Possible virus

View previous topic View next topic Go down

Possible virus

Post by pklong on Thu 03 Mar 2011, 7:46 am

Hello-
I have a friend's laptop that their nephew was downloading pirated movies on their laptop and "apparently" acquired a virus since the computer does not have any spyware or antivirus software installed. Now the laptop shows briefly (i.e. a few milliseconds) the Toshiba splash screen then immediately a completely black screen with "Password =" in the top left portion of the screen. Appears to be a bios password prompt, but a bios password has never been set on this computer. As password attempts are made, a notation below "not certified" appears. At the third incorrect attempt, the computer shuts down.

Now, the tricky part is that F8, F10, F2, Del or any other combo is ineffective and cannot bypass this password. According to the nephew he thinks it's a trojan virus of some sort. I tried using Hiren's bootcd, but even after restart the "password =" prompt appears before the CD-rom boots. Any ideas or is this laptop toast?

Keith

pklong

Rookie Surfer
Rookie Surfer

Posts : 115
Joined : 2009-01-12
Operating System : Windows Vista Home Edition

View user profile

Back to top Go down

Re: Possible virus

Post by pklong on Fri 04 Mar 2011, 2:19 am

UPDATE: So I have the password. The nephew set a BIOS password to the computer so who knows why he doesn't want anyone on this computer. The password was accepted with a message "Certified", but now the computer just stays on this screen. Does not continue the boot process or Windows splash screen. Hiren's BootCD is not loading. The only action seen is the hard drive LED light is constantly blinking/working. Where to go from here?

Thanks in advance!
Keith Long

pklong

Rookie Surfer
Rookie Surfer

Posts : 115
Joined : 2009-01-12
Operating System : Windows Vista Home Edition

View user profile

Back to top Go down

Re: Possible virus

Post by Crush on Fri 04 Mar 2011, 12:39 pm

Hi,

Do you have access to another machine that can burn CD's?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Possible virus

Post by pklong on Fri 04 Mar 2011, 5:23 pm

yep, i can burn cd's on my own desktop or laptop. what do i need to burn?

pklong

Rookie Surfer
Rookie Surfer

Posts : 115
Joined : 2009-01-12
Operating System : Windows Vista Home Edition

View user profile

Back to top Go down

Re: Possible virus

Post by Crush on Sat 05 Mar 2011, 5:05 am

Hi,


We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Possible virus

Post by pklong on Sun 06 Mar 2011, 10:19 am

no luck with the boot cd. computer will not boot past the bios password screen after entering the correct password. tried to enter bios, but del, f8, f2, etc does not work. so who knows what the boot sequence is but the boot cd will not load. i think this computer may be toast. any other ideas?

pklong

Rookie Surfer
Rookie Surfer

Posts : 115
Joined : 2009-01-12
Operating System : Windows Vista Home Edition

View user profile

Back to top Go down

Re: Possible virus

Post by Crush on Sun 06 Mar 2011, 11:54 am

Can you remove the CMOS battery? That will reset the bios password.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Possible virus

Post by pklong on Mon 07 Mar 2011, 1:53 am

i could remove the CMOS battery, but have been avoiding this procedure b/c with this model (Toshiba Tecra) you have to remove the case to access the battery. Unfortunately it's not accessed via a panel like most laptops. I may just have the nephew take the computer to someone else b/c I don't want to do damage to it. If it were mine it would be a different story. Thanks for the help though!!!

pklong

Rookie Surfer
Rookie Surfer

Posts : 115
Joined : 2009-01-12
Operating System : Windows Vista Home Edition

View user profile

Back to top Go down

Re: Possible virus

Post by Crush on Mon 07 Mar 2011, 6:48 am

No problem. Let us know if you decide to remove the cmos battery. I'm not sure that will give you the desired result but it's worth a try

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Possible virus

Post by Sponsored content Today at 4:36 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum