1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Virus in boot sector

By Zilliak ยท 8 replies
Feb 9, 2009
  1. So i had a virus i removed it theres one left in the boot secter i think and i load the screen the warning pops up theres a virus and its logs off and i try to log on and it repetivly does the same thing over again. What do i do? Its Xp Pro and i cna only get passed logg on to this user account and this it kicks me off within 5 seconds
  2. TheConqueror

    TheConqueror TS Rookie Posts: 19

    You can try two things here . If you are experienced with computers boot from outside of the OS using something like Hirens boot disk , all in one boot disk , or UBCD (Ultimate boot disk) when you download whichever you choose they will come integrated with AV so choose the most recent version of the disk as you will need the latest virus definitions some will give you the option to update them as you use them. Now if this at all seems to complicated use this method take out the hard drive and use Hdd to usb cable plug into a working computer and scan the hard drive witht he external computers AV this is the easiest method try both and if you have any questions feel free to ask let me know if this helps. XD
  3. Mugsy

    Mugsy TS Guru Posts: 394   +15

    Simple effective way to delete most virii.

    After having more than my share of trouble with viruses (virii?) that keep coming back after removal, I've found an effective two-step method that usually does the trick.

    (Addendum: If Windows is crashing, try Safe Mode).

    First, if you don't already have a copy, install "HiJack This" (versions prior to 2.0 work best for this), free software that shows you EVERYTHING that installs when you startup Windows.

    Look for programs that you can't easily identify.. often with meaningless filenames like "sjxckw.dll" (I just made that up, so don't look for it). If this is one of those viruses that re-install themselves every time you delete them, then there is AT LEAST ONE MORE such program in there (usually only two) that goes with it. Don't bother using HiJack to delete them, because it will not be able to delete the one that is "currently running". These viruses are installed as "Processes" that load so early in the boot process, no Antivirus program can load soon enough to delete them. You can delete one, but the other will simply put the deleted file back.

    Write down the names of these mystery programs (including path. Usually "C:\Windows\system32\") and reboot using the XP Installation CD.

    After the drivers load, the first menu includes "R for Recovery Console". This gives you a DOS-like cli where you can make some system level changes.

    It should detect your Windows installation as "1) Windows". Select it and enter your Admin password when prompted.

    Change to the folder where the suspect files reside (if you are unfamiliar with DOS, simply type "CD" (Change Directory) followed by the path to the suspect files (ex: cd \Windows\System32).

    Make sure the files you wish to delete are there by doing a DIR ("directory"). The "*" (asterisk) is a wildcard:

    ex: dir "sj*.*"

    If the file is found, RENAME it with with the REN command (only delete it if once you are POSITIVE it is safe to do so):

    ex: ren "sjxckw.dll" "sjxckw.dxx"

    Type QUIT to exit the Recovery Console and reboot. If the virus is gone, you can safely go back into the folder from Windows and delete them.

    This simple procedure works better than just about anything else. Great for getting rid of troublesome reappearing Adware as well.

    Let us know what happens.
  4. Zilliak

    Zilliak TS Booster Topic Starter Posts: 164

    haha well guess what fellas this virus is the ultimate virus there isnt even a removal for it yet my Highschool just called in homeland security, this virus also was found in the pentagon about 3 months ago, pretty insane i removed it, one of the exe's is mom.exe but thats not the whole virus the other part of it is unknown and there trying multiple way to remove it, it originated from china, and once again no official way to remove it.
  5. mflynn

    mflynn TS Rookie Posts: 2,655

    Well if it is unfixable we are wasting our time.

    So instead of talking about it lets do something!

    As Mugsy said try Safe mode, specifically Safe Mode with Networking.

    If you can get there log back here and do the below.

    Do the TechSpot 8 steps: https://www.techspot.com/vb/topic58138.html

    Skip no steps (do not install another virus scanner if you already have one, ask me before installing a Firewall).

    Most importantly update MalwareBytes and SuperAntiSptware!

  6. Zilliak

    Zilliak TS Booster Topic Starter Posts: 164

    Well i said before this is a virus that homeland security cant even fully remove and the Pentagon the nation supervisor were my dad works had issues with it

    Thats a beast virus

    Kudos to the chinese
  7. mflynn

    mflynn TS Rookie Posts: 2,655

    If they are that good then better take your problems there, as you say it's hopeless here!

    I really want to try to help you. But get off the POT!

    Are you going to do the 8 Steps and post your logs or not.

  8. Zilliak

    Zilliak TS Booster Topic Starter Posts: 164

    All atempts failed i tried everything posted all the programs every single secter, ever single square in is infected, i ahd to reformat
  9. mflynn

    mflynn TS Rookie Posts: 2,655

    Well there were ways to get them to work if you had let me know!

    Hope you didn't lose much!

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...