The long road to recovery

I’m trying to recover my laptop drive from a ridiculous malware infection.  It’s something called “System Tools” and it does everything.  Browser hijack, disallows Ctrl-Alt-Del, disallows access to most system functions, disallows Task Manager, disallows the running of anything that even looks like it could be helpful in removing it.  It shows the most insanely over the top message about your system being infected:

System Tools screenshot courtesy of BleepingComputer.com

System Tools screenshot courtesy of BleepingComputer.com

I’m scanning through that drive using Malwarebytes’ Anti-Malware tool.1  Oh, and the program was kind enough to completely corrupt the NTLDR on the root of the drive ultimately making it unbootable.  Since the file was corrupted, I couldn’t install a new file over it.  I ended up doing a disk scan of that laptop’s drive, fixing those errors, copying a fresh version of the NTLDR file over to that drive where the corrupted one was, and hours later I’m still scanning through that drive using Malwarebytes’ software.

It’s 2AM my time and there’s no real end to the scan in sight.  Even after I’m done scanning and fixing and deleting those files, I’ll need to reinstall that drive into my laptop and see if it will boot.  If not, I’ll need to copy out all of my e-mail files from Thunderbird for use on another computer.  It’s not ideal by any means, but at least I’ll be (eventually) able to access my e-mails.

MWB has located 11 infected files so far.  I’m thinking it’s nearing the end of its scan because it’s now on the Windows directory and it was appearing to work in alphabetical order. 2 Still, the Windows directory is enormous.

So…  while I’m waiting for it to finish…  There’s really only so much you can do to prevent something like this.  Obviously, patching and updating your operating system, browsers, and security software is a must.  As Cyrozap suggests, frequent backups are critical. 3  You could switch to a Mac or Linux/Ubuntu/Debian.

I’d consider switching OS’s, but networking with the PC’s in my home as well as using my network printer seems like they’re right at the top.  Most of what I do these days is (a) e-mail via Thunderbird (b) web surfing and blogging via Firefox (c) word processing and spreadsheets via OpenOffice and (d) printing via ReplicatorG.

Okay.   Malwarebytes says it’s removed 11 threats.  What a rogue’s gallery.  Blech.  Time to disconnect the drive, pop it back into the laptop and see if I can boot it up.  For the sake of you, dear reader, consider this the bit on a cooking show where something that takes me time to prepare is instantaneous for your viewing pleasure.

Okay, Windows says the file “hal.dll” is missing or corrupted.  I’ll copy it over from this computer.

Dang.  I did that.  I’m getting a repeating pattern of boot, windows start options (safe mode, etc), windows loading, BSOD (blue screen of death) flash, and back to boot…

Dang.  I can’t break this cycle and the BSODE flashes way too quickly for me to tell what file it might be causing the problem.

Hoo boy.  This isn’t going to be fun.

  1. It’s an anti-malware tool by Malwarebytes for removing malware using anti-malware techniques to for malware byte removal. []
  2. I would have started in reverse chron, but whatever.  I’m not a malware expert.  I just play one on this blog. []
  3. Dang.  It’s not going in alphabetical order. []

2 Responses to “The long road to recovery”

  1. Cameron says:

    Dude, just copy all your important filed off the drive and reformat the drive, then reinstall Windows. All that would be easier and faster than trying to get rid of that nasty malware.

  2. MakerBlock says:

    @Cameron: I would have tried that… but the original owner mistreated the laptop so badly that he lost everything having to do with that computer. If I nuke the drive, I’m not sure I’ll ever get sound, trackpad, or anything else up and running. In any case, I have little choice at this point. Windows is gone and I don’t have a recovery disk for it. :/

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">