UBCD4Win Forums: Virus defends against UBCDW? - UBCD4Win Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Virus defends against UBCDW? CD will not complete boot

#1 User is offline   jrtech1 Icon

  • Newbie
  • Pip
    • Group: Members
    • Posts: 2
    • Joined: 06-August 08

    Posted 06 August 2008 - 06:28 PM

    Hi,
    This is a total mystery to me. I hope someone has an idea. I use UBCDW often in my work to great success, until now. I made a 3.2 disk last night and tested it on my machine. Everything worked as expected so I proceeded to boot an infected machine with my new disk. Everything booted up fine but a few of the antivirus programs included in UBCDW wouldn't run. I ran some anti spyware programs and cleaned out what they found. I then attempted a cold boot from the hard drive (C:) and the system booted to the desktop. so far so good. Then I ran the onboard Norton Antivirus and a few minutes into the scan, I got a BSOD with a comment about Panic_Stack_Switch and before I could write down what was on the screen, the machine rebooted several times, each time with a different BSOD message till the last one which said Unmountable_Boot_Volume. I shut the machine down manually and tried to restart. I tapped the F8 key and turned off auto restart. Then I tried safe mode and still get the last BSOD. I shut it down again and rebooted with my UBCDW disk only now, just after the part where you see the Windows XP screen and then the screen goes blue for a moment just before the shell configuration window opens that allows you to configure screen res, RAM disk and on disk swap file for UBCDW, the boot process stops cold. The cursor moves on the screen but nothing else happens. I thought that possibly my new disk was messed up so I tried one of my older UBCDW disks which have always worked but I get the same results. I checked the BIOS and every thing appears correct for boot order. I'm at a loss as to what step to take next. Any help would be most welcome.

    JR
    0

    #2 User is offline   masterchi Icon

    • Regular Member
    • PipPipPip
      • Group: Members
      • Posts: 199
      • Joined: 08-April 07

      Posted 06 August 2008 - 06:41 PM

      sounds like hardware.....Try MEMTest and HDD Tests. Definitly sounds like bad HDD to me though but run memtest also to be sure.
      0

      #3 User is offline   pcuser Icon

      • Project Programmer
      • PipPipPipPipPipPipPip
        • Group: Moderator & Development
        • Posts: 3,889
        • Joined: 20-November 04
        • Gender:Male
        • Location:Kneebrasskee

        Posted 06 August 2008 - 06:51 PM

        Quote

        just after the part where you see the Windows XP screen and then the screen goes blue for a moment just before the shell configuration window opens that allows you to configure screen res, RAM disk and on disk swap file for UBCDW, the boot process stops cold. The cursor moves on the screen but nothing else happens.


        This is not uncommon when booting UBCD4Win on a system with a corrupted hard drive/filesystem. I usually use either ntfs4dos or the recovery console to run chkdsk on the drive (sometimes twice) then UBCD4Win will usually finish booting again. The issue I see after you get UBCD4Win booting again is that you're still infected. Have you used EzPcFix to see what's getting started when windows loads? I suggest taking your time when removing entries with EzPcFix, google anything that you're not sure of and comparing with one or more healthy systems is helpfull. I would also make a backup of your windows\system32\config folder before you start just incase you remove/change the wrong thing.

        A couple of other places to check that EzPcFix doesn't look at are:
        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
        and
        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
        If you're afraid of taking any chances then the chances are great that you will never learn anything

        Multiboot Plugins - UBUSB (Ultimate Boot USB) - EzPcFix - RootKitty - Network Configuration Utility - UnIsoFS - A Small Linux Distro - SELogger - HashME - WSock - My Paypal
        0

        #4 User is offline   jrtech1 Icon

        • Newbie
        • Pip
          • Group: Members
          • Posts: 2
          • Joined: 06-August 08

          Posted 07 August 2008 - 04:53 AM

          First let me thank those of you who posted replies. I am very grateful that there are people out here that want to help. Now on to business. Please do not assume that my "nubie" tag implies that I don't have a clue.

          I have been operating my own modestly successful computer repair business for almost five years and have been deeply involved in computers since the 286 days, mostly in the hardware and network end of things. Most of my business, (about 70%) is virus and spyware removal and non mechanical data recovery. I have used Bart PE and now UBCDW extensively in these activities. I'm not trying to be defensive, I just want to optimize communications.

          That being said, I have a few questions about the responses to my post. First, it is my understanding that UBCDW is a stand alone bootable mini OS for a lack of a better description. I have used it to boot many machines with bad drives and even no drives at all. When a drive was bad it just didn't show up on the UBCDW desktop or most of the drive explorers. This is the first time I have seen this phenomenom.

          It is also my understanding that because we are not booting to the hard drive that beasties could not start, hide or defend themselves.

          I was pretty sure that I still had beasties on the hard drive when I booted to the C drive after using UBCDW to dig out the worst, (so I thought) of these beasties.

          When I first started with this machine, it would freeze on a red screen with a blue and yellow biohazard symbol / sign telling me I needed to get some anti spyware and scan my machine. (Rogue Antispyware) It would not boot to the desktop or do anything else for that matter.

          I was able to locate and delete a "Spy Sherriff" folder on my first UBCDW boot up using the A43 Explorer. My first Spybot S&D scan revealed Smitfraud.C and a few minor beasties. I couldn't get any of the antivirus apps to work on my new UBCDW disk but I was able to run some of the antispyware apps and removed what they found. This allowed me to boot Windows XP Home SP2 to the desktop and explore the C drive. When I used the Norton Antivirus program on the C drive to continue cleaning out the rest of the beasties is when things got messy. (See first post)

          I did notice one thing different when I tried to boot with UBCDW after the multiple BSODs. Just after the "starting CD...OK" and before the "setup is inspecting your system's hardware configuration" message, a similar DOS text style message flashes on the screen that says "Bootable CD Wizard v,2.0a1 Copyright © 2004 by Alex Kapylov". This message flashes by so fast that I had to video tape the UBCDW boot process just so I could read it. I do know that this is the first time I have seen this message when booting with UBCDW.

