1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Disk diagnostic tool blocking everything

Discussion in 'Virus & Other Malware Removal' started by pallgood, Mar 4, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. pallgood

    pallgood Thread Starter

    Joined:
    Mar 4, 2011
    Messages:
    19
    A disk diagnostics program pops up when I try to boot a Windows XP computer. I'm unable to use task manager and the program even pops up in safe mode preventing me from downloading a fix. Is there any way around this program without having to reinstall windows?


     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Are you posting from the infected computer?
     
  3. pallgood

    pallgood Thread Starter

    Joined:
    Mar 4, 2011
    Messages:
    19
    No, I can't do anything at all from the infected computer. I can't get past the disk diagnostics screen without paying for their software.
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    I recommend Avira rescue CD in your situation. The process is very simple and easy to follow. One stipulation that must be followed. The CD must be created on a known clean PC, from the same PC print off the instruction, they really are very easy to follow. All you need is a blank writable CD, everything else is included in the tutorial. Obviously the PC must have a burner.
    All instructions are available here Avira Rescue System Read through the instructions a couple of times to familiarize yourself with them, create the CD and print off the instruction. It will be to your advantage to have the instructions available during the process.
    When complete post back to this thread in the forum,

    Kevin
     
  5. pallgood

    pallgood Thread Starter

    Joined:
    Mar 4, 2011
    Messages:
    19
    I made the Avira disk and ran it two different times from the infected computer. Trojan TR/Crypt/XPACK.Gen was found and the files were renamed, however, when I restart the computer the disk diagnostic tool is still the first thing that pops up and again prevents me from going any further without purchasing their software.
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hiya pallgood

    Boot into safe mode with command prompt :-

    Re-boot and continously tap F8 key until you see the Windows Advanced Menu, from the options select "Safe Mode with Command prompt.

    At the prompt type regedit then tap enter

    In regedit expand the following :-

    HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/System do not expand "system" but select the folder.

    In the righthand pane you should see DisableTaskmanager, it will have a value of 1. Double click on that entry, in the new box that opens change the value to 0 then click OK.

    Close regedit, type exit, tap enter. Reboot, again do the F8 key but boot safe mode with networking.

    Select Ctrl-Alt-Del keys together, does taskmanger open for you now, if so look under processes for entries similar to the following:

    31547921.exe or tGlv2s45QfDnr.exe. click end process.

    If that works update and run a quick scan with Malwarebytes. Kill anything it finds.

    Post the log in next reply...
     
  7. pallgood

    pallgood Thread Starter

    Joined:
    Mar 4, 2011
    Messages:
    19
    Deleting that registry key re-enables task manager but when I close the Windows Boot Failure application I am only left with a black screen and no way to run Malwarebytes.

    I was, however, able to run Malwarebytes from the command prompt and that log is attached.
     

    Attached Files:

  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    What is the status of your system now, can you boot to a desktop in Normal or Safe Mode with Networking? We need to run Malwarebytes again but it needs to be updated first,

    Kevin...
     
  9. pallgood

    pallgood Thread Starter

    Joined:
    Mar 4, 2011
    Messages:
    19
    The disk diagnostic tool still pops up preventing me from booting to a desktop in either mode. I ran Malwarebytes again but it didn't find anything.
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Can you boot Safemode with Networking, next open Taskmanager. Do you see any random lettered or random numbered or mix of both executable running under processes? if so kill it/them... Any good?
     
  11. pallgood

    pallgood Thread Starter

    Joined:
    Mar 4, 2011
    Messages:
    19
    The only process running are: mfefire.exe, mfextps.exe, svchost.exe (running three times one as local service, one as network service, and one as system service) taskmgr.exe, svchost.exe (running two more times one as network service and the other as system service) lsass.exe, service.exe, winlogon.exe, csrss.exe, smss.exe, sytem, and sytem idle process.
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    What is your Operating system?
     
  13. pallgood

    pallgood Thread Starter

    Joined:
    Mar 4, 2011
    Messages:
    19
    xp professional
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Bottom left hand corner of Taskmanager, put tick in "Show Processes from all users" do you see any random named/numbered exe`s now?
     
  15. pallgood

    pallgood Thread Starter

    Joined:
    Mar 4, 2011
    Messages:
    19
    There are no other processes running (I already had that box checked).
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/984118

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice