EXtremely Urgent - NTLDR is missing. 24 replies

Please wait...

Tango Protocol

Master of my own domain

50 XP

18th July 2003

0 Uploads

8,283 Posts

0 Threads

#1 12 years ago

I was browsing the web and I seem to have triggered a malicious javascript, which trigger its own sister javascript which in turn downloaded Bloodhound.W32, and probably other viruses (Norton only alerted me Bloodhound.) Now I assume BH isn't all that hard to get rid of but thats not the problem. Here's the background information. My school loaned a computer so I could work on the website for the robotics team. I've had it about a week. Now, I log onto i think it was addictinggames.com (i was bored, wanted some relaxation from programming) and I get an error from norton saying malicious script, iexplorer.exe. I figured it was a false positive, but I clicked "Don't Allow Script to Run." All IE promptly closed soon after that. I then got anothe norton notifcation about SpecialFolder.js (the path was in Program Files). I clicked "Don't allow..". Seconds after, I get "Folder.js".. which if I recall correctly was also in my Program Files. I put my away message on AIM up and went to watch a movie. A remembered that I was expecting an email, so I went back, turned on my monitor and I see that my "Shutdown Computer Options" window just came up, and then ontop of that, some kind of advertisement for some kind of malware removal product ad came up. Simultaniously, Norton Alerted me of Bloodhound.W32, but with no options... It then turned off completely. I turned it back on and now I get the NTLDR is missing, press C+A+D to restart. Here is what my computer had running in my task bar: AIM, Dreamweaver, Google SketchUp, Internet Explorer Here are the only EXEs I downloaded Dreamweaver (1 week ago), AIM (1 week ago), Google Sketch up (4 days ago), Macromedia Fireworks (1 day ago). I've done some googling and had a friend look some stuff up. Here's instructions I received for a a boot disk

boot.ini: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINNT [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional" /fastdetect

It also says I need NTLDR and NTDETECT.COM from a Win 2k Pro installation (since that's the OS the computer has). My dad's laptop is Win XP Pro... so I am kind of screwed Anyone still on 2K Pro? Any other advice greatly appreciated.. Oh, if Mr Troy, the robotics mentor finds out... I'm screwed.




marvinmatthew

Tech is where you'll find me..

50 XP

13th April 2005

0 Uploads

3,627 Posts

0 Threads

#2 12 years ago

Generally speaking, the only way to completely clean your computer, is to do a full reformat, as you seem to want to do.

However, the problem with this is odviously, that you need a copy of Win2Kpro, which people do still use, and you can probably find somewhere.

If anything though, you should come clean with your robotics teacher, as it would be worse to return the infected machine, and have it hooked up to the school's network, as that could be very bad.




Tango Protocol

Master of my own domain

50 XP

18th July 2003

0 Uploads

8,283 Posts

0 Threads

#3 12 years ago

The problem is, if I do reformat then the manager of district tech (mr troy) will know anyway because there were some programs installed on here before he loaned it to me. I mean it was pretty much bare bones. Internet Explorer, tightVNC, and also [EMAIL="SETI@Home"]SETI@Home[/EMAIL] (wtf