          As a side note, I think some dastardly villian type has dumped a bomb of some sort on the internet. This week I observed a drastic up swing in the volume of PCs comming in infected with serious, more resiliant malware. I have discussed this with a few of my peers and they indicated that they too have seen this spike in activity. Any thoughts?

          JR
          0

          #5 User is offline   masterchi Icon

          • Regular Member
          • PipPipPip
            • Group: Members
            • Posts: 199
            • Joined: 08-April 07

            Posted 07 August 2008 - 05:27 AM

            Still doesn't hurt to test the HDD and only takes 2 to 5 minutes of your time to run a quick test. Also the UBCD4Win loads into RAM and your first post near the end you mention trouble getting to UBCD4Win anymore so thats why i suggested MEMTest since if you have bad ram then no UBCD4Win will load and it will do odd things like that. Again only takes 2 to 5 minutes to run Memtest quickly just to ensure. Also try PCUser's suggestions of a Chkdsk as it could be a corrupt filesystem, see what gets repaired. The Windows Recovery Console is on the UBCD4Win disc (the initial boot menu) along with MemTest. A HDD Test is probably in the BIOS or you can create a bootdisc for Western Digital's Utility or Seagates Seatools depending on what drive you have. Post back results of Chkdsk and Hardware tests and if anything improved.

            Also, i don't think anyone here assumed your a newbie just yet.....your asking for help so we are just offering suggestions on things to try that you did not mention you have done yet in your original post, nothing more.

            This post has been edited by masterchi: 07 August 2008 - 05:30 AM

            0

            #6 User is offline   stidyup Icon

            • Forum News
            • PipPipPipPipPipPipPipPip
              • Group: Moderator
              • Posts: 5,808
              • Joined: 21-June 04
              • Location:Yorkshire, UK, Earth, Milky Way, the known Universe and probably the unknown too....

              Posted 07 August 2008 - 05:47 AM

              Avira AntiVir Rescue System

              Try running the above.

              Have you tried running any linux live CD/DVD's on the PC.

              If they fail to work it's hardware.
              RescueME Virus Removal

              Mirror



              Fear is the path to the dark side. Fear leads to anger. Anger leads to hate. Hate leads to suffering.
              0

              #7 User is offline   पागल Icon

              • Newbie
              • Pip
                • Group: Members
                • Posts: 10
                • Joined: 31-July 08

                Posted 07 August 2008 - 08:35 AM

                I think diagnosing the BSoD error message can clarified what is culprit? it my 0.00000000000000000001 cent.
                0

                #8 User is offline   homes32 Icon

                • Member
                • PipPip
                  • Group: Members
                  • Posts: 81
                  • Joined: 07-December 07
                  • Location:Minnesota, USA

                  Posted 07 August 2008 - 10:02 AM

                  this could also be a case of corrupt registry keys that the malware has left behind. I have seen a few cases where malware impersonates a legit system .dll or .sys to load itself and then passes control over to the real thing. removing the file will still have the registry pointing to it if the entry isn't removed and then windows will crash and burn when it won't load. the best way is to troubleshoot the stop message and see if it will list a file or something. try holding down the F8 key and selecting disable automatic reboot on system failure. if you can get registry access you can also do
                  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot=0

                  then check the error code here. http://aumha.org/a/stop.htm
                  0

                  #9 User is offline   rdsok Icon

                  • rdsok
                  • PipPipPipPipPipPipPipPip
                    • Group: Admin
                    • Posts: 6,041
                    • Joined: 02-October 05
                    • Gender:Male
                    • Location:Norman, Ok. USA

                    Posted 07 August 2008 - 06:52 PM

                    Personally I'm with PCUSER on this one... its a corrupted partition which is stopping the boot process and not a malware. The clue that gives that away is the Unmountable_Boot_Volume error.

                    This issue actually extends back into the MSDOS days even where a corrupted partition wouldn't even allow you to boot from a floppy disk and it is caused at the point that the corrupted partition is trying to be mounted.

                    The methods he already mentioned to correct it are the most used ones and the ones I'd also suggest you follow.
                    Plan A is always more effective when the device you are working on understands that Plan B involves either a large hammer or screwdriver....
                    0

                    #10 User is offline   stidyup Icon

                    • Forum News
                    • PipPipPipPipPipPipPipPip
                      • Group: Moderator
                      • Posts: 5,808
                      • Joined: 21-June 04
                      • Location:Yorkshire, UK, Earth, Milky Way, the known Universe and probably the unknown too....

                      Posted 08 August 2008 - 01:53 AM

                      If you can't repair the file system try using find and mount for data recovery.
                      RescueME Virus Removal

                      Mirror



                      Fear is the path to the dark side. Fear leads to anger. Anger leads to hate. Hate leads to suffering.
                      0

                      #11 User is offline   Deamon_Knight Icon

                      • Member
                      • PipPip
                        • Group: Members
                        • Posts: 47
                        • Joined: 22-July 07

                        Posted 11 August 2008 - 12:57 AM

                        I'm also in the computer Repair business and have also experienced situations where a corrupted filesystem has caused the UBCDforWin to fail to load without any failing hardware. I never got that software engineering degree so I can't describe why but I find ubuntu or other Linux based live environments useful for confirming this.
                        0

                        Page 1 of 1
                        • You cannot start a new topic
                        • You cannot reply to this topic

                        1 User(s) are reading this topic
                        0 members, 1 guests, 0 anonymous users