Skip to content


Reply
Legendary Noble
malwarekiller
Posts: 3,980
Registered: ‎08-08-2011

Re: TROJ_GEN.R06CDLP malware removes, but keeps coming back

[ Edited ]

Yup! it will work fine....no worries.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
danceplus
Posts: 82
Registered: ‎01-30-2012

Re: TROJ_GEN.R06CDLP malware removes, but keeps coming back

Hi. I'll be at the location of the computer today. Since we did all that, Trend Micro no longer sees the virus. Do I still really have to do the fixmbr? Everything appears to be running perfectly (except Internet Explorer/Windows Update).

 

Thanks, again for all your help.

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,980
Registered: ‎08-08-2011

Re: TROJ_GEN.R06CDLP malware removes, but keeps coming back

[ Edited ]

yes as the mbr code is not standard one....what problems u are facing with internet explorer and windows updates? i can help u with that

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
danceplus
Posts: 82
Registered: ‎01-30-2012

Re: TROJ_GEN.R06CDLP malware removes, but keeps coming back

When running windows update, after choosing "Express" install, it goes to a new "cannot display page" window.

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,980
Registered: ‎08-08-2011

Re: TROJ_GEN.R06CDLP malware removes, but keeps coming back

[ Edited ]
Step 1.

1.Reset WU components in aggressive mode How do I reset Windows Update components?

2.Reset WU modules Repair & Fix Windows Updates with Fix WU Utility | The Windows Club

3.Try suggestions from this site:You cannot install some updates or programs with the Fixit half way down the screen as a first shot.
4.Please download and run interent explorer's microsoft fix it from here:

Download Windows Repair (all in one) from this site

Install the program then run

Go to step 2 and allow it to run Disc check


Posted Image


Once that is done then go to step 3 and allow it to run SFC


Posted Image


On the start repairs tab select advanced mode and click start


Posted Image


Select all the items and tick restart system when finished then click Start


Posted Image



Please let me know the status of updates.

 

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
danceplus
Posts: 82
Registered: ‎01-30-2012

Re: TROJ_GEN.R06CDLP malware removes, but keeps coming back

"OK.

 

Grab the disc in which we burned the windows ISO...

 

 

Before the Windows logo appears, you will be asked to press any key to boot from CD, so do just that.

 

A blue screen will appear and will begin loading XP setup from the CD.

 

repair Windows with the recovery console. Choose the SECOND option.

 

In the recovery console,choose c:/winodws if asked to then type in the following commands and hit enter after each command:

 

Fixboot c:

 

fixmbr  [say yes to any warnings]

 

chkdsk /r  [notice space between k and /]"

 

I'm having difficulty booting from the CD. When I select "Boot from CD drive", it still just boots into Windows. It does run the XP Pro SP3 from the CD drive, but it doesn't boot directly from the CD drive. Any ideas?

 

Thanks!

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,980
Registered: ‎08-08-2011

Re: TROJ_GEN.R06CDLP malware removes, but keeps coming back

[ Edited ]

I see u made mistake in MBRScan step u have to hit 0 when physical disk number is asked

 

Run MBRCheck.exe.
http://majorgeeks.com/MBRCheck_d7076.html

You will be presented with the following dialog:

Quote
Found non-standard or infected MBR.


Enter 'Y' and hit ENTER for more options:


Enter Y and press Enter.

The following dialog will be presented:
Quote
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:


Enter 2 and press Enter

The following dialog will be presented:

Quote
Enter the physical disk number to fix (0-99, -1 to cancel):


Enter >>0<< and press Enter

The following dialog will be presented:

Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:


Enter >>1<< and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:


Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:


Done! Press ENTER to exit...


Press EnterA report will be produced on the desktop. Post that report in your next reply.

 


Can u please upload hardlock.sys located here C:\windows\drivers\hardlock.sys

 

here: www.virustotal.com and post the link of results here on next reply.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
danceplus
Posts: 82
Registered: ‎01-30-2012

Re: TROJ_GEN.R06CDLP malware removes, but keeps coming back

OK. Attached are the MBR Check Report and the hardlock.sys

(Btw, I found this in C:\windows\system32\drivers)

(I had to zip up the hardlock.sys)

THANKS!

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,980
Registered: ‎08-08-2011

Re: TROJ_GEN.R06CDLP malware removes, but keeps coming back

[ Edited ]

Hi can u upload the hardlock.sys file to www.virustotal.com

 

allow VT to scan it and post the link to results on next reply.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
danceplus
Posts: 82
Registered: ‎01-30-2012

Re: TROJ_GEN.R06CDLP malware removes, but keeps coming back

Please use plain text.