Announcement

Collapse
No announcement yet.

HP Pavillion Non-destructive system recovery lockup

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • HP Pavillion Non-destructive system recovery lockup

    My computer got infected with a particularly nasty virus, Antivirus xp 2008(9). I had no choice but to reformat, but unfortunately, something went wrong.

    The system recovery process goes fine, but then at the finish, the system just locks up. As soon I press the finish button, the system stops. I can't do anything, and the only thing I can do is to do a hard shutdown. I could just do a destructive recovery, but I have a lot of family pictures that I don't want to destroy. I really need help guys. The confuddling thing is that I was able to do the non-destructive system recovery before, without a problem, and the virus was gone utterly.

    The first time, and the successful time, my OS was Windows XP SP2.

    The second time, my OS is Windows XP SP3, and I think this may have to do with it.

    Not entirely sure though, but I really need a solution here, and again, the last thing I want is to reformat everything and lose my family pictures.

    HELP!

    EDIT: What I mean is that at the end of the system recovery, as soon as I press the finish button, the system just stops. I stay at that "finish" step, and the system just locks up. No start menu, desktop, nada. Just that "Congratulations, you're done" screen at the end of the recovery process.
    Last edited by Adaxa; 01-03-2009, 09:21 AM. Reason: Addt. info
    |TG-Irr|Adaxa
    Active in: BF2142, Project Reality


  • #2
    Re: HP Pavillion Non-destructive system recovery lockup

    This is after-the-fact, but that "rogue" program is easily removed. Here are the instructions to remove it from your system (for future reference).

    Have you tried the Windows Repair again? Just because it locks up for first time may not mean it'll lock up again the second time.
    |TG-18th| Acreo Aeneas
    TG World of Tanks Clan Executive Officer
    Former 9th & 13th

    Pronounciation: Eh-Cree-Oh Ah-Nay-Ess
    Still can't say it? Call me Acorn then. -.-





    SSDs I Own: Kingston HyperX 3K (240 GB), Samsung 840 Pro (256 GB), Samsung 840 EVO (250 GB), Samsung 840 x 2 (120 GB), Plextor M5S (120 GB), OCZ Vertex (30 GB)

    TG Primer and Rules

    Comment


    • #3
      Re: HP Pavillion Non-destructive system recovery lockup

      My sons computer seems to have been hit by something very similar. "Antivirus 2009"

      The removal instructions in the link above just have you run MalwareBytes (MBAM). Unfortunately, that won't run on that PC. Nothing happens when you try to launch the mbam setup. I can see it in the process list but no CPU usage and no change in memory usage. It seems like it is blocked somehow.

      It somehow also blocks me from getting to windows update site and prevents AVG from connecting to the update server.

      Anyone know where to find some more agressive instructions to try and remove this?

      Comment


      • #4
        Re: HP Pavillion Non-destructive system recovery lockup

        There might be a simpler workaround solution.

        Try installing MBAM onto a USB flash drive from another computer. Then insert the USB flash drive onto the infected system and run MBAM.

        In the meantime, I'll look for a more effective solution other than a complete reformat.

        Edit: It seems having MBAM run directly off of a USB flash drive is the only alternative.

        I'm going to try to find the other anti-malware software I used to remove a similar rogue AV program from my old rig.


        I found it. Ewido Anti-Malware. Apparently AVG/Grisoft bought over Ewido...so I'm guessing no more Ewido Anti-Malware.
        |TG-18th| Acreo Aeneas
        TG World of Tanks Clan Executive Officer
        Former 9th & 13th

        Pronounciation: Eh-Cree-Oh Ah-Nay-Ess
        Still can't say it? Call me Acorn then. -.-





        SSDs I Own: Kingston HyperX 3K (240 GB), Samsung 840 Pro (256 GB), Samsung 840 EVO (250 GB), Samsung 840 x 2 (120 GB), Plextor M5S (120 GB), OCZ Vertex (30 GB)

        TG Primer and Rules

        Comment


        • #5
          Re: HP Pavillion Non-destructive system recovery lockup

          Success! :)

          But I can't honestly say how I eventually got around all the roadblocks.

          I was using a flash drive to copy stuff from this PC to the infected one, but I didn't think to run directly from the flash drive...maybe that would have worked?

          In my case, I could get mbam's setup onto the infected Pc but it wouldn't run. I saw numerous suggestions on other forums about renaming it first etc to hide it from the malware.

          Anyway I tried som many different things...regedit deletes, cache cleaning, inside and outside of safe mode...that I am not sure what was the key. But at somepoint, all the sudden, I was able to run the version of MBAM I had installed with the bogus name "asdf". Previously even the renamed version wouldn't run, so I don't know what I did that allowed it to run now???

          Anyway, I was pessimistic because even though it would run, it couldn't connect to it's update servers (just like AVG and Widows Update). I ran the scan anyway and it found and removed 42 different infections, most labeled as Trojans. After the restart, it could then update, which I did and scanned again. It removed a couple more things.

          Now AVG update works, Windows Update works...I'm running an AVG scan now and it found something as well, but I think I'm pretty close to being clean again.

          All the wierd IE behavior, where every site shows up as "Possibly Infected...Don't you want to install Antivirus 2009?", is now gone.

          Thanks for the input....this was a nasty one!

          Comment


          • #6
            Re: HP Pavillion Non-destructive system recovery lockup

            Originally posted by Nerd Ferguson View Post
            Success! :)

            But I can't honestly say how I eventually got around all the roadblocks.

            I was using a flash drive to copy stuff from this PC to the infected one, but I didn't think to run directly from the flash drive...maybe that would have worked?

            In my case, I could get mbam's setup onto the infected Pc but it wouldn't run. I saw numerous suggestions on other forums about renaming it first etc to hide it from the malware.

            Anyway I tried som many different things...regedit deletes, cache cleaning, inside and outside of safe mode...that I am not sure what was the key. But at somepoint, all the sudden, I was able to run the version of MBAM I had installed with the bogus name "asdf". Previously even the renamed version wouldn't run, so I don't know what I did that allowed it to run now???

            Anyway, I was pessimistic because even though it would run, it couldn't connect to it's update servers (just like AVG and Widows Update). I ran the scan anyway and it found and removed 42 different infections, most labeled as Trojans. After the restart, it could then update, which I did and scanned again. It removed a couple more things.

            Now AVG update works, Windows Update works...I'm running an AVG scan now and it found something as well, but I think I'm pretty close to being clean again.

            All the wierd IE behavior, where every site shows up as "Possibly Infected...Don't you want to install Antivirus 2009?", is now gone.

            Thanks for the input....this was a nasty one!
            Great to hear you got rid of it.

            I was hit by the first one (the one before the 2008 one) a while ago (maybe 2007). It took me quite a bit of thinking and two days to get rid of it. Eventually it became a use of Ewido from a flash drive and HijackThis logs to determine if I had gotten rid of it.
            |TG-18th| Acreo Aeneas
            TG World of Tanks Clan Executive Officer
            Former 9th & 13th

            Pronounciation: Eh-Cree-Oh Ah-Nay-Ess
            Still can't say it? Call me Acorn then. -.-





            SSDs I Own: Kingston HyperX 3K (240 GB), Samsung 840 Pro (256 GB), Samsung 840 EVO (250 GB), Samsung 840 x 2 (120 GB), Plextor M5S (120 GB), OCZ Vertex (30 GB)

            TG Primer and Rules

            Comment


            • #7
              Re: HP Pavillion Non-destructive system recovery lockup

              Does Antivirus xp 2008 cause your desktop to display a blue screen as the screen saver?

              Anyway, it took a VERY long time, but finally I got to the start menu. However, my computer displayed that my 224 or something hard drive had no free space. I mean no free space whatsoever. 0 bytes of free space. Any idea why?
              |TG-Irr|Adaxa
              Active in: BF2142, Project Reality

              Comment


              • #8
                Re: HP Pavillion Non-destructive system recovery lockup

                Originally posted by Adaxa View Post
                Does Antivirus xp 2008 cause your desktop to display a blue screen as the screen saver?

                Anyway, it took a VERY long time, but finally I got to the start menu. However, my computer displayed that my 224 or something hard drive had no free space. I mean no free space whatsoever. 0 bytes of free space. Any idea why?
                As far as I remember, it shouldn't be messing around with free space since the "virus" isn't equipped to start replicating itself non-stop.

                You might be infected with another virus that is constantly replicating and taking up free space on your hard drive.

                Are you running any anti-virus software?
                |TG-18th| Acreo Aeneas
                TG World of Tanks Clan Executive Officer
                Former 9th & 13th

                Pronounciation: Eh-Cree-Oh Ah-Nay-Ess
                Still can't say it? Call me Acorn then. -.-





                SSDs I Own: Kingston HyperX 3K (240 GB), Samsung 840 Pro (256 GB), Samsung 840 EVO (250 GB), Samsung 840 x 2 (120 GB), Plextor M5S (120 GB), OCZ Vertex (30 GB)

                TG Primer and Rules

                Comment

                Connect

                Collapse

                TeamSpeak 3 Server

                Collapse

                Advertisement

                Collapse

                Twitter Feed

                Collapse

                Working...
                X