Vundo Virus. Cannot Start in Safe Mode. Help!

I’ve apparently contracted the nasty Vundo virus, which hid behind file C:\Windows\System32\drivers\atapi.sys. I attempted to remove with various software, to no avail. Then got the dreaded Blu Screen of Death. Now I can’t even start in safe mode. Therefor can’t run chkdsk/f or anything else. Clueless of what to do now for fear of making matters worse. Before crashing I received Avast Warning of virus with Alureon-EU.


Hi Masley,

I hope you can receive the help you need in this thread since your other threads were effectively hijacked. Hopefully, someone will be along to help you very soon.


Hey, Masley, sorry for hijacking your last thread, didn’t mean to do so.

Try this: http://www.nu2.nu/pebuilder/

PeBuilder is very suitable for maintenance tasks when you can’t access your system. You can try making a BartPe Boot CD which should allow you to go online and scan your computer, do various other tasks and it is in a graphical user interface.

Hope it helps!

-CakeDoer

PS. Masley, I’m just trying to help you, you know…

cakedoer-GO AWAY!!!

@Masley can you get to normal mode ? Do you have an XP cd ?

If you have a cd then :

Put the Windows XP installation CD in your CD-ROM or DVD drive.
Use the Windows XP CD-ROM to start your computer.
At the “Welcome to Setup” screen, press R, and then press C to start the Recovery Console.
Type the number for the appropriate Windows XP installation, and then type the Administrator account password. (If no password just press enter)
Type the following commands, and then press ENTER after each command:

expand CD_Drive_Letter:\i386\atapi.sy_ C:\windows\system32\drivers

Note : CD_Drive_Letter: is the letter of your drive e.g. D

If (or once) you can get into normal mode :

[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
[*]Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

“%userprofile%\Desktop\TDSSKiller.exe” -l C:\TDSSKiller.txt -v

[*]If it says “Hidden service detected” DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
[*]When it is done, a log file should be created on your C: drive called “TDSSKiller.txt” please copy and paste the contents of that file here.

Essexboy, I DO have a cd. Yes, XP. Have to run from room to room, so bare with me please as I try.

No probs I will be going from forum to forum for the next few hours doing my thing ;D

Ok, I’m a moron when it comes to this stuff. What screen should I have open when inserting reinstallation cd? Tried in blue screen and black screen (where it “should” allow me to open in Safe Mode and doesn’t), but nothing opened in either?

Press DEL when your motherboard screen shows up. It goes to BIOS. Set your first boot device to your DVD/CD drive.

:wink:

If it still gives you a black or blue screen, then you might be doomed. :-\

What is your problem Cakedoer??? Stay off this post!!!

He is correct actually you will need to set your first boot device to CD There are some step by step instructions here if you have never done it before http://www.hiren.info/pages/bios-boot-cdrom

I think that the problem is that when he tries the boot CD he gets a black screen.

Hi cakedoer2,

He won’t be doomed if all things fail he can get the boot CD onto a USB stick
or he could work this following scheme:

Linux Rescue CD will rescue Windows systems could be placed on a USB stick,
it should be downloaded to a USB stick from a known clean machine.

Finnish av-vendor F-Secure placed a free free Linux Rescue CD online
with which Windows users can scan their systems on malware and recover lost data.
The 119MB large CD has a virus scanner and the programmes PhotoRec, TestDisk and smartmontools.
The first one isa recovery tool for data that have been lost while the user meant not to do this
or have been lost through a damages file ssytem.
TestDisk is a recovery tool to restore a lost partition,
while smartmontools has certain utilities to check the hard disk S.M.A.R.T. values.

It is also possible to place the Rescue CD onto a USB-stick or pen-drive
to scan from there.
The whole CD runs on a new Knoppix distribution
and a new F-Secure security platform.
The av-vendor warns that it is not possible to scan encrypted disks or files,
well that is a fact and logical":
http://www.f-secure.com/linux-weblog/files/f-secure-rescue-cd-3.11.23804-release-notes.txt
Download site:
http://www.f-secure.com/linux-weblog/files/f-secure-rescue-cd-3.11.23804.zip

So there are always options left,

polonus

Nice job, Polonus! I wonder if that will solve his problem.

Thanks for link. I could get to Boot Sequence, but here were options:

Onboard or USB Floppy (not present)
Onboard SATA Hard Drive
Onboard IDE Hard Drive (not present)
Onboard or USB CD-ROM Drive

I chose CD-ROM nothing happened.

I think you were supposed to choose SATA Hard Drive.

Did you save and exit ? That should have rebooted your system, then you should have seen “press any key to boot from CD”

And just to reiterate you can not get into normal mode either ?

No, cannot get into normal mode. I did save and exit, then black screen came up stating: Selected boot device not available. Even though it WAS on the list of 4 choices.

Sounds like a hardware problem as well. Unless you have an extremely rare (I’ve never seen one) BIOS virus

Is this a laptop or desktop - what is the make and model

Shouldn’t be hardware, just took out of box about 4 months ago, although have had for 4 yrs. Is a Dell Dimension E310.