It is currently Sat Dec 16, 2017 4:09 am

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 100 posts ]  Go to page Previous  1, 2
Author Message
PostPosted: Wed Aug 03, 2016 2:30 am 
Offline
User avatar

Joined: Tue Aug 02, 2016 8:21 pm
Posts: 21
anewuser wrote:
Friend, you aren't supposed to just copy the ISO file like that or extract its contents. You gotta "burn" it into the USB dongle (ISO is like a copy of a CD for you to burn it and use it as an original CD).


You can use a program like ROSA Image Writer do burn it to an USB drive, and then format the driver after you are done fixing it all. ROSA Image Writer is free and safe.


Thanks for the information. I'm up and running now, but this is good to know in general. Can you tell I've never done this before? :oops:


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 03, 2016 5:53 am 
Offline

Joined: Wed Aug 03, 2016 5:44 am
Posts: 2
Hi,

Worryingly I was on Fosshub earlier today, downloading Audacity. It seems that I have been infected with this virus.
I have read the posts in this thread and like squaredcircle84, I am not very experienced in PC maintenance.

My first hurdle has been downloading the file ubcd535.iso and burning it to a USB flash drive using RosaImageWriter.

I do this, but I Still boot to the spade logo, (even when selecting the flash drive as the boot device in the menu accessed at power up). On plugging the flash drive into another PC, it seems that the flash drive is not bootable. So where am I going wrong in this 'first simple step'?


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 03, 2016 6:13 am 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5340
The bootable flash drive can either be MBR partitioned or GPT depending on what your PC supports. For MBR, choose NTFS file system for the bootable drive. For UEFI/GPT choose FAT32. Also try using another tool to write the ISO to USB. Maybe the tool you are using doesn't support the specific combination your PC has: UEFI/MBR, UEFI/GPT or BIOS/MBR. I recommend Rufus: https://rufus.akeo.ie/

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 03, 2016 7:11 am 
Offline

Joined: Wed Aug 03, 2016 6:25 am
Posts: 2
Like most others, I am really confused with trying to fix this.

If I try booting normally, I get the boot/bcd error:


If I try booting selecting a boot option of SSD...


...I get the Spade prompt:


I have tried the following:

- Boot into Win10 Repair USB and tried Startup Repair - Failed
- Boot into Win10 Repair USB and tried the command prompt > bootrec /fixmbr > exit > removed disk > Startup Repair - Failed
- Boot into Win10 Repair USB and tried the command prompt > bootrec /fixboot <enter> > bootrec /fixmbr <enter > bootrec /rebuildbcd > exit > removed disk > Startup Repair - Failed (tried above again with adding bootsect /nt60 SYS and still failed)

- Tried DISKPART in the command prompt and it showed the following information:
I have 8 volumes (7 installed hard drives and the USB boot drive). Volume 1 was the affected SSD
- sel disk 1
- list vol
DISKPART listed all my other HDD's but did not show the SSD or any mbr (mbr should have been 100mb in size and FAT32 according to google searches), so couldn't fix the mbr this way either!!!



It seems then, that the Win10 Recovery disk (repair startup, bootrec.exe and diskpart.exe) does not recognize the corrupted SSD. At all!


So... Downloaded and boot from UBCD and run testdisk > selected the SSD > selected EFI/GPT partition type > Analyse > Quick Search:
It returned 5 entries:


P MS Data (1)


P MS Data (2)


D MS Data (3) - Shows that my C: drive data is still intact


D MS Data (4)


D MS Data (5)


Upon running gparted, I get the following:


Bottom line is, I am at a total loss on what to perform next to repair the mbr.
Please, please, please can someone help!!!

Thanks,

David


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 03, 2016 8:30 am 
Offline

Joined: Wed Aug 03, 2016 5:44 am
Posts: 2
Gaurav wrote:
The bootable flash drive can either be MBR partitioned or GPT depending on what your PC supports. For MBR, choose NTFS file system for the bootable drive. For UEFI/GPT choose FAT32. Also try using another tool to write the ISO to USB. Maybe the tool you are using doesn't support the specific combination your PC has: UEFI/MBR, UEFI/GPT or BIOS/MBR. I recommend Rufus: https://rufus.akeo.ie/

Thanks I was able to create a bootable flash drive at last.
But much like the other novices here, I'm unsure of exactly where to go with this now. If anyone can provide step by step guidance, without assuming that I understand the finer nuances, it would be a great help.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 03, 2016 8:39 am 
Offline

Joined: Tue Aug 02, 2016 9:28 pm
Posts: 3
dmccabe wrote:
Like most others, I am really confused with trying to fix this.

If I try booting normally, I get the boot/bcd error:


If I try booting selecting a boot option of SSD...


...I get the Spade prompt:


I have tried the following:

- Boot into Win10 Repair USB and tried Startup Repair - Failed
- Boot into Win10 Repair USB and tried the command prompt > bootrec /fixmbr > exit > removed disk > Startup Repair - Failed
- Boot into Win10 Repair USB and tried the command prompt > bootrec /fixboot <enter> > bootrec /fixmbr <enter > bootrec /rebuildbcd > exit > removed disk > Startup Repair - Failed (tried above again with adding bootsect /nt60 SYS and still failed)

- Tried DISKPART in the command prompt and it showed the following information:
I have 8 volumes (7 installed hard drives and the USB boot drive). Volume 1 was the affected SSD
- sel disk 1
- list vol
DISKPART listed all my other HDD's but did not show the SSD or any mbr (mbr should have been 100mb in size and FAT32 according to google searches), so couldn't fix the mbr this way either!!!



It seems then, that the Win10 Recovery disk (repair startup, bootrec.exe and diskpart.exe) does not recognize the corrupted SSD. At all!


So... Downloaded and boot from UBCD and run testdisk > selected the SSD > selected EFI/GPT partition type > Analyse > Quick Search:
It returned 5 entries:


P MS Data (1)


P MS Data (2)


D MS Data (3) - Shows that my C: drive data is still intact


D MS Data (4)


D MS Data (5)


Upon running gparted, I get the following:


Bottom line is, I am at a total loss on what to perform next to repair the mbr.
Please, please, please can someone help!!!

Thanks,

David



Unplug any other drives from the system except for the one that is affected and try running testdisk again. You may have to do the deeper search option in testdisk.

You may be able to start from your Windows disk, open cmd with shift+f10, type in notepad, click file>open, and figure out which drive letter is your Windows installation. Close notepad and go back to the cmd. Type in "bcdboot DRIVELETTER:\Windows /s DRIVELETTER: /f UEFI" an example if your Windows drive happens to be conveniently at drive C in WinPE: "bcdboot C:\Windows /s C: /f UEFI" In my case I didn't have to use bcdboot since I was MBR/BIOS based but I did notice my Windows drive ended up on drive D instead of C. Check to make sure first. Unplug any drives that aren't affected.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 03, 2016 10:29 am 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5340
@dmccabe, Yes with so many disk drives, I would recommend temporarily unplugging them until the affected drive is fixed. You can reconnect them later of course. Windows Startup Repair and bootrec /rebuildbcd sometimes get confused when there are many drives present.

@bmdman, have you tried these step-by-step instructions? viewtopic.php?f=22&t=6440

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 03, 2016 1:02 pm 
Offline

Joined: Tue Aug 02, 2016 4:40 pm
Posts: 8
bmdman wrote:
Hi,

Worryingly I was on Fosshub earlier today, downloading Audacity. It seems that I have been infected with this virus.


The hacker group targeted both Classic Shell and Audacity with the same malware.

Here's the explanation from the Audacity developers, as well as an update from FOSSHUB folks.
=> http://www.audacityteam.org/compromised ... d-partner/


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 03, 2016 3:05 pm 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5340
I just tried running the infected installer for experimentation in an isolated virtual machine with UEFI 2.1 and it became unbootable too.

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 03, 2016 3:06 pm 
Offline

Joined: Tue Aug 02, 2016 4:40 pm
Posts: 8
Gaurav wrote:
I just tried running the infected installer for experimentation in an isolated virtual machine with UEFI 2.1 and it became unbootable too.


Was "secure boot" enabled?


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 03, 2016 3:18 pm 
Hi All,

just a quick question. I have had Classic Shell installed for awhile. Am I safe if I update it.

Is this just affecting brand new downloads from the mirror, or is it similar to Puush in that they also went after updating?

Thanks for any assistance!


Top
  
Reply with quote  
PostPosted: Wed Aug 03, 2016 3:23 pm 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5340
No the Virtual Machine app, VirtualBox doesn't have Secure Boot yet for guests. I don't know any other Type 2 hypervisor either that supports it. Hyper-V on Windows 8.1, which is a Type 1 hypervisor supports Secure Boot for VMs. Will try it later.

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 03, 2016 3:31 pm 
Offline
Site Admin
User avatar

Joined: Wed Jan 02, 2013 11:38 pm
Posts: 5310
Guest wrote:
Hi All,

just a quick question. I have had Classic Shell installed for awhile. Am I safe if I update it.

Is this just affecting brand new downloads from the mirror, or is it similar to Puush in that they also went after updating?

Thanks for any assistance!

Yes, it is safe to download from the main site. Before running it verify that the file has a valid digital signature. Don't accept any UAC prompts that say "Publisher: Unknown".


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 03, 2016 4:00 pm 
Offline

Joined: Wed Aug 03, 2016 6:25 am
Posts: 2
Yay!!! :D

Finally managed to get this fixed. Thank to CaffeinePizza and Gaurav for suggesting to remove the other drives, leaving the C: SSD as the lone solitary one.
bootrec /fixmbr and Repair Startup worked first time with the one drive installed.

Thanks again for the assistance. I couldn't bear spending the next week or so rebuilding Windows back to its original state.
(Time to clone a backup methinks)

Thanks again from one happy Scotsman :D


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 03, 2016 4:01 pm 
Ivo wrote:
Guest wrote:
Hi All,
just a quick question. I have had Classic Shell installed for awhile. Am I safe if I update it.

Is this just affecting brand new downloads from the mirror, or is it similar to Puush in that they also went after updating?

Thanks for any assistance!

Yes, it is safe to download from the main site. Before running it verify that the file has a valid digital signature. Don't accept any UAC prompts that say "Publisher: Unknown".



Thank you, I was more wondering if it is safe to update it as I already had it installed for the past year. :)


Top
  
Reply with quote  
PostPosted: Wed Aug 03, 2016 4:02 pm 
Offline
User avatar

Joined: Tue Aug 02, 2016 8:21 pm
Posts: 21
bmdman wrote:
Thanks I was able to create a bootable flash drive at last.
But much like the other novices here, I'm unsure of exactly where to go with this now. If anyone can provide step by step guidance, without assuming that I understand the finer nuances, it would be a great help.


Have you tried the guide here? That's what worked for me, and I'm an amateur when it comes to this stuff. Good luck!

Here's a YouTube video showing the steps, too.


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 04, 2016 7:35 am 
Offline

Joined: Thu Aug 04, 2016 7:33 am
Posts: 13
Is it still infected? I heard about this virus from danooct1 so I looked to see if it was still live


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 04, 2016 7:44 am 
Offline
Site Admin
User avatar

Joined: Wed Jan 02, 2013 11:38 pm
Posts: 5310
The download from the main page is clean. The website that was compromised is currently offline.


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 04, 2016 7:49 am 
Offline

Joined: Thu Aug 04, 2016 7:33 am
Posts: 13
Ivo wrote:
The download from the main page is clean. The website that was compromised is currently offline.


Ok thank you ivo


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 04, 2016 10:05 am 
Offline

Joined: Thu Aug 04, 2016 8:16 am
Posts: 22
I thank everyone that is wrote everything here, @danooct1, on /r/PCmasterrace and /r/Windows10, but unfortunately none of it has worked for me. Below is step by step of what has happened to my machine in the last 72 hours.

Before I begin my setup is as follows. Note, I'm currently operating on my Samsung Galaxy Note 3.

C:\ is my 250gb SSD for Windows and program files.
D:\ is my 500gb HDD for e v e r t h i n g else. Music, movies, photos, videos, cell phone data back up, applications from winzip to Adobe Premiere, back files like favorites, invoices, etc. etc. etc. etc. etc. I do have an external back up... I think I last updated in February. None the less I have crucial files to lose.

1. Install Windows 10 from the free the upgrade on my Windows 7 (I think premium) 64bit. It's not an OEM, I have a key.

2. I installed the infected version of Classic Shell. Ran the setup and a small window appeared then disappeared almost immediately.

3. I noticed the D drive missing from File Explorer. I rebooted.

4. I am greeted with a black screen with a white spade and a white blinking cursor next to each other in the bottom left corner. The machine freezes here and does not go any further.

5. I seek help on Reddit on /r/Windows 10. I am told to make a recovery USB on an operational PC. Did that. Boot up, choose 64-bit installation.

6. Get a message that says: it looks like you started an upgrade and booted from installation media period if you want to continue with the upgrade, remove the media from your PC and click yes. If you want to perform a clean installation instead, click No.

7a. Clicking yes just reboots the machine and boots the USB Drive again. Dead end.

7b. So I click No.

8. I'm greeted with the first Windows setup window. it asks for Language to install, Time and currency, keyboard and input method. Everything is fine. Next.

9. Second window gives me two options. In the center is a big inviting button that says Install Now. In the bottom left is the Repair Your Computer option. I choose repair.

10. In this screen I have 2 options. 1) Troubleshoot and 2) Turn Off your PC. I choose troubleshoot.

11. In Troubleshoot, I have the following options: SYSTEM RESTORE, SYSTEM IMAGE RECOVERY, STARTUP REPAIR, COMMAND PROMPT, UEFI FIRMWARE SETTINGS, GO BACK TO PREVIOUS BUILD.

12. I started with Start Up Repair first. Click it. I get this message "Start Up Repair couldn't repair your PC. Press advanced options to try other options to repair your PC or shut down to turn off your PC. Advanced options just brings me back to step 10.

13. I try System Restore, I get this message in a window with a white x in a red circle: to use system restore you must specify which Windows installation to restore. Restart this computer select an operating system and then select system restore. I cannot do any of this.

14. I try System Image Recovery. I get a message that says this: windows cannot find a system image on this computer. Attach the backup hard disk or answer to the final DVD from a backup set and click retry. Alternatively close this dialogue for more options.

14a. I asked on Reddit but no one gave me a definitive answer; if it was possible for someone to give me an image file and then I could put it on an external HDD or USB key and then use it for this step? But perhaps that's not possible or it shouldn't be necessary. None the less, let's move on.

15. I tried going back to previous build option. It said: we ran into a problem and won't be able to take you back to the previous build. Try resetting your current build instead.

16. This is when I looked further and found the YouTube video by @danooct1.

17. I did just what he said to do. Went back to Startup Repair, but still getting the message in step 12.

18. I followed the link in the description to here. Finally found people that were getting the spade and cursor, not the message that says the journey ends here. CaffeinePizza was the first user that had my symptoms but they said their fix was for every Win OS but not 10. So that doesn't help me.

19. Back on Reddit someone suggested I try ##Windows on IRC and I was met with lukewarm reception at best. I logged in, explained my issue, and received these two responses:. "ew Classic Shell", and, "Users in here don't respond well to third party apps". I haven't been in an IRC chatroom since I thought I was a 1337 haxor back in the t50.com/astalavista.box.sk warez days, but being on my Note 3, I wasn't about to try and squeeze out any help on my puny 5 inch screen with these guys acting like that.

So now I'm about to enter Doomsday Scenario unless someone can actually help me out here.

20. In command prompt, I tried to see if I could format my C drive and possibly start over. The format instruction works but I didn't go through with it for obvious reasons.

21. I then went back to step 9 and tried that big inviting button that said Install Now. I applied my Win 7 key and it works. Now I saw something devastating but I only hope it's the virus at work and not the truth.

So in the installation process it prompts to choose drives to install on. My C drive is unable to (unless I choose the format option it offers).

But then I saw something on my 500gb D drive. It says 500gb capacity, 500gb free. Before anything else, can someone tell me whether or not that's a true reading of my drive, or is that just the MBR being screwed up? Because if it's a true reading I will have lost some crucial pieces of my life.

Additionally, would it help if I installed a fresh install of Windows on an external drive, that way I could get in and fix this problem on a working OS, or is that unnecessary; I mean I'd prefer not to install on an external and fix the problem from here.

So, this is where I'm at. I've given every piece of detail up to this point. Man like... I really just want this fixed. I'm not an idiot, I know to run a computer... Jeeze, someone call me and walk me through it if you know exactly what to do.

Thanks for any help.


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 04, 2016 12:34 pm 
TheFly wrote:
I thank everyone that is wrote everything here, @danooct1, on /r/PCmasterrace and /r/Windows10, but unfortunately none of it has worked for me. Below is step by step of what has happened to my machine in the last 72 hours.

Before I begin my setup is as follows. Note, I'm currently operating on my Samsung Galaxy Note 3.

C:\ is my 250gb SSD for Windows and program files.
D:\ is my 500gb HDD for e v e r t h i n g else. Music, movies, photos, videos, cell phone data back up, applications from winzip to Adobe Premiere, back files like favorites, invoices, etc. etc. etc. etc. etc. I do have an external back up... I think I last updated in February. None the less I have crucial files to lose.

1. Install Windows 10 from the free the upgrade on my Windows 7 (I think premium) 64bit. It's not an OEM, I have a key.

2. I installed the infected version of Classic Shell. Ran the setup and a small window appeared then disappeared almost immediately.

3. I noticed the D drive missing from File Explorer. I rebooted.

4. I am greeted with a black screen with a white spade and a white blinking cursor next to each other in the bottom left corner. The machine freezes here and does not go any further.

5. I seek help on Reddit on /r/Windows 10. I am told to make a recovery USB on an operational PC. Did that. Boot up, choose 64-bit installation.

6. Get a message that says: it looks like you started an upgrade and booted from installation media period if you want to continue with the upgrade, remove the media from your PC and click yes. If you want to perform a clean installation instead, click No.

7a. Clicking yes just reboots the machine and boots the USB Drive again. Dead end.

7b. So I click No.

8. I'm greeted with the first Windows setup window. it asks for Language to install, Time and currency, keyboard and input method. Everything is fine. Next.

9. Second window gives me two options. In the center is a big inviting button that says Install Now. In the bottom left is the Repair Your Computer option. I choose repair.

10. In this screen I have 2 options. 1) Troubleshoot and 2) Turn Off your PC. I choose troubleshoot.

11. In Troubleshoot, I have the following options: SYSTEM RESTORE, SYSTEM IMAGE RECOVERY, STARTUP REPAIR, COMMAND PROMPT, UEFI FIRMWARE SETTINGS, GO BACK TO PREVIOUS BUILD.

12. I started with Start Up Repair first. Click it. I get this message "Start Up Repair couldn't repair your PC. Press advanced options to try other options to repair your PC or shut down to turn off your PC. Advanced options just brings me back to step 10.

13. I try System Restore, I get this message in a window with a white x in a red circle: to use system restore you must specify which Windows installation to restore. Restart this computer select an operating system and then select system restore. I cannot do any of this.

14. I try System Image Recovery. I get a message that says this: windows cannot find a system image on this computer. Attach the backup hard disk or answer to the final DVD from a backup set and click retry. Alternatively close this dialogue for more options.

14a. I asked on Reddit but no one gave me a definitive answer; if it was possible for someone to give me an image file and then I could put it on an external HDD or USB key and then use it for this step? But perhaps that's not possible or it shouldn't be necessary. None the less, let's move on.

15. I tried going back to previous build option. It said: we ran into a problem and won't be able to take you back to the previous build. Try resetting your current build instead.

16. This is when I looked further and found the YouTube video by @danooct1.

17. I did just what he said to do. Went back to Startup Repair, but still getting the message in step 12.

18. I followed the link in the description to here. Finally found people that were getting the spade and cursor, not the message that says the journey ends here. CaffeinePizza was the first user that had my symptoms but they said their fix was for every Win OS but not 10. So that doesn't help me.

19. Back on Reddit someone suggested I try ##Windows on IRC and I was met with lukewarm reception at best. I logged in, explained my issue, and received these two responses:. "ew Classic Shell", and, "Users in here don't respond well to third party apps". I haven't been in an IRC chatroom since I thought I was a 1337 haxor back in the t50.com/astalavista.box.sk warez days, but being on my Note 3, I wasn't about to try and squeeze out any help on my puny 5 inch screen with these guys acting like that.

So now I'm about to enter Doomsday Scenario unless someone can actually help me out here.

20. In command prompt, I tried to see if I could format my C drive and possibly start over. The format instruction works but I didn't go through with it for obvious reasons.

21. I then went back to step 9 and tried that big inviting button that said Install Now. I applied my Win 7 key and it works. Now I saw something devastating but I only hope it's the virus at work and not the truth.

So in the installation process it prompts to choose drives to install on. My C drive is unable to (unless I choose the format option it offers).

But then I saw something on my 500gb D drive. It says 500gb capacity, 500gb free. Before anything else, can someone tell me whether or not that's a true reading of my drive, or is that just the MBR being screwed up? Because if it's a true reading I will have lost some crucial pieces of my life.

Additionally, would it help if I installed a fresh install of Windows on an external drive, that way I could get in and fix this problem on a working OS, or is that unnecessary; I mean I'd prefer not to install on an external and fix the problem from here.

So, this is where I'm at. I've given every piece of detail up to this point. Man like... I really just want this fixed. I'm not an idiot, I know to run a computer... Jeeze, someone call me and walk me through it if you know exactly what to do.

Thanks for any help.



It sounds like your partition table ended up corrupt? My only suggestion would be to find a Linux LiveCD or DOS diskette; something that can run testdisk and see if you can rewrite your partition table. If not, you can go warez and get hiren's bootcd. It should have some software in it that will let you can for "deleted" files on the drive and copy them off to another external hard drive or flash drive.


Top
  
Reply with quote  
PostPosted: Thu Aug 04, 2016 1:38 pm 
Offline

Joined: Tue Aug 02, 2016 9:28 pm
Posts: 3
Quote:
It sounds like your partition table ended up corrupt? My only suggestion would be to find a Linux LiveCD or DOS diskette; something that can run testdisk and see if you can rewrite your partition table. If not, you can go warez and get hiren's bootcd. It should have some software in it that will let you can for "deleted" files on the drive and copy them off to another external hard drive or flash drive.



Whoops didn't realize I wasn't logged in. It does sound like your partition table is gone but not the actual data. Try not to create any partitions or write new data to the drive unless you are trying to recover with testdisk.


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 04, 2016 9:00 pm 
So I'm the next in the list of people who encountered the spade. Pretty sure mine came from a copy of Audacity, since I hadn't updated Classic Shell recently. I'm running Win10.
( have pictures, but imgur makes them massive, so they're linked.)


So far:
Rebooted PC, no dice.
grabbed Win10 installation disk
booted to that
Ran startup repair. it rebooted the PC and went back into the disk
ran it again, it rebooted the PC, and went back into the Win10 disk.
Ran bootrec /fixMbr
"completed successfully"
Rebooted PC, no dice.
Ran Startup Repair. "startup repair failed" this time.
Ran bootrec /FixMbr
"completed successfully"
Ran bootrec /fixboot
"completed successfully"
Ran Startup Repair "startup repair failed."
Burned a copy of UBCD on roommate's computer
rebooted PC
Inserted UBCD, no option to run UEFI SATA BD Drive in my boot menu, only option for disc drive was AHCI, rather than the UEFI option that existed with the Windows DVD inserted.

https://i.imgur.com/qZ31kdU.jpg (with Win10 disc inserted UEFI optical drive is a choice.)

https://i.imgur.com/sQvVo7Z.jpg (with UBCD disc inserted UEFI optical drive is not a choice)

Attempted to run AHCI version, just got "please insert proper boot device"

Getting frustrated.

Create a bootable UBCD flash drive using my 9 year old laptop.
Plug in.
Boot up.
Two choices: UEFI:USB and USB:USB

https://i.imgur.com/iTTOfSP.jpg (two choices)


ran "USB:USB"
Boot into UBCD.

https://i.imgur.com/8gACw6U.jpg (UBCD worked!)

Run "testdisk 7.0"
Boots up PartedMagic

https://i.imgur.com/9vUamKS.jpg (figured default was a good choice)

Select "Testdisk" under "System Tools"

https://i.imgur.com/FaTthnc.jpg

Check out the disk

https://i.imgur.com/lCog4GK.jpg (seems to have found it)

Everything seems okay

https://i.imgur.com/1Jjs8Lx.jpg (it said that was detected, so I went with it)

https://i.imgur.com/9w8gTmR.jpg (doing analysis)

Partitions seem okay, I guess. not really sure what I'm looking at.

https://i.imgur.com/a5JFlNQ.jpg ( I don't think I had two partitions, but a lot of drives have that little bit of extra space)

"write partitions to disk"

https://i.imgur.com/Cj40rKF.jpg (y)

it did it.
Reboot the system
Still nothing.


What am I missing?


Top
  
Reply with quote  
PostPosted: Thu Aug 04, 2016 10:44 pm 
Offline

Joined: Thu Aug 04, 2016 8:16 am
Posts: 22
CaffeinePizza wrote:
Quote:
It sounds like your partition table ended up corrupt? My only suggestion would be to find a Linux LiveCD or DOS diskette; something that can run testdisk and see if you can rewrite your partition table. If not, you can go warez and get hiren's bootcd. It should have some software in it that will let you can for "deleted" files on the drive and copy them off to another external hard drive or flash drive.



Whoops didn't realize I wasn't logged in. It does sound like your partition table is gone but not the actual data. Try not to create any partitions or write new data to the drive unless you are trying to recover with testdisk.



Someone suggested I use Gparted on Ubuntu.

This is good? Same thing you suggested? And will work on my 64-bit machine?


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 04, 2016 11:06 pm 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5340
@dogapult, Startup Repair should be the last step, after you have recovered your partition table and fixed your MBR. Try it preferably with just the boot drive attached and other drives temporarily disabled.

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 04, 2016 11:37 pm 
Gaurav wrote:
@dogapult, Startup Repair should be the last step, after you have recovered your partition table and fixed your MBR. Try it preferably with just the boot drive attached and other drives temporarily disabled.


Gaurav wrote:
@dogapult, Startup Repair should be the last step, after you have recovered your partition table and fixed your MBR. Try it preferably with just the boot drive attached and other drives temporarily disabled.


Okay, so in order:
1. run testdisk and write the partitions. They seem to be there, but I don't necessarily know what I'm looking for.
2. run Bootrec and /fixMbr and /fixboot
3. run Startup Repair.

Okay, I'll give that a shot and report back.

I just tried those in that order. there's only my solid state attached. (other than the bluray drive that has the Win10 disc in it, and the flash drive with UBCD.

I ran just "quick search" on testdisk, I'm not sure if I should have run "deeper search." everything really seemed in order.

I wrote the partitions, and then rebooted into the Win10 recovery DVD, and ran both of those bootrecs.

I ran startup repair and just got "couldn't repair your PC." I wish I could show you guys more, I'm usually a fairly tech-savvy person, but this is kicking my butt.


Top
  
Reply with quote  
PostPosted: Thu Aug 04, 2016 11:55 pm 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5340
@dogapult, also try bootrec /rebuildbcd.

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 05, 2016 12:15 am 
Gaurav wrote:
@dogapult, also try bootrec /rebuildbcd.


http://imgur.com/a/a1MVV

this is annoyingly what I get.

I'm sorry for being a bother, I realize this isn't a forum for figuring out what's wrong with my system.


Top
  
Reply with quote  
PostPosted: Fri Aug 05, 2016 4:06 am 
PRESS:

Classic Shell, Audacity downloads infected with retro MBR nuke nasty
The Register
Hackers were able to inject some retro-malware into the popular applications' installers hosted on fosshub.com, an official home for Classic Shell and ...
http://www.theregister.co.uk/2016/08/04/classicshell_audicity_infection/


Top
  
Reply with quote  
PostPosted: Fri Aug 05, 2016 4:17 am 
Guest wrote:
PRESS:

Classic Shell, Audacity downloads infected with retro MBR nuke nasty
The Register
Hackers were able to inject some retro-malware into the popular applications' installers hosted on fosshub.com, an official home for Classic Shell and ...
http://www.theregister.co.uk/2016/08/04/classicshell_audicity_infection/


This may be a helpful tool to reset the MBR - but only up to Vista and Win 7, of course with Win8 replacing BIOS as we knew it. This tool is used to quickly safely remove Linux and its partitions, any, and resetthe MBR record. It may be possible to use just the reset MBR record and then even run the quick learning curve to see if any of the partition etc can be dealt with if existential via the infection (s).

WATCH THIS SHORT HOW TO VIDEO TO SEE IT.... https://www.youtube.com/watch?v=Z6I6xv8BNoc


I Live here on the net: HOME: https://sites.google.com/site/pcsecurityhelper/


Top
  
Reply with quote  
PostPosted: Fri Aug 05, 2016 10:57 am 
I got hit with this unfortunately. It was a fresh install, so I simply did another clean install using a USB with Windows 10 on it. However, I was wondering if anyone here was able to analyze the source to see if the trojan had anything else packaged with it other than breaking the MBR. I'm super paranoid about there being something else (like a keylogger for example) hidden that a basic reinstall wouldn't catch. I was considering using diskpart's clean all command to zero the drive before reinstalling another clean copy of Windows. Does anyone happen to know if doing this would cover my bases (or as aforementioned, was anyone able to analyze the source code/knows someone who did to verify its contents)?

Sorry for the paranoia. This has been the first bad download for me in over a decade - all because I was an idiot and too tired/lazy to check the fosshub file. I just want to make sure it's 100% dealt with and that it isn't hiding in the BIOS or somewhere that a normal reinstall wouldn't cover.


Top
  
Reply with quote  
PostPosted: Fri Aug 05, 2016 2:46 pm 
Offline

Joined: Thu Aug 04, 2016 8:16 am
Posts: 22
I'm in Ubuntu, in Gparted.

How do I fix the MBR here?


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 05, 2016 3:19 pm 
Offline

Joined: Thu Aug 04, 2016 8:16 am
Posts: 22
CaffeinePizza wrote:
I got hit with it too. It showed up as a blinking cursor with a spade in the lower left corner.
I "updated" Classic Shell on a server running Server 2012 R2, installed some Windows updates, rebooted, no go.
I "updated" on one of my personal computers. Same thing. I knew it wasn't drive failure at this point. Classic Shell was the last thing I had installed a couple hours earlier before I ended up rebooting.

How I fixed it: Applies to NT version 6 only! (Windows 7, 8, 8.1, Server 2008, 2012, 2012 R2. NOT 10)

I had Linux Mint 18 on a flash drive from a previous installation (lucked out).
Booted up Mint USB.
Open the Menu>Administration>GParted and see if you hard drive shows any partitions. You may luck out that your partition table wasn't cooked and only have to skip down and rewrite MBR. If it shows your drive as unallocated, continue with instructions.
Open terminal
run "sudo apt-get install testdisk" without quotes in terminal to install testdisk
(AT YOUR OWN RISK)
run "sudo testdisk"
analyse disk, made sure it found all of the correct partitions, wrote the partition table.
reboot and removed Mint USB.
booted from Windows installation USB/DVD corresponding to the version of Windows that is installed on the computer (for me, Server 2012 R2 and Windows 7)
When it gets to the start installation screen, push Shift + F10 to open command prompt

(AT YOUR OWN RISK)
bootsect /nt60 SYS /force /mbr
bootrec /fixmbr
bootrec /fixboot
bootrec /rebuildbcd (wait for it to find your installation and type y for yes)
exit (to close cmd)
reboot
Let it log into Windows.
May be good idea to remove any Classic Shell installations, download a clean copy provided by Ivo, and reinstall it.
Also probably good idea to run scan with something like malwarebytes to make sure you're clean.

sorry for the poorly written post. I was pulling my hair out for an hour until I found that someone else had the same problem. Hopefully I help someone. :)
♠_


edit:
added instruction to check to make sure partition table truly is destroyed before attempting to overwrite it. You don't want to risk losing data that isn't "gone."
thanks for danooct1 shoutout
danooct1 also made the comment in his video that the file size differs between the legit one and the fake one. The real one is around 6.88 MB and the fake one is about 6.81 MB. The fake one also doesn't have a signature which may trigger Windows Smartscreen.



Ugh... I tried to install test disk, and it says unable to locate package test disk

I tried updating Ubuntu, even though I got the latest from the website, and it says: error while moving old database out of the way. app stream cash update Failed.

Omg what do I have to do to get this going...


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 05, 2016 3:32 pm 
Offline

Joined: Thu Aug 04, 2016 8:16 am
Posts: 22
ayyyylmao wrote:
Hey all, to those affected by the malware, I just fixed my partition table on my compromised drive using this software:

http://www.cgsecurity.org/wiki/TestDisk

Restored my partition table completely with no issues. Did a quick scan and then added the found partition back and wrote it to disk. You will definitely want to rewrite the hard drive's MBR code with the Windows MBR code though.

http://www.thewindowsclub.com/repair-ma ... br-windows


How do I run this on ubuntu. I downloaded it, it has no executable file???


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 05, 2016 7:52 pm 
In case anyone's curious, my install of Win10 was only about a week old, so I just wiped the SSD, repartitioned it, and reinstalled Win10. Only lost a little bit.


Top
  
Reply with quote  
PostPosted: Sat Aug 06, 2016 12:59 am 
Offline
User avatar

Joined: Sun Jan 06, 2013 1:44 pm
Posts: 1848
TheFly wrote:
ayyyylmao wrote:
Hey all, to those affected by the malware, I just fixed my partition table on my compromised drive using this software:

http://www.cgsecurity.org/wiki/TestDisk

Restored my partition table completely with no issues. Did a quick scan and then added the found partition back and wrote it to disk. You will definitely want to rewrite the hard drive's MBR code with the Windows MBR code though.

http://www.thewindowsclub.com/repair-ma ... br-windows


How do I run this on ubuntu. I downloaded it, it has no executable file???



You need to extract the file from the archive...

http://www.7-zip.org/download.html
Look for p7zip on this page


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 06, 2016 3:04 pm 
Offline

Joined: Thu Aug 04, 2016 8:16 am
Posts: 22
I did. Which file do I click on to run it?

I tried entering testdisk and sudo apt-get install testdisk and nothing.

This is crazy, I have the program. It's here. I just want to run it.

Someone said my Ubuntu was read only, 'cause Rufus does read only.

So I used Unetbootin instead. Put 3gb of persistence. I'm still getting error messages.

When I boot Ubuntu I start WITHOUT installing it. Should I install it, is that the issue?

Also, just before it goes into Ubuntu I get this error message on a DOS screen.

9.723222 usb 2-2 device descriptor read/64, error -110
24.940311 usb 2-2 device descriptor read/64, error -110
30.268692 usb 2-2 device descriptor read/64, error -110
45.485782 usb 2-2 device descriptor read/64, error -110
56.110542 usb 2-2 device not accepting address 4, error -110

What. the. hell. Is. Going. On.

At this point I just want to recover the partiion on my HDD D; drive, back up the files, and then bomb the whole machine, and start from scratch with C; SSD and D: HDD. I don't even care about salvaging Windows. I'll just RE-INSTALL e v e r y t h i n g I just wanna back up my 500gb HDD. I need to recover the partition on it.


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 06, 2016 3:39 pm 
Offline

Joined: Thu Aug 04, 2016 8:16 am
Posts: 22
Holy shit I FINALLY got testdisk to work.

I had to enable all the Downloadables in System Updates.

At that point, sude update worked

and then sudo apt-get install testdisk worked

SO NOW TESTDISK WORKS. 3 days later LOL.

FYI this is what my SSD (C drive with windows) looks like

http://imgur.com/0FrE1Ud

And my HDD (D drive with music, movies) looks like

http://imgur.com/a/7HZP9

I shouldn't need gparted also right? Is test disk enough?

Should I just follow Caffine Pizza's tutorial???

yay or nay?


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 06, 2016 3:49 pm 
Offline

Joined: Thu Aug 04, 2016 8:16 am
Posts: 22
Okay so I'm stuck at anyalyze disk.

How am I supposed to know how many partitions my SSD C drive (the one with Windows) Is supposed to have.

I see 3. a Primary bootable, and two primarys. I have the option to quick search and backup...

His tutorial just says make sure it has the correct number of partitions, restart and remove USB LOL

There's like 7 steps in between that... anyone care to expand on it with me please?


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 06, 2016 4:03 pm 
Offline

Joined: Thu Aug 04, 2016 8:16 am
Posts: 22
actually, as I said, I'm more concerned about the D drive, just like in Gparted, it doesn't show a partition. So it's unallocated. How do I reclaim the partition without damaging the data?


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 06, 2016 4:12 pm 
Offline
Site Admin
User avatar

Joined: Wed Jan 02, 2013 11:38 pm
Posts: 5310
@TheFly - I apologize that I am not responding to your questions. I am not at all familiar with the disk recovery process, or the Linux-style recovery. Any suggestion I can give will most likely be wrong.
I hope somebody with a good understanding of partitions and the necessary tools can chime in with some advice.


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 06, 2016 4:43 pm 
Offline

Joined: Thu Aug 04, 2016 8:16 am
Posts: 22
No problem. I appreciate any help I can get. I think I'm really close.

For anyone reading, this is where I'm at.

http://imgur.com/wgz2abl


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 06, 2016 9:00 pm 
Offline

Joined: Thu Aug 04, 2016 8:16 am
Posts: 22
I figured it out. I'm currently copying files from the damaged HDD to an external.

God bless Linux.


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 06, 2016 11:13 pm 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5340
@TheFly Glad you could recover your data. I was positive it wasn't wiped but only inaccessible. I am familiar with disk recovery terminology and concepts but not the exact steps which are different for each tool and definitely not familiar at all with the Linux tools. I recommended Testdisk because people said it worked for them. Well, thankfully your data was retrieved. :) Hopefully this will give anyone unfamiliar with the process the confidence to do it on their own.

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 06, 2016 11:51 pm 
Offline

Joined: Thu Aug 04, 2016 8:16 am
Posts: 22
Very well said. It was long, it was arduous. It's still not over. I need to format my C and D after ward, and correct their boot records. But I think Windows installation will do that.


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 30, 2016 8:55 pm 
Offline

Joined: Tue Aug 30, 2016 8:38 pm
Posts: 1
Is there any way I can use a TestDisk LiveCD with a CD that only has 702 MB of space? (Or any software that does the same job)
Edit: Tried using MagicISO for BootICE, it says the CD isn't empty (it is).


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 31, 2016 12:16 am 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5340
@Faederwulf, do you have a spare USB flash drive? Disc images can be written to USB flash drives using Rufus for example.

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 01, 2016 8:35 am 
Offline

Joined: Thu Sep 01, 2016 8:25 am
Posts: 1
I got the W10 anniversary update on my home laptop this morning. The update did not uninstall ClassicShell v4.2.5, it blocked it and also blocked the install for 4.2.5. I then had to download 4.3 and it installed and is now working.


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 21, 2016 9:11 am 
Offline

Joined: Wed Sep 21, 2016 9:09 am
Posts: 1
So what's the situation with the Anniv. update? Is 4.3 OK?


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 21, 2016 9:16 am 
Offline
Site Admin
User avatar

Joined: Wed Jan 02, 2013 11:38 pm
Posts: 5310
Yes, 4.3.0 works fine with the Update.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 100 posts ]  Go to page Previous  1, 2

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group, Almsamim WYSIWYG Classic Shell © 2010-2016, Ivo Beltchev.
All right reserved.