| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 113577 | 2010-10-26 09:22:00 | Acer Aspire won't boot | nofam (9009) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1147841 | 2010-10-26 09:22:00 | Have an Acer Aspire here which apparently crashed when a printer tried to update a driver, and now won't boot (cycles through the startup repair function, but is unsuccessful - same on normal/safe boot). I've slaved the drive, and NOD32 has found: F:\Windows\System32\drivers\disk.sys - Win32/Olmarik.ZC trojan - error while cleaning Strange it couldn't remove it, but I'm guessing the file is either fake, or a corrupted legit one, so what's the next step? Can I use the Vista Recovery CD to do a repair install on the system files? Or does that wipe things? Will do a rebuild if I have to, but owner wants a fast turnaround (don't they always? :rolleyes:) |
nofam (9009) | ||
| 1147842 | 2010-10-26 09:31:00 | Is it 32 or 64 bit Vista?? If you use Vista copy disk.sys to that folder Scan it with this kb.eset.com A removal tool for it. The file isnt fake, (its on this 64 bit Vista). Its probably infected |
Speedy Gonzales (78) | ||
| 1147843 | 2010-10-26 09:43:00 | Is it 32 or 64 bit Vista?? If you use Vista copy disk . sys to that folder Scan it with this . eset . com/esetkb/index?page=content&id=SOLN2372" target="_blank">kb . eset . com A removal tool for it . The file isnt fake, (its on this 64 bit Vista) . Its probably infected Cheers Speedy - it's 32-bit . . . . Problem I have is that I can't boot into the drive to run the removal tool, and there's no instructions on how to run it with a drive letter switch etc? Will disk . sys be on the recovery disk somewhere? |
nofam (9009) | ||
| 1147844 | 2010-10-26 09:49:00 | Is MSE on the PC you connected it to? Looks like that should remove it. It looks like its a rootkit Its actually Virus:Win32/Alureon.H. This also infects atapi.sys www.microsoft.com I have no idea if its on the recovery DVD or not, never had one. Its probably crashing because disk.sys is probably similar to atapi.sys ( its the main file for IDE hdd's / hdd's). You could try installing trojan remover. And scan the letter the hdd is on |
Speedy Gonzales (78) | ||
| 1147845 | 2010-10-26 09:51:00 | Will give that a try, thanks speedy :pf1mobmini: |
nofam (9009) | ||
| 1147846 | 2010-10-26 09:53:00 | No probs | Speedy Gonzales (78) | ||
| 1147847 | 2010-10-27 20:29:00 | So I'm pretty much out of ideas for this - I've cleaned the slaved drive up as best I can with NOD/MSSE/MBAM, put the drive back in the Aspire and run Kaspersky's rescue disc, which found a few more infections, and have run a CHKDSK from the Vista recovery console. But as I still can't boot into it to run any SFC commands, I'm not sure how to fix the drivers etc that have been damaged. I've spent long enough on it, so will probably end up rebuilding, but is there anything else I can try (a la XP's repair install that will fix system file errors, but leave user profiles/apps intact?) |
nofam (9009) | ||
| 1147848 | 2010-10-27 20:31:00 | How many files are/were infected?? If there's only a few, replace them | Speedy Gonzales (78) | ||
| 1147849 | 2010-10-27 20:47:00 | I did replace disk . sys with a known working one as you suggested Speedy, and all the other infections were files in \windows\temp . . . . I guess I could replace every file in \system32\drivers, but that could just cause more problems that it would solve . That's why I'd prefer an automated compare/replace system like sfc /scannow . |
nofam (9009) | ||
| 1147850 | 2010-10-27 20:50:00 | Umm the recovery DVD you've got. Does it have an install.win file in it (in the sources folder)?? You can replace whatever if you open it with something like 7-zip. I think you need to find out WHAT version of Vista 32 was on it first If it doesnt I could probably extract whatever and send it (hopefully its not too big) using teamviewer. I wouldnt worry about whats in the temp folder. Delete them |
Speedy Gonzales (78) | ||
| 1 2 | |||||