[Resolved] Coupla Virus problems (Hijack log attached)

[bushka]

I first rewrote the thumb drive on another computer here at work.  Then, at a home computer, I downloaded the iso file to my desktop (220M).  Last, I ran the third program.  I designated the iso file on my desktop at home and pointed the program's output to the thumb drive.  Then today I hit F2 on the infected computer, with the thumb drive inserted, and let the computer boot up.  I tried rebooting several times, and while the thumb drive light flashes a little, nothing else happens.  I don't have a camera here at the store but could bring one tomorrow.  Any other thoughts so I can try and make it work more quickly?

[Hoov]

Nope. It sounds like its not set to boot to the thumb drive, but I need to see the BIOS to tell for sure, and the only way is with a camera.

[bushka]

OK, I'll take a pic of the bios screen that shows the order of what loads.

[bushka]

I didn't get the pic yet, but something occurred to me.  I've been using this laptop a little bit each day, and for several hours yesterday.  Not once did I get the same virus message from Avira that I was getting originally.  So yesterday I uninstalled Avira and then reinstalled.  Prolly didn't do anything, but I figured it couldn't hurt.  So everything's been fine until I just ran Malwarebytes.  During the scan, Avira popped up with that virus message.  It seems like Malwarebytes is triggering it!  Does that give any indication of what could be happening? I'll try to get the camera tonight otherwise.

[Hoov]

Does this only when you scan?

[bushka]

It looked that way.  However, I just did a quickscan on Malwarebytes and I did not get the virus message.

Anyway, I took the BIOS photo, and also a photo of the folders on the flash drive, if that helps any.  I had to make the images smaller to be able to upload, so I hope they are readable.

[Hoov]

Sorry it has taken so long to get back to you, I have had an absolutely hectic last couple of days.

I looked at your images and the first one is good, but the second one shows that there is at least one file missing. ldlinux.sys is not there. I would be willing to bet that is the problem. If at all possible I would like you to try following the instructions again. I am not sure where the error crept in, but make sure you get the correct ISO file when you download the Avira scanner.

Just in case you are wondering why I am having you do this, is this tool will be useful even after this fix is done. It would be something handy to keep around so that if you have a problem in the future, you can update this scanner and scan with it and it is totally independent of the windows installation it is scanning.

[bushka]

OK, thanks.  This is a frustrating process.  When I try to run unetbootin I get blocked saying I don't have necessary permissions.  I got this message the first time I ran it but somehow it downloaded anyway.  Tonight, when I tried to redo the download I couldn't get past this block.  I retried in safe mode and then unetbootin ran.  However, I still do not see the file you mention above on the flash drive.  :(   I tried downloading the iso file from the link you provided me, but it doesn't work from there.  Instead, I had to go here and down load a 220M file instead of the 54 or so M file you indicated:

http://www.avira.de/en/support-download-avira-antivir-rescue-system

Can you verify that this is the correct download?  I scrolled down and selected the iso file.

[Hoov]

That appears to be the correct file to download. About running unetbootin, that must be the problem. The computer that you are using to create this, what OS is it running?

[bushka]

I was using my home pc with Windows XP.  It did work OK from safe mode.  However, the flash drive still does not boot on the laptop.

[Hoov]

A couple more questions, and then I will provide you with a fix for the problem.

Were you logged into XP as an administrator? Are you having any problems with the XP machine?

[bushka]

 I wasn't logged in as admin, but I supposedly have admin access in my logon.  When I went into safe mode I tried to go in as admin, but the downloaded unetlogin file didn't show up on the desktop, so I rebooted under my safe mode logon, and then it worked.  I could login in as admin regular startup, and then try to download uneetlogin from there.  Is that where you're going?

[Hoov]

Not really but it sounds as if it should have worked. I am sending you a PM in a bit on what to do.

[bushka]

Still no go.  I extracted that zip file into the d:\ directory (flash drive) but it still didn't work.  I then zipped it again into a ldlinux folder as prompted, and still no go.  However, when I look at the contents of the ldlinux folder where files should have been extracted to, I don't see any files!

[bushka]

Are there any hidden files?  I just rezipped on the other computer and it asked if I wanted to replace ldlinux.sys.  I said yes, but I can't find such a file when I look.