help with sys restore: problems after running GMER
here is the problem I had
[url="http://www.lavasoftsupport.com/index.php?showtopic=28473"]http://www.lavasoftsupport.com/index.php?showtopic=28473[/url]
I followed the instructions, I was able to do sysrestore and ERUNT. I then tried GMER which froze my computer twice, but i think it is because something was running in the background (rainlendar). So I closed that after restarting and reran GMER which seemed to work fine now so I left the scan running and when I returned, my computer had been restarted and now can't even get to the desktop! So I can't even access the log if it was created and can't run hijackthis. So I have no logs I can post - the only one I could save was the Adaware scan log on the desktop, but I can't get to it..
It seems like the computer does load up to the desktop but it is just a blank black screen with my mouse cursor on it. When I press ctrl+alt+del some options are displayed like normal, but without the task manager. Is it possible that GMER automatically deleted files?
What is happening, please help.
I think i need to use MS-dos to do a sys restore or something - i dunno, i'm lost please help - i'm a uni student without a scholarship and can't afford to have it looked at by an expert.
*************************
I left GMER running and when I returned my computer had restarted. It doesn't even go to the desktop now, it just shows up as a black screen with my mouse cursor on it. I can press ctrl+alt+del and all options show up except the go to task manager one. How can I get my computer the way it was before I ran GMER, so I can post my logs?
*************************
Hi,
You've used an advanced malware removal tool without supervision - unfortunately we can't offer support here.
You have two options:[list]
[*]Try the GMER website: [url="http://www.gmer.net/#start"]http://www.gmer.net/#start[/url] there is a contact page to contact the author of the tool for help
[*]Post in the HJT forum for advice from a malware removal expert who will have some knowledge about the removal tool
[/list]Casey
*************************
I was told to follow the HJT instructions which was to run GMER and get a log, which I did but it restarted my computer. I DID NOT select anything saying 'delete what was found in the scan'. I followed the instructions in 'read before posting' one of those pinned ones at the top, and this is what happened.
*************************
Ahh ok. I'll move this topic then to the HJT forum for one of the malware removal experts to have a look at and help you. Please do not reply to this topic until a VSA has replied.
Casey
*************************
EDIT: I found your original HJT topic and have merged it with this one. Please be patient and wait for a response. Casey
[url="http://www.lavasoftsupport.com/index.php?showtopic=28473"]http://www.lavasoftsupport.com/index.php?showtopic=28473[/url]
I followed the instructions, I was able to do sysrestore and ERUNT. I then tried GMER which froze my computer twice, but i think it is because something was running in the background (rainlendar). So I closed that after restarting and reran GMER which seemed to work fine now so I left the scan running and when I returned, my computer had been restarted and now can't even get to the desktop! So I can't even access the log if it was created and can't run hijackthis. So I have no logs I can post - the only one I could save was the Adaware scan log on the desktop, but I can't get to it..
It seems like the computer does load up to the desktop but it is just a blank black screen with my mouse cursor on it. When I press ctrl+alt+del some options are displayed like normal, but without the task manager. Is it possible that GMER automatically deleted files?
What is happening, please help.
I think i need to use MS-dos to do a sys restore or something - i dunno, i'm lost please help - i'm a uni student without a scholarship and can't afford to have it looked at by an expert.
*************************
I left GMER running and when I returned my computer had restarted. It doesn't even go to the desktop now, it just shows up as a black screen with my mouse cursor on it. I can press ctrl+alt+del and all options show up except the go to task manager one. How can I get my computer the way it was before I ran GMER, so I can post my logs?
*************************
Hi,
You've used an advanced malware removal tool without supervision - unfortunately we can't offer support here.
You have two options:[list]
[*]Try the GMER website: [url="http://www.gmer.net/#start"]http://www.gmer.net/#start[/url] there is a contact page to contact the author of the tool for help
[*]Post in the HJT forum for advice from a malware removal expert who will have some knowledge about the removal tool
[/list]Casey
*************************
I was told to follow the HJT instructions which was to run GMER and get a log, which I did but it restarted my computer. I DID NOT select anything saying 'delete what was found in the scan'. I followed the instructions in 'read before posting' one of those pinned ones at the top, and this is what happened.
*************************
Ahh ok. I'll move this topic then to the HJT forum for one of the malware removal experts to have a look at and help you. Please do not reply to this topic until a VSA has replied.
Casey
*************************
EDIT: I found your original HJT topic and have merged it with this one. Please be patient and wait for a response. Casey
0
-
Hi,
Are you able to reboot normally into safe mode?0 -
[quote name='Blade81' post='116543' date='Feb 13 2010, 01:51 AM']Hi,
Are you able to reboot normally into safe mode?[/quote]
I tried straight after it happened. When i press f8 i get the safe mode option and when I select it, it loads up but the desktop still appears black and blank. I can see my mouse cursor and the safe mode tags in the corners but can't do anything else. Do I have to do something through dos, like a sys restore or something to undo the GMER deletions, so I can get my logs?0 -
Hi,
[quote]something to undo the GMER deletions[/quote]
GMER doesn't delete anything so the issue must be caused by something else. When you press ctrl+alt+del what options you see listed there?0 -
[quote name='Blade81' post='116565' date='Feb 13 2010, 10:17 AM']Hi,
GMER doesn't delete anything so the issue must be caused by something else. When you press ctrl+alt+del what options you see listed there?[/quote]
I see shutdown, switch user, change password, log off.
there is no task manager like there used to be.0 -
Hi,
Could you try ctrl+shift+esc key combination and then from file menu choose new task and type explorer.exe? If that worked do this:
Download DDS and save it to your desktop from [url="http://www.techsupportforum.com/sectools/sUBs/dds"][b][color="seagreen"]here[/color][/b][/url] or [url="http://download.bleepingcomputer.com/sUBs/dds.scr"][b][color="seagreen"]here[/color][/b][/url] or [url="http://www.forospyware.com/sUBs/dds"][b][color="seagreen"]here[/color][/b][/url].
Disable any script blocker, and then double click [b]dds.scr [/b]to run the tool. [list]
[*]When done, DDS will open two (2) logs: [list=1]
[*] DDS.txt
[*] Attach.txt
[/list]
[*]Save both reports to your desktop. Post them back to your topic.
[/list]0 -
Hi, tried the ctrl shift esc thing and it didn't work. nothing popped up on the screen. still black, blank with my mouse cursor on it. 0 -
How about debugging mode (if available on list) or last known good configuration option, have you tried it? 0 -
Last Known Good Configuration option should exist on the advanced boot options screen. Was it Windows XP that you have there? Do you have the installation media handy? 0 -
The last known good configuration option is not available when I restart. It only has safe mode, safe mode with networking, safe mode with command prompt and start windows normally options. The cntrl shift esc thing does not work in safe mode either. 0 -
[quote name='Blade81' post='116614' date='Feb 15 2010, 12:42 AM']Last Known Good Configuration option should exist on the advanced boot options screen. Was it Windows XP that you have there? Do you have the installation media handy?[/quote]
I am running windows vista. I am unsure where I've placed the installation discs, but could probably track them down if needed. I tried the last known configuration settings, but still ends up with the same result. I also put it in debugging mode and still can't do the ctrl shift esc thing. There were some system restore and repair options in that advanced boot settings list, should I try to restore it? or is this a bad idea since the malware tries to block this process from happening?0 -
Hi,
Does safe mode with command prompt option work? If it boots long enough to let you type commands try to type [b]explorer[/b] command.0 -
[quote name='Blade81' post='116616' date='Feb 15 2010, 02:18 AM']Hi,
Does safe mode with command prompt option work? If it boots long enough to let you type commands try to type [b]explorer[/b] command.[/quote]
nope not able to type in any commands.
comes up with the same black, blank screen, with mouse cursor and safe mode tags in the corner.0 -
Ok. Looks like we're running out of options here. Please see if you can find the installation media.
EDIT: if that advanced boot options list has startup repair listed please try that.0 -
If I use the installation discs, will I lose the files I have on my computer? 0 -
Hi,
Current content shouldn't get lost if you don't reinstall the operating system.
When you reboot is there startup repair option in advanced boot options menu?0 -
[quote name='Blade81' post='116646' date='Feb 16 2010, 02:21 AM']Hi,
Current content shouldn't get lost if you don't reinstall the operating system.
When you reboot is there startup repair option in advanced boot options menu?[/quote]
yes start up repair is an option. should I try that first before using the restore media cd for my computer?
If I do use the cd, how do I make sure it doesn't reinstall the operating system?0 -
Hi,
Try that startup repair option and let me know if it fixes the issue. Don't do anything else yet.0 -
[quote name='Blade81' post='116656' date='Feb 16 2010, 04:14 AM']Hi,
Try that startup repair option and let me know if it fixes the issue. Don't do anything else yet.[/quote]
After getting to the advanced boot settings I selected 'repair your computer'. It then came up with a pop up box with a few other selections (startup repair, system restore, windows complete PC restore, Windows memory diagnostic tool, command prompt and TOSHIBA recovery wizard). I clicked the start up repair option but it said it could not detect a problem. The command prompt option works and I tried typing in explorer and explorer.exe like you mentioned before but it comes up with
'explorer.exe' is not recognized as an internal or external command, operable program or batch file.
before the text you type it has the following
X:\sources\recovery\Tools>0 -
Hi,
It sounds like you ended up into Vista's recovery environment. Are you able to access c: drive there (by typing command c: in command prompt)?0 -
[quote name='Blade81' post='116656' date='Feb 16 2010, 04:14 AM']Hi,
Try that startup repair option and let me know if it fixes the issue. Don't do anything else yet.[/quote]
After getting to the advanced boot settings I selected 'repair your computer'. It then came up with a pop up box with a few other selections (startup repair, system restore, windows complete PC restore, Windows memory diagnostic tool, command prompt and TOSHIBA recovery wizard). I clicked the start up repair option but it said it could not detect a problem. The command prompt option works and I tried typing in explorer and explorer.exe like you mentioned before but it comes up with
'explorer.exe' is not recognized as an internal or external command, operable program or batch file.
before the text you type it has the following
X:\sources\recovery\Tools>0 -
[quote name='Blade81' post='116703' date='Feb 17 2010, 01:25 AM']Hi,
It sounds like you ended up into Vista's recovery environment. Are you able to access c: drive there (by typing command c: in command prompt)?[/quote]
I believe I can
It comes up with C:\>0 -
Good. Try following commands in c: drive:
[b]cd\windows\erdnt
dir[/b]
You should see directories with timestamps. Look for one that matches your backup moment.
Then give these commands in c:\windows\erdnt location (replace nameofthefolder with correct folder name):
[b]cd nameofthefolder
batch erdnt.con[/b]0 -
[quote name='Blade81' post='116715' date='Feb 17 2010, 03:28 AM']Good. Try following commands in c: drive:
[b]cd\windows\erdnt
dir[/b]
You should see directories with timestamps. Look for one that matches your backup moment.
Then give these commands in c:\windows\erdnt location (replace nameofthefolder with correct folder name):
[b]cd nameofthefolder
batch erdnt.con[/b][/quote]
for the first command cd\windows\erdnt dir
it says the system cannot find the path specified
This is how it looks when I type it in, not sure if it was right.
C:\>cd\windows\erdnt dir
i also tried
C:\>cd\windows\erdnt
When i put ERDNT on my computer I didn't use the installer, i Just extracted the files into a folder on my desktop. I can't remember what I named the folder, but If I could somehow browse through them I would know which one it was. That is also where the .exe file for ERDNT was saved, incase I needed to back it up.0 -
Hi,
Please run this command in command prompt:
[b]dir /s/a \erdnt.con[/b]
Note down locations (if any).0 -
[quote name='Blade81' post='116818' date='Feb 18 2010, 02:57 AM']Hi,
Please run this command in command prompt:
[b]dir /s/a \erdnt.con[/b]
Note down locations (if any).[/quote]
It says
Volume in drive C is S3A6274D004
Volume Serial Number is FE5D-6C8E
Directory of C:\Users\Roo\Desktop\reg backup\7-02-20100 -
[quote name='Blade81' post='116829' date='Feb 18 2010, 03:32 AM']Hi,
In command prompt, type these commands one by one (hit enter after each):
[b]c:
cd\Users\Roo\Desktop\reg backup\7-02-2010
batch erdnt.con[/b][/quote]
it says
'batch' is not recognized as an internal or external command, operable program or batch file.0 -
Hi,
In command prompt, type these commands one by one (hit enter after each):
[b]c:
cd\Users\Roo\Desktop\reg backup\7-02-2010
batch erdnt.con[/b]0 -
Hi,
While still in C:\Users\Roo\Desktop\reg backup\7-02-2010 folder please type this:
[b]erdnt.exe[/b]0 -
[quote name='Blade81' post='116831' date='Feb 18 2010, 03:51 AM']Hi,
While still in C:\Users\Roo\Desktop\reg backup\7-02-2010 folder please type this:
[b]erdnt.exe[/b][/quote]
it comes up with a pop up saying
with this program you can restore a registry backup of your windows NT/2000/XP system.
i have vista though, should I click on okay?0 -
[quote name='Blade81' post='116837' date='Feb 18 2010, 04:04 AM']Yes, allow it to restore.[/quote]
okay, done it. Computer still seems the same though. Should I restart my computer?
Is there anything else I should do while I still have this vista recovery window open, I had trouble getting into it last time trying to get the right timing when pressing esc.0
Please sign in to leave a comment.
Comments
66 comments