Jump to content
Sign in to follow this  
steve595

Blank Screen

Recommended Posts

I all of the sudden started receiving the message below, and can no longer sign on to my wireless internet connection, so I thought it was probally the result of a virus or spyware... i went through the steps suggested, but after doing so my computer rebooted, and now comes up with a blank screen. any suggestions on what to do now?

 

thanks in advance

 

 

 

Whenever I start my laptop the following message appears:

WLTRAY.EXE - Bad Image

"C:\windows\system32\eappcfg.dll is either not design to run on windows or it contains an error. Try installing the program again using the original installation media or contact your system admistrator or the software vendor for support."

 

I have no idea what it is talking about?? Posted Image

 

Then under that it has abox that says:

 

Wi Fi catcher network locator

Your Wi Fi catcher band configuration is not compatible with your WLAN card band configuration.

Select yes to automatically change your wi fi catcher band configuration or no to keep your current band configuration.

yes or know

 

now my wireless internet connection does not work?

Share this post


Link to post
Share on other sites

Hello steve595

 

Sorry for the delay in responding - I am rushed off my feet at the moment.

 

What operating system is the machine running (XP, Vista, Win7)? Is it a 64-bit system?

 

Once I have this information we'll make a start :)

Share this post


Link to post
Share on other sites

Hello steve595

 

Sorry for the delay in responding - I am rushed off my feet at the moment.

 

What operating system is the machine running (XP, Vista, Win7)? Is it a 64-bit system?

 

Once I have this information we'll make a start :)

 

Share this post


Link to post
Share on other sites

Hello steve595 and :wp:

 

My name is JonTom

 

  • Malware Logs can sometimes take a lot of time to research and interpret.

  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.

  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.

  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.

  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.

I don't know the #-bit system, how would I tell?

Not to worry - the following scanner will run on 32- and 64-bit systems:

 

  • Download and run OTL by Oldtimer

     

     

  • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
  • Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
  • Check the boxes beside "LOP Check" and "Purity Check".
  • Under Custom Scan paste this in:

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

symmpi.sys

adp3132.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

  • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.

  • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
  • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.

Share this post


Link to post
Share on other sites

Hello steve595 and :wp:

 

My name is JonTom

 

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.

Not to worry - the following scanner will run on 32- and 64-bit systems:

 

  • Download and run OTL by Oldtimer
  • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
  • Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
  • Check the boxes beside "LOP Check" and "Purity Check".
  • Under Custom Scan paste this in:

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

symmpi.sys

adp3132.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

  • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.

  • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
  • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.

Share this post


Link to post
Share on other sites

Hello steve595

 

Are you able to boot into Safe Mode with Networking?

 

  • Reboot Your System in Safe Mode with Networking

     

     

  • Restart your computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the "Advanced Options" menu appears.
  • Use the arrow keys to select the Safe Mode with Networking menu item.
  • Press Enter.

If you are able to boot to SMWN, try the OTL download and run the tool from Safe Mode.

 

If you are still having problems come back and let me know :)

 

Share this post


Link to post
Share on other sites

Hi JonTom

 

No luck booting to SMWN, list some files then goes back to blank screen....

 

 

Hello steve595

 

Are you able to boot into Safe Mode with Networking?

 

  • Reboot Your System in Safe Mode with Networking
  • Restart your computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the "Advanced Options" menu appears.
  • Use the arrow keys to select the Safe Mode with Networking menu item.
  • Press Enter.

If you are able to boot to SMWN, try the OTL download and run the tool from Safe Mode.

 

If you are still having problems come back and let me know :)

 

Share this post


Link to post
Share on other sites

Hello steve595

 

No luck booting to SMWN

Okay. Are you able to reach the "Advanced Options" menu when you tap F8?

 

If you can reach it, please check to see if you have an option called "Last Know Good Configuration". If the LKGC option is available, please select it and allow the machine to attempt a restart.

 

If LKGC allows you back into Windows please go ahead with the OTL scan. If you are unable to get back in just let me know :)

Share this post


Link to post
Share on other sites

I am able to reach the "Advanced options" menu.

 

When selecting LKGC option the "starting windows logo" appears then it goes to the blank screen?

Share this post


Link to post
Share on other sites

Hello steve595

 

the "starting windows logo" appears then it goes to the blank screen?

It sounds as though there may have been some system damage.

 

The Windows 7 Operating System has a robust startup repair feature. Before we try anything more advanced (and involved) lets give it a go.

 

Please try the following:

 

 

  • Reboot the computer and access the "Advanced Options" menu by tapping F8 as you did before.
  • Use your up and down arrow keys to select "Repair Your Computer" and press Enter.
  • Select your keyboard language preferences and click on Next.
  • Select your user name and type in the password, and then click on OK. (If you did not set up a password, just click Enter).
  • Select Startup Repair.
  • Startup Repair will now scan your computer to attempt to find and fix any startup problems.

 

After trying the above please let me know if you are able to boot into Windows.

Share this post


Link to post
Share on other sites

Guess this isn't good

 

after following the procedure I rec'd the following

 

Startup Repair could not detect a problem.

 

I then Clicked finish

 

and then click restart

 

after trying to load windows it goes to the blank screen

 

 

Hello steve595

 

It sounds as though there may have been some system damage.

 

The Windows 7 Operating System has a robust startup repair feature. Before we try anything more advanced (and involved) lets give it a go.

 

Please try the following:

 

 

  • Reboot the computer and access the "Advanced Options" menu by tapping F8 as you did before.
  • Use your up and down arrow keys to select "Repair Your Computer" and press Enter.
  • Select your keyboard language preferences and click on Next.
  • Select your user name and type in the password, and then click on OK. (If you did not set up a password, just click Enter).
  • Select Startup Repair.
  • Startup Repair will now scan your computer to attempt to find and fix any startup problems.

 

After trying the above please let me know if you are able to boot into Windows.

 

Share this post


Link to post
Share on other sites

Hello steve595

 

Are you able to open Task Manager from the blank screen?

 

If your system tray is visible (bottom right hand corner of the screen) please try Right clicking and selecting Task Manager.

 

If there is no system tray, please try pressing the ctrl, alt and delete keys at the same time and see if you have the option to Start Task Manager.

 

You mentioned:

so I thought it was probally the result of a virus or spyware... i went through the steps suggested, but after doing so my computer rebooted, and now comes up with a blank screen

Can you let me know exactly what the suggested steps were and what you did?

Share this post


Link to post
Share on other sites

No Luck reaching task manager.

 

I was following the steps in the "Virus / Spyware cleanup & prevention post.

 

i was the last step I had ran Hijack this, when the computer rebooted and screen goes blank.

Share this post


Link to post
Share on other sites

Hello steve595

 

i went through the steps suggested

Could you please let me know exactly which tools you ran, and if you fixed/removed anything with them.

 

Please read through all of the following instructions carefully before doing anything.

 

Once you have read them, take your time with each step. If you have any questions just come back and ask. There is no rush.

 

 

  • xPUD

     

    We will need a USB stick (thumb/flash drive) and access to an uninfected machine (xPUD can also be ran from a CD - if you do not have a USB/flash drive available let me know).

     

    We need to prepare the USB stick. It is not absolutely essential that it is formatted, but it may help if it is:

     

  • Insert your USB drive ino the uninfected machine.
  • Click on Start > My Computer > Right click your USB drive > choose Format > Quick format.

Next

 

Next

 

Next

 

  • Remove the USB and insert it into the infected computer.
  • Boot the infected computer.
  • Press F12 and choose to boot from the USB.
  • Follow the prompts.
  • A Welcome to xPUD screen will appear.
  • Press File.
  • Expand mnt.
  • sda1,2...usually corresponds to your HDD.
  • sdb1 is likely your USB.
  • Click on the folder that represents your USB drive (sdb1 ?).
  • Confirm that you see driver.sh that you downloaded there.

Next

 

  • Press Tool at the top.
  • Choose Open Terminal.
  • Type bash driver.sh -af
  • Press Enter.
  • You will be prompted to input a filename.
  • Type the following:

userinit.exe

 

  • Press Enter.
  • The script will search for this file.
  • After it has finished, a report will be automatically saved to the USB drive called filefind.txt
  • Locate this file and right click it > choose rename > rename it to userinit.txt

  • Now we will do the same for explorer.exe and winlogon.exe
  • Go back to Tool > open terminal
  • Type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

explorer.exe

 

  • Press Enter.
  • Repeat the rename procedure > locate filefind.txt > right click it > rename > rename it explorer.txt
  • Do the same for winlogon.exe

Please note - all text entries are case sensitive.

  • Plug the USB back into the clean computer, and post the contents of the three renamed text files in your next reply.

Share this post


Link to post
Share on other sites

Hello steve595

 

Could you please let me know exactly which tools you ran, and if you fixed/removed anything with them.

 

Please read through all of the following instructions carefully before doing anything.

 

Once you have read them, take your time with each step. If you have any questions just come back and ask. There is no rush.

 

 

  • xPUD

     

    We will need a USB stick (thumb/flash drive) and access to an uninfected machine (xPUD can also be ran from a CD - if you do not have a USB/flash drive available let me know).

     

    We need to prepare the USB stick. It is not absolutely essential that it is formatted, but it may help if it is:

  • Insert your USB drive ino the uninfected machine.
  • Click on Start > My Computer > Right click your USB drive > choose Format > Quick format.

Next

 

After I press OK, the installation is completed an option comes up to reboot or exit. I do not recieve the "DiskImage" option discussed below.

 

  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded.
  • Verify the correct drive letter is selected for your USB device then click OK.
  • It will install a little bootable OS on your USB device
  • After it has completed do not choose to reboot the clean computer, simply close the installer.

Next

 

Next

 

  • Remove the USB and insert it into the infected computer.
  • Boot the infected computer.
  • Press F12 and choose to boot from the USB.
  • Follow the prompts.
  • A Welcome to xPUD screen will appear.
  • Press File.
  • Expand mnt.
  • sda1,2...usually corresponds to your HDD.
  • sdb1 is likely your USB.
  • Click on the folder that represents your USB drive (sdb1 ?).
  • Confirm that you see driver.sh that you downloaded there.

Next

 

  • Press Tool at the top.
  • Choose Open Terminal.
  • Type bash driver.sh -af
  • Press Enter.
  • You will be prompted to input a filename.
  • Type the following:

userinit.exe

 

  • Press Enter.
  • The script will search for this file.
  • After it has finished, a report will be automatically saved to the USB drive called filefind.txt
  • Locate this file and right click it > choose rename > rename it to userinit.txt

  • Now we will do the same for explorer.exe and winlogon.exe
  • Go back to Tool > open terminal
  • Type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

explorer.exe

 

  • Press Enter.
  • Repeat the rename procedure > locate filefind.txt > right click it > rename > rename it explorer.txt
  • Do the same for winlogon.exe

Please note - all text entries are case sensitive.

  • Plug the USB back into the clean computer, and post the contents of the three renamed text files in your next reply.

Share this post


Link to post
Share on other sites

Hello steve595

 

After I press OK, the installation is completed an option comes up to reboot or exit. I do not recieve the "DiskImage" option discussed below

Thanks for letting me know.

 

Lets see if the following provides us with a way forward:

 

 

  • Make sure you have the formatted USB stick in the uninfected system.
  • Double click on the unetbootin-xpud-windows-387.exe that you just downloaded.
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded.
  • Verify the correct drive letter is selected for your USB device then click OK.
  • It will install a little bootable OS on your USB device
  • After it has completed do not choose to reboot the clean computer, simply close the installer.

 

Next

 

Next

 

  • Remove the USB and insert it into the infected computer.
  • Boot the infected computer.
  • Press F12 and choose to boot from the USB.
  • Follow the prompts.
  • A Welcome to xPUD screen will appear.
  • Press File.
  • Expand mnt.
  • sda1,2...usually corresponds to your HDD.
  • sdb1 is likely your USB.
  • Click on the folder that represents your USB drive (sdb1 ?).
  • Confirm that you see driver.sh that you downloaded there.

Next

 

  • Press Tool at the top.
  • Choose Open Terminal.
  • Type bash driver.sh -af
  • Press Enter.
  • You will be prompted to input a filename.
  • Type the following:

userinit.exe

 

  • Press Enter.
  • The script will search for this file.
  • After it has finished, a report will be automatically saved to the USB drive called filefind.txt
  • Locate this file and right click it > choose rename > rename it to userinit.txt

  • Now we will do the same for explorer.exe and winlogon.exe
  • Go back to Tool > open terminal
  • Type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

explorer.exe

 

  • Press Enter.
  • Repeat the rename procedure > locate filefind.txt > right click it > rename > rename it explorer.txt
  • Do the same for winlogon.exe

Please note - all text entries are case sensitive.

  • Plug the USB back into the clean computer, and post the contents of the three renamed text files in your next reply.

If you are still having problems with the above just let me know :)

Share this post


Link to post
Share on other sites

Hello steve595

 

Thanks for letting me know.

 

Lets see if the following provides us with a way forward:

 

 

  • Make sure you have the formatted USB stick in the uninfected system.
  • Double click on the unetbootin-xpud-windows-387.exe that you just downloaded.
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded.
  • Verify the correct drive letter is selected for your USB device then click OK.
  • It will install a little bootable OS on your USB device
  • After it has completed do not choose to reboot the clean computer, simply close the installer.

 

Next

 

Next

 

  • Remove the USB and insert it into the infected computer.
  • Boot the infected computer.
  • Press F12 and choose to boot from the USB.
  • Follow the prompts.
  • A Welcome to xPUD screen will appear.
  • Press File.
  • Expand mnt.
  • sda1,2...usually corresponds to your HDD.
  • sdb1 is likely your USB.
  • Click on the folder that represents your USB drive (sdb1 ?).
  • Confirm that you see driver.sh that you downloaded there.

Next

 

  • Press Tool at the top.
  • Choose Open Terminal.
  • Type bash driver.sh -af
  • Press Enter.
  • You will be prompted to input a filename.
  • Type the following:

userinit.exe

 

  • Press Enter.
  • The script will search for this file.
  • After it has finished, a report will be automatically saved to the USB drive called filefind.txt
  • Locate this file and right click it > choose rename > rename it to userinit.txt

  • Now we will do the same for explorer.exe and winlogon.exe
  • Go back to Tool > open terminal
  • Type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

explorer.exe

 

  • Press Enter.
  • Repeat the rename procedure > locate filefind.txt > right click it > rename > rename it explorer.txt
  • Do the same for winlogon.exe

Please note - all text entries are case sensitive.

  • Plug the USB back into the clean computer, and post the contents of the three renamed text files in your next reply.

If you are still having problems with the above just let me know :)

 

Ok here you are, and thanks in advance.

I did have some problems, ie the computer not responding, and if I went out then back in it would work?

 

Search results for userinit.exe

 

39b1ffb03c2296323832acbae50d2aff /mnt/sda5/windows/system32/userinit.exe

24.0K Aug 3 2004

 

6de80f60d7de9ce6b8c2ddfdf79ef175 /mnt/sda3/Windows/System32/userinit.exe

25.5K Jul 14 2009

 

6de80f60d7de9ce6b8c2ddfdf79ef175 /mnt/sda3/Windows/winsxs/x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c/userinit.exe

25.5K Jul 14 2009

 

0e135526e9785d085bcd9aede6fbcbf9 /mnt/sda2/Windows/System32/userinit.exe

24.5K Jan 19 2008

 

0e135526e9785d085bcd9aede6fbcbf9 /mnt/sda2/Windows/winsxs/x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b/userinit.exe

24.5K Jan 19 2008

 

Search results for explorer.exe

 

a0732187050030ae399b241436565e64 /mnt/sda5/windows/explorer.exe

1008.0K Aug 3 2004

 

2626fc9755be22f805d3cfa0ce3ee727 /mnt/sda3/Windows/explorer.exe

2.5M Oct 31 2009

 

b95eeb0f4e5efbf1038a35b3351cf047 /mnt/sda3/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878/explorer.exe

2.5M Aug 3 2009

 

2626fc9755be22f805d3cfa0ce3ee727 /mnt/sda3/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1/explorer.exe

2.5M Oct 31 2009

 

9ff6c4c91a3711c0a3b18f87b08b518d /mnt/sda3/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6/explorer.exe

2.5M Aug 3 2009

 

c76153c7eca00fa852bb0c193378f917 /mnt/sda3/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691/explorer.exe

2.5M Oct 31 2009

 

15bc38a7492befe831966adb477cf76f /mnt/sda3/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430/explorer.exe

2.5M Jul 14 2009

 

 

Search results for winlogon.exe

 

01c3346c241652f43aed8e2149881bfe /mnt/sda5/windows/system32/winlogon.exe

490.5K Aug 3 2004

 

37cdb7e72eb66ba85a87cbe37e7f03fd /mnt/sda3/Windows/System32/winlogon.exe

279.0K Oct 28 2009

 

8ec6a4ab12b8f3759e21f8e3a388f2cf /mnt/sda3/Windows/winsxs/x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166/winlogon.exe

279.0K Jul 14 2009

 

37cdb7e72eb66ba85a87cbe37e7f03fd /mnt/sda3/Windows/winsxs/x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177/winlogon.exe

279.0K Oct 28 2009

 

3babe6767c78fbf5fb8435feed187f30 /mnt/sda3/Windows/winsxs/x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2/winlogon.exe

279.0K Oct 28 2009

 

c2610b6bdbefc053bbdab4f1b965cb24 /mnt/sda2/Windows/System32/winlogon.exe

307.5K Jan 19 2008

 

c2610b6bdbefc053bbdab4f1b965cb24 /mnt/sda2/Windows/winsxs/x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5/winlogon.exe

307.5K Jan 19 2008

Share this post


Link to post
Share on other sites

Hello steve595

 

Thank you for the information.

 

A question for you before we continue:

 

Do you have multiple operating systems installed on different partitions on this machine (Vista and Win7 for example?).

 

Please let me know in your next reply :)

Share this post


Link to post
Share on other sites

Hello steve595

 

Thank you for the information.

 

A question for you before we continue:

 

Do you have multiple operating systems installed on different partitions on this machine (Vista and Win7 for example?).

 

Please let me know in your next reply :)

 

The computer came with Vista on it, it was upgraded to window 7 several months ago. I dont know that I am computer literate enough to tell you about different partitions? Hope this helps...

Share this post


Link to post
Share on other sites

Hello steve595

 

I am conferring with one of our malware experts about your problem (this is just a quick post to let you know that I have not forgotten about you ).

 

I will get back to you as soon as I can :)

 

Best wishes

JonTom

Share this post


Link to post
Share on other sites

Hello steve595

 

Sorry for the delay in responding.

 

In order to diagnose exactly what is happening with this system we need to collect some registry hives for analysis. We will use xPUD to perform the collection.

 

Please work your way through the following steps:

 

  • Using the uninfected machine, download NTBRHive.exe and save it to the xPud flash drive we created earlier, in the root directory (e.g. F:\ or whatever drive letter Windows assigned that USB drive.)
  • Next, double-click NTBRHive.exe on your USB drive and let it run. You should see USB drive ready to collect hives. If you get an error message, STOP here and let me know.
  • Boot the infected computer from the updated xPud flash drive.
  • Select File on the left side.
  • You need to find which are Windows partitions on the infected computer and which is the flash drive. Typically, sda* are the hard drive partitions and sdb* is the USB. Select the various \mnt\sdb1 etc. until you see the flash drive based on the files. You should see hives.sh on the right window when you have selected the correct partition.

Posted Image

 

  • With hives.sh visible in the main window and only the correct sdb* selected that represents the USB drive, click Tool on the menu across the top and select Open Terminal.
  • In the terminal window type bash hives.sh (it's case sensitive) and press Enter to start the tool. The current directory will be shown, which should match the USB device, eg; /mnt/sdb1

Posted Image

 

  • When prompted to type the name of the hive, type the following bold text in lowercase and press Enter.

both

Posted Image

 

  • When complete, press Enter to exit the script
  • Type exit and press Enter to close the terminal window.
  • Power off the computer from the menu options on the left.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...