Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Extremely high CPU usage - HijackThis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Extremely high CPU usage - HijackThis log

Unread postby Odd dude » January 19th, 2009, 11:14 am

I've conferred with the developer of ComboFix. Turns out we would only need one floppy, not seven.
If floppies still are not an option, follow the instructions below. I am very sorry everything must be so complicated, but without floppies and without windows disc this sadly is the only way.

To a clean computer, download this file: http://distro.ibiblio.org/pub/linux/dis ... monkey.iso
This is a whole Linux operating system capable of booting from the CD and of performing various recovery tasks.

Open the .iso file with a CD burning program. Then burn it to a CD. The .iso file is a "compilation" on itself, be sure to burn it like that, NOT as a regular file.

If you don't know how to do this or if you only have the Windows cd burning programmes available, you can download a plugin which will enable Windows to do this task for you here: http://isorecorder.alexfeinman.com/

Download the version which is right for your OS (2 for XP, 3 for Vista), install it, right click the .iso file and choose burn to cd.

Write down the next instructions.

On the broken computer:
Insert the burned CD into the drive. If your computer doesn't boot from CD, you must alter the BIOS boot order so that the CD is first and the hard drive is second. For this you need to consult any manual that came with the PC, because I can't help you with this - I don't know what your BIOS looks like.

OK, if everything goes well it will say it's loading two files called vmlinuz and initrd.gz. Let it do so.

You will then be asked to pick a boot option. Just enter puppy and hit enter.

Follow the instructions on the screen and after three more questions you will boot to a Linux environment.

In Linux, click the icon Connect and follow the instructions to set up an internet connection.
Once everything is working, click Browse. Seamonkey (somewhat similar to FireFox) will start. Browse to this thread and download the file I attached to my post.

ntldr.txt


When asked where it needs to be saved, you must click Browse. Linux has a very strange way of numbering hard drives. Your hard drive will either be called /mnt/sda1 (/ means root) or /mnt/hda1. Anyway - it will be in this directory called mnt which is in the root of the Puppy drive structure. Rename ntldr.txt to ntldr, I had to name it ntldr.txt because the forum wouldn't allow me to attach it
A file can be renamed by clicking sda1 on your desktop (can also be hda1), right clicking it, choosing This file > Rename.

Once the file has been downloaded and saved, click Start > Shutdown > Reboot. You will get back to a DOS style environment and asked whether you want to save this session, up to you really, but I'd pick No.

Remove the disc from the drive and see if the issue is resolved now.

do you have ventrilo or aim or some sort of chat program so we can get through this a little faster?
Nope, sorry :(
You do not have the required permissions to view the files attached to this post.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Advertisement
Register to Remove

Re: Extremely high CPU usage - HijackThis log

Unread postby akenney87 » January 19th, 2009, 8:14 pm

ok i got linux to run but the ntldr file refuses to be saved to sda1 which is the name of my harddrive. I am able to save it int he /mnt directory but not /mnt/sda1. it says it's "because of an unknown error". i tried dragging it into the folder but that doesn't work either.
akenney87
Regular Member
 
Posts: 18
Joined: January 5th, 2009, 9:36 pm

Re: Extremely high CPU usage - HijackThis log

Unread postby Odd dude » January 20th, 2009, 9:56 am

Let's try something else. Save the file to your desktop for now. Try then moving it from the desktop to your hard drive.

If it won't work, click Terminal on your desktop and enter these commands (you can paste them in with ctrl+shift+v):
Code: Select all
ls /mnt/sda1/
mount -w -o rw,suid,dev,exec,auto,users,async -t /dev/sda1

Try to copy the file again.
Also highlight the commands' outputs (select them with your mouse) and press ctrl+shift+c. Paste them (using ctrl+v) into your next reply.

In the mean time, see if you can find a floppy or your windows disc.

I have one more trick in the book, should this fail too.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Extremely high CPU usage - HijackThis log

Unread postby akenney87 » January 20th, 2009, 6:12 pm

The error i get when trying to move/copy the file into the sda1 drive is:

cp: accessing `/mnt/sda1/ntldr': Input/output error
Failed to copy '/root/ntldr'

That is the error i get when i attempt to move the file into the already-opened sda1. When i try to move it directly into the icon on the desktop it pops up with "Pmount Puppy drive mounter" which has 3 tabs called floppy, drive, and optical. The floppy tab says "fd0 vfat 1M" with a button next to that text that says "MOUNT". The drive tab reads "sda1 ntfs 279.5G 92.1G free" with a button displaying a file cabinet beforehand and a button that says "UNMNT" afterwards. The optical tab reads "sr1 iso9660 94M" with a button next to it that says "MOUNT". I felt like i should ask you what to do before i screw something up. This window popped up before and after i put your code into the console.

ok there is no Terminal icon but i'm guessing you mean Console. the ctrl+shift+c command doesn't work so i'm just going to type the output:

ls: reading directory /mnt/sda1/: Input/output error
0d377428cbae32762b98787c4ced AUTOEXEC.BAT boot.ini ComboFix.txt
89fefcb06a5d96ffc526 BJPrinter cmdcons CONFIG.SYS
All Downloads Boot.bak cmldr Converted Music

and you probably don't need this part but i'm desperate...

Usage: mount -V : print version
mount -h : print this help
mount : list mounted filesystems
mouse -1 : idem, including volume labels
So far the informational part. Next the mounting.
The command is `mount [-t fstype] something somewhere'.
Details found in /etc/fstab may be omitted.
mount -a [-t| -0] ... : mount all stuff from /etc/fstab
mount device : mount device at the known place
mount directory : mount known device here
mount -t type dev dir : ordinary mount command
Note that one does not really mount a device, one mounts a filesystem
(of the given type) found on the device. One can also mount an already
visible directory tree elsewhere:
mount --bind olddir newdir
or move a subtree:
mount --move olddir newdir
A device can be given by name, say /dev/hda1 or /dev/cdrom,
or by label, using -L label or by uuid, using -U uuid.
Other options: [-nfFrsvw] [-o options] [-p passwdfd].
For many more details, say man 8 mount .

I'll have a floppy by the time you read this but I believe my windows cd is about 1000 miles away right now (in my other house).
akenney87
Regular Member
 
Posts: 18
Joined: January 5th, 2009, 9:36 pm

Re: Extremely high CPU usage - HijackThis log

Unread postby Odd dude » January 21st, 2009, 6:25 am

Thank you.

It appears there is an issue mounting your drive into Linux. Linux has some known problems mounting NTFS, and unfortunately this means you can't get in. I have plan B and plan C in the bag here.

If I tell you to enable the viewing of hidden and system files on your Windows computer(s), these are the steps to follow:

  • Open the Control Panel (Start > Control Panel)
  • Double-click Folder Settings
  • On the View tab, uncheck Hide protected system files (recommended). A warning will show, just click Yes.
  • Check Show the contents of system directories
  • Uncheck Hide extensions for known file types
  • Scroll down and choose Show hidden files and folders
  • Press OK to save changes.

If you have that floppy, copy these files to it from a clean computer:
  • c:\ntldr
  • c:\ntdetect.com
These files are both hidden and system protected, so enable the viewing of hidden and system files.

Also use Linux to copy this file from the damaged PC's hard drive to the floppy: boot.ini

(To do this go back to the Puppy drive mount screen and click the mount button next to fd0. That will enable access to your floppy.)

If you can't even read files from the drive, ignore these steps and proceed to using the rescue CD.

Stick the floppy in the drive, configure the BIOS to boot from it, and it *should* see the missing ntldr being on the floppy. It then *should* boot into Windows, then you *should* be able to copy ntldr from the floppy to C:\



I have also recieved some excellent advice from other members of the community, this is the following: (note that there's no need to do this if the floppy thing worked)

To a clean computer, download and install this:
http://www.microsoft.com/downloads/deta ... layLang=en
Burn this file to a CD: C:\Program Files\Microsoft Diagnostics and Recovery Toolset\erd50.iso (yes, it needs to be burned the same way you burned Linux)

That file is like a Live CD for Windows, it can perform a lot of recovery tasks including undeletion and unformatting drives.

After burning the file to a CD, stick the CD into a clean computer and use its search function (Windows key + F) to search for the file ntldr on the CD. Make note of where it is. (It may not show up in the results – in that case you must enable the viewing of hidden and system files first).

Stick the CD into the bad computer and let it do its magic. It will ask you to attach to a Windows installation – what you choose there is not of importance.

When you're at the desktop just use Windows Explorer to copy ntldr from the CD to your C:\

I have one last trick in the bag but it involves ANOTHER Linux installation which is a stunning 700MB in download size. And no guarantees it'll work.

Still, if that “Windows Live CD” (as I like to call it) can be gotten to work chances of a full recovery are very, very high.

Good luck.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Extremely high CPU usage - HijackThis log

Unread postby akenney87 » January 22nd, 2009, 8:04 pm

I'm having a hard time finding another computer with a floppy drive. Eventually I will find one, hopefully by tomorrow, and my hard drive will be recovered.
akenney87
Regular Member
 
Posts: 18
Joined: January 5th, 2009, 9:36 pm

Re: Extremely high CPU usage - HijackThis log

Unread postby Odd dude » January 23rd, 2009, 4:00 am

If you have another spare CD (can also be a rewritable, but if you use that please do a full blank first) you can try this:
Odd dude wrote:To a clean computer, download and install this:
http://www.microsoft.com/downloads/deta ... layLang=en
Burn this file to a CD: C:\Program Files\Microsoft Diagnostics and Recovery Toolset\erd50.iso (yes, it needs to be burned the same way you burned Linux)

That file is like a Live CD for Windows, it can perform a lot of recovery tasks including undeletion and unformatting drives.

After burning the file to a CD, stick the CD into a clean computer and use its search function (Windows key + F) to search for the file ntldr on the CD. Make note of where it is. (It may not show up in the results – in that case you must enable the viewing of hidden and system files first).

Stick the CD into the bad computer and let it do its magic. It will ask you to attach to a Windows installation – what you choose there is not of importance.

When you're at the desktop just use Windows Explorer to copy ntldr from the CD to your C:\
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Extremely high CPU usage - HijackThis log

Unread postby akenney87 » January 23rd, 2009, 7:19 pm

ok I looked everywhere and could not find a working computer with a floppy drive. My last try was at this store called Datamedics and they guy there gave me what he called a windows live cd. i booted from it and it works fine. since this is a recovery attempt, i chose to run the recovery console other than the windows installation. now i have no idea what commands to input to run a system recovery. I would have burned the file you told me to burn, however for some reason this computer could not follow the link and/or find the file. I do believe my harddrive can be saved with this windows cd though.
akenney87
Regular Member
 
Posts: 18
Joined: January 5th, 2009, 9:36 pm

Re: Extremely high CPU usage - HijackThis log

Unread postby Odd dude » January 24th, 2009, 4:23 am

Will do some research on what to do - I'll have instructions very soon!
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Extremely high CPU usage - HijackThis log

Unread postby Odd dude » January 24th, 2009, 4:47 am

Okay, get back into that recovery console. When asked to log in to Windows type 1, then Enter.
When asked for the password, enter it (it is NOT your password, but the Administrator account's - it'll most likely be blank)

You will then see the prompt of the Recovery Console, enter the following command:
Code: Select all
copy d:\i386\ntldr c:\

Press enter.
Type
Code: Select all
exit

Press enter.

Can you now get back into Windows?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Extremely high CPU usage - HijackThis log

Unread postby akenney87 » January 24th, 2009, 4:22 pm

Access is denied.
akenney87
Regular Member
 
Posts: 18
Joined: January 5th, 2009, 9:36 pm

Re: Extremely high CPU usage - HijackThis log

Unread postby Odd dude » January 25th, 2009, 4:29 am

Great.

Then this is our last option.

To a clean computer, download and install this:
http://www.microsoft.com/downloads/deta ... layLang=en
Burn this file to a CD: C:\Program Files\Microsoft Diagnostics and Recovery Toolset\erd50.iso (yes, it needs to be burned the same way you burned Linux)

That file is like a Live CD for Windows, it can perform a lot of recovery tasks including undeletion and unformatting drives.

After burning the file to a CD, stick the CD into a clean computer and use its search function (Windows key + F) to search for the file ntldr on the CD. Make note of where it is. (It may not show up in the results – in that case you must enable the viewing of hidden and system files first).

Stick the CD into the bad computer and let it do it's magic. It will ask you to attach to a Windows installation – what you choose there is not of importance.

When you're at the desktop just use Windows Explorer to copy ntldr from the CD to your C:\
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Extremely high CPU usage - HijackThis log

Unread postby akenney87 » January 25th, 2009, 4:29 pm

Errors that pop up when i boot from this new cd:

The file or directory \ is corrupt and unreadable. Please run the Chkdsk utility.

Failed to install network adapter.

Also I did end up at some form of a windows desktop. I see the File Restore and System Restore programs, but it says "ERD System Restore could not located the target offline OS". It seems like this utility does not detect any previous installation of windows. Copying of files was denied due to damaged or unreadable file or directory.
akenney87
Regular Member
 
Posts: 18
Joined: January 5th, 2009, 9:36 pm

Re: Extremely high CPU usage - HijackThis log

Unread postby Odd dude » January 26th, 2009, 4:24 am

This explains why your drives wouldn't mount. They are unreadable to any operating system.

Either something seriously screwed up your PC, or your hard drive might be failing.
This is also an explanation for the missing ntldr file.

Let's see how bad this is. You'll want to print out these instructions.

I don't remember by heart what the ERD environment looks like, but if you click Start, there will be an option called Command Prompt... somewhere. Launch it.

Enter this command first:
Code: Select all
chkdsk c: /v /f /r

This will scan your hard drive for errors.
The scan will take about 30 minutes to complete. Pay attention to the report. If it says: "xxxx in defect/bad/damaged (I don't know its exact wording as my Windows isn't English) sectors" then it means your hard drive is failing.
If you have any other partitions, scan them as well. (If you don't know what I'm talking about you can ignore this)

Any salvagable information will automatically be retrieved and fixed.

Next, let's fix the missing ntldr, type this command in the command prompt:
Code: Select all
for /f "tokens=* usebackq" %i in (`dir d:\ /l /a /b /s`) do copy %i c:\ && exit

Take extra care that you type it correctly.
Make sure that you use THESE quotation marks: ``
They are usually located above the Tab button (= to the left of the 1 or ! key)

After running chkdsk: if the report said anything about bad, defect, or damaged clusters, back up ALL your data as soon as you can!
If your disk is indeed damaged, then you may just one day find your computer inaccessible!
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Extremely high CPU usage - HijackThis log

Unread postby akenney87 » January 27th, 2009, 5:51 pm

after the chkdsk it does indeed seem like there were a few bad clusters. The ntldr command did not appear to work (device is not ready(?)). I did notice after the chkdsk there are more of my files in the sda1 directory, including one entitled "ntldr". I tried booting straight from the hard drive and it gave me this error: Windows could not start because the following file is missing or corrupt <WindowsRoot>\system32\hal.dll . Don't give up on me man I feel like we're getting close!
akenney87
Regular Member
 
Posts: 18
Joined: January 5th, 2009, 9:36 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware