Inactive Rootkit Pilar.c - No OS on boot

Status
Not open for further replies.
[FONT=Times New Roman]Hi, [/FONT][FONT=Times New Roman] this is my first time coming to this forum. I can master software in no time at all, but anything about the computer itself and I'm stumped. I bought a Dell Windows 7 computer in July of 2012. Within 6 months I'd already "killed" it. I got a laptop soon after so I haven't really tried to fix the desktop, but I'd sure like to get it working again.

I used to download games from torrent sites. I never really had any issues until one day none of the torrents for a game that I wanted would work. I decided to do a simple Google search and downloaded the game from a link. BAD IDEA! The programs that I had running all shut down, one by one, then the computer did. I knew I was in trouble. Sure enough, starting it back up got me past the Dell screen, but when it is supposed to go on to loading Windows I get invalid boot option.

I went online to try and figure out how to fix it. Since then I've gone thru the F12 menu to repair, re-setup, revert to factory; tried the Kapersky Rescue Disk and the complete image backups that I'd made the day I brought home the computer. All to no avail. I searched some more and downloaded the online Kapersky Rescue disk onto a flash drive, ran it and it found the Rootkit.Pilar.c virus, but it says it cannot be deleted or disinfected. Thanks a lot!! More searching and I've run the AVG Rescue disk which continually hangs up at about 70% scanned. DrWeb Rescue doesn't find anything. Avira rescue wouldn't even load. I dont remember the error message, but I couldn't even get to the scan.
About the only thing I've been able to get to work is the Farbar thingie. I've attached the scan log. What should I try next? After all the things I've done so far, I'm no longer getting an invalid boot option, now I'm getting a no operating system error on boot. I can't get to the F8 menu, only F12 works. I was able to get to the F8 menu once, but I don't remember how I went about it, F8 wont do anything except the no operating system error.

I await the masters' assistance. Thank you in advance!!!!

Ky[/FONT]
 

Attachments

  • Farbar.txt
    6.1 KB · Views: 1
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

Please observe forum rules.
All logs have to be pasted not attached.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 18 days old)
Ran by SYSTEM at 31-03-2013 16:09:42
Running from J:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

Tcpip\Parameters: [DhcpNameServer] 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10

==================== Services (Whitelisted) ===================


==================== Drivers (Whitelisted) =====================


==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========



==================== One Month Modified Files and Folders =======

2013-03-31 16:09 - 2013-03-31 16:09 - 00000000 ____D C:\FRST

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
c:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6126.46 MB
Available physical RAM: 5450.96 MB
Total Pagefile: 6124.66 MB
Available Pagefile: 5454.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:888.46 GB) NTFS
2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.17 GB) (Free:0 GB) UDF
7 Drive j: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:4.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 980 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 2C0C533A

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 12 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Disk ID: 01287000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 980 MB 16 KB

==================================================================================

Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J FAT32 Removable 980 MB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 2C0C533A

Partition 1:
=========
Hex: 80002C00000000002B00000000000000
Active: YES
Type: 00
Size: 0 byte
ATTENTION ===> 0 byte partition bootkit on partition 1

Partition 2:
=========
Hex: 00010100DEFE3F043F00000086390100
Active: NO
Type: DE
Size: 39 MB

Partition 3:
=========
Hex: 8019150507FEFFFF0040010000F08701
Active: YES
Type: 07 (NTFS)
Size: 12 GB

Partition 4:
=========
Hex: 00FEFFFF07FEFFFF003089010030E772
Active: NO
Type: 07 (NTFS)
Size: 919 GB

==============================
Partitions of Disk 5:
===============
Disk ID: 01287000

Partition 1:
=========
Hex: 800101000B01FFFF20000000E0A31E00
Active: YES
Type: 0B
Size: 980 MB

==================== End Of Log =============================

*****************************************************************************************************
*****************************************************************************************************

  • For 64bit systems, download Listparts64 and save it to your flashdrive
  • Download attached fix.txt file.
    Save it to your flash drive.
Enter System Recovery Options again.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\listparts (for x64 bit version type e:\listparts64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • Press Fix button.
  • ListParts will process the script in Fix.txt
  • When finished please press the Scan button.
  • It will make a log (Result.txt) on the flash drive. Please copy and paste it to your reply.
See if you can boot normally.
If not re-run FRST and post new log.
 

Attachments

  • fix.txt
    112 bytes · Views: 3
Status
Not open for further replies.
Back