My desktop computer crashed and is inoperable after my wife opened an email attachment purporting to be from Australia Post.
Some details of the threat can be found here:
http://www.ssoalertservice.net.au/view/66cde211f3e5258ccbd712c91c489033
The free version of avast was active at the time of the incident and provided no warning.
???
are you able to start the computer in safe mode ?
Hi Pondus
Thanks for your concern. I tried the safe mode, but just got the bsod again. I’ve booted it from the dell emergency cd-rom, and am currently running the hard disk diagnostic, which is taking forever (it’s an old dimension 4700 with a 1tb hard drive).
I’ll let you know how it goes.
Dennis
[list]If that fails to get you back up and running
OK next we will work outside of windows then Please print these instruction out so that you know what you are doing
[*]Download OTLPENet.exe to your desktop
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
[*]Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads 
[*]Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy [*]Double-click on the OTLPE icon.[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start
[*]Drag and drop this attached scan.txt into the Custom scans and fixes box, or double click the scan box
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.
Hi essexboy
Thanks for that, great software, I take back everything I’ve ever said about Poms
The Dell scan revealed no problems (the drive is only a year old).
I loaded the Reatogo and ran the OTL but couldn’t follow your instructions fully as I was unable to find the scan.txt file referred to.
But the scan seemed to work. The output was a bit verbose, so I did it a second time with just the past day and I tried to post the output but it was still over the forum’s 10000 character limit and rejected. If you email me I can send you the files.
I guess in a worst case scenario I can format the drive using the disk partitioner and reinstall everything? I’ll wait to hear from you before doing that.
Thanks again.
Dennis
the log files are saved at the same place as you saved OTL
attach the files here
lower left corner > additional options > attach
if the log is to big, upload to http://www.mediafire.com/ and post the download link here
Hi Pondus
Thanks. Ive attached the files
Dennis
The scan.txt was attached to the bottom of the post. This forum software does not let me put it in a more prominent position
If this fails to let you reboot then I will need the full sacn done so that I can check out your system files
Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
[*]Insert your USB drive with fix.txt on it
[*]Start OTLPE
[*]Drag and drop fix.txt into the Custom scans and fixes box
[*]If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done to normal mode if possible
[*]Then post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
Hi Essexboy
Thanks for that, but the fix did not seem to work. Tried to boot normally and also in safe mode, but just bsod.
I attach the OTL file
Dennis
What does the blue screen say ?
Just looked at the log - could you run the fix again but this time ensure that you press the Run Fix button ;D
Thanks, Essex, have done it with the fix button, but still no go. Log file attached.
BSOD says:
problem has been detected and Windows has been shut down to prevent damage
o your computer
f this is the first time you’ve see tnis stop error screeen,
estart your computer. If this screen appears again, follow
hese steps:
heck for viruses on your computer. Remove any newly installed
ard drives or hard drive controllers. Check your hard drive
o make sure it is properly configured and terminated.
un CHKDSK /F to check for hard drive corruption, and then
estart your computer.
echnical information:
**STOP:0x0000007B (0xBA4C3524,0xC0000034,0x00000000,0x00000000)
OK that indicates a possible MBR problem
Boot to the Reatogo desktop.
Double click MBRFix.
A command prompt will be presented.
Type the following commands and press Enter after each line:
C:
cd C:
MbrFix /drive 0 fixmbr
Exit
Then try a reboot
Hi Essexboy
I did as you suggested and got an error message to the effect that the command was not recognised. So I copied the exe file to C drive and did it again. This time it asked me if I was sure I wanted to and I clicked y. I then did a normal reboot and it booted with no problems except I’ve lost all my desktop icons. Not to worry, better than the format and reinstall everything option.
Many thanks for doing this on a Sunday. Whatever Avast are paying yoi it’s not enough.
Dennis
OK now we have a base from which to start - lets run a fresh OTL scan and see what else needs clearing
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U /s
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
Hi Essexboy
I ran the OTL from the desktop as advised and for some reason did not get the popup to select all users. I pasted in the script and ran the quick scan, and only got the OTL file output, which I attach, but no extras file was generated.
Is it okay to use the machine now, or should I stick to the laptop for the time being?
Don’t know if the following is relevant or useful but
I use Firefox, not explorer and it was in Firefox when it crashed
I did a complete backup to G: a few hours before the crash, so if any files are missing from C: there’s a good chance I’ll be able to retrieve them
thanks again
Dennis
There will only be one file for subsequent runs, and dependant on what OTL shows I should be able to repair the damage
Could you attach the log please ;D
sorry, here it is
:-[
That looks good - to get your desktop icons back
1.Right-click the desktop.
2.Point to Arrange Icons By.
3.Click Show Desktop Icons.
Any further problems ?
hI eSSEX
That fix for the icons didn’t work, but I’m not worried about them, I’ll restore the ones I want over time. I’ve been using the laptop today, so not sure about other problems yet. The only things I’ve noticed so far is that
many thanks again, I’ll use the desktop tomorrow and let you know if there are any further problems.
cheers
Dennis