Possible virus

View previous topic View next topic Go down

Possible virus

Post by pklong on Wed Mar 02, 2011 8:46 pm

Hello-
I have a friend's laptop that their nephew was downloading pirated movies on their laptop and "apparently" acquired a virus since the computer does not have any spyware or antivirus software installed. Now the laptop shows briefly (i.e. a few milliseconds) the Toshiba splash screen then immediately a completely black screen with "Password =" in the top left portion of the screen. Appears to be a bios password prompt, but a bios password has never been set on this computer. As password attempts are made, a notation below "not certified" appears. At the third incorrect attempt, the computer shuts down.

Now, the tricky part is that F8, F10, F2, Del or any other combo is ineffective and cannot bypass this password. According to the nephew he thinks it's a trojan virus of some sort. I tried using Hiren's bootcd, but even after restart the "password =" prompt appears before the CD-rom boots. Any ideas or is this laptop toast?

Keith

pklong
Intermediate
Intermediate

Posts Posts : 115
Joined Joined : 2009-01-11
OS OS : Windows Vista Home Edition
Points Points : 30248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible virus

Post by pklong on Thu Mar 03, 2011 3:19 pm

UPDATE: So I have the password. The nephew set a BIOS password to the computer so who knows why he doesn't want anyone on this computer. The password was accepted with a message "Certified", but now the computer just stays on this screen. Does not continue the boot process or Windows splash screen. Hiren's BootCD is not loading. The only action seen is the hard drive LED light is constantly blinking/working. Where to go from here?

Thanks in advance!
Keith Long

pklong
Intermediate
Intermediate

Posts Posts : 115
Joined Joined : 2009-01-11
OS OS : Windows Vista Home Edition
Points Points : 30248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible virus

Post by Crush on Fri Mar 04, 2011 1:39 am

Hi,

Do you have access to another machine that can burn CD's?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42078
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible virus

Post by pklong on Fri Mar 04, 2011 6:23 am

yep, i can burn cd's on my own desktop or laptop. what do i need to burn?

pklong
Intermediate
Intermediate

Posts Posts : 115
Joined Joined : 2009-01-11
OS OS : Windows Vista Home Edition
Points Points : 30248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible virus

Post by Crush on Fri Mar 04, 2011 6:05 pm

Hi,


We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42078
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible virus

Post by pklong on Sat Mar 05, 2011 11:19 pm

no luck with the boot cd. computer will not boot past the bios password screen after entering the correct password. tried to enter bios, but del, f8, f2, etc does not work. so who knows what the boot sequence is but the boot cd will not load. i think this computer may be toast. any other ideas?

pklong
Intermediate
Intermediate

Posts Posts : 115
Joined Joined : 2009-01-11
OS OS : Windows Vista Home Edition
Points Points : 30248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible virus

Post by Crush on Sun Mar 06, 2011 12:54 am

Can you remove the CMOS battery? That will reset the bios password.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42078
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible virus

Post by pklong on Sun Mar 06, 2011 2:53 pm

i could remove the CMOS battery, but have been avoiding this procedure b/c with this model (Toshiba Tecra) you have to remove the case to access the battery. Unfortunately it's not accessed via a panel like most laptops. I may just have the nephew take the computer to someone else b/c I don't want to do damage to it. If it were mine it would be a different story. Thanks for the help though!!! :smile2:

pklong
Intermediate
Intermediate

Posts Posts : 115
Joined Joined : 2009-01-11
OS OS : Windows Vista Home Edition
Points Points : 30248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible virus

Post by Crush on Sun Mar 06, 2011 7:48 pm

No problem. Let us know if you decide to remove the cmos battery. I'm not sure that will give you the desired result but it's worth a try

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42078
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum