read the UPDATED 8 Step sticky, follow it step by step as given, and on that forum post with the required attached logs.

The reason for this is you could still be infected thus making any any other diagnostic steps virtually useless at this point.

 

[NineMilesHigh]

Cannot carry out any of the updated 8-step process

Hi.
Thanks for response.
Unfortunately, I cannot reach the stage to do any of what is suggested in that thread, as I cannot get the system started due to the error I described in my first post.
Regards
William

 

[Route44]

Okay, what is the make of your harddrive and can you access the BIOS?

 

[NineMilesHigh]

The drive is a Maxtor 6Y080L0 - 80GB IDE drive and yes, I can access the BIOS.
(When I mentioned CHDSK earlier, I was running it from Recovery Console).
Thanks.
W.

 

[NineMilesHigh]

An update:-
I managed to run chdsk /r from Recovery Console and it completed successfully. I can only assume it repaired something (it didn't say anything about any errors), as the next reboot attempt was successful, so I took it into Safe Mode and I am running MBAM which has found some issues. It is still running.
W.

Update:-
MBAM found Rogue.SystemTool, Trojan.Hiloti, Trojan.Agent and Trojan.Dropper. These have been removed.
I am running Avira now.
W.

 

[Route44]

yes, I was afraid there was still infection present. Good work on your part. After Avira runs and it comes back clean go to Seagate's website and download their free harddrive diagnostic utility called Seatools.

Burn it to a CD, place your DVD drive as forst bootable in your BIOS, place said CD in drive and reboot. The test will take over. Run the Long DST test.

 

[NineMilesHigh]

Update

OK.
So, MBAM found some trojans, fixed them and is now running clean.
Avira is running clean.
I ran SeaTools as you suggested - Long DST Test - passed ok.
(I am sure chkdsk has fixed something)
I ran TFC to clean up a bit.
The PC is stable at the moment.
W.

 

[NineMilesHigh]

Update

Just to let you know the 'no reboot /stop error' issue seems to have cleared as I mentioned in my earlier replies.

I have opened a new thread in the Malware forum to look closer into clearing up any malware/trojan issues.
Being helped there by Bobbye.

Thanks for your help.
W.

 

[Route44]

You are very welcome. Thanks for the update. Bobbye is excellent to work with. You are in good hands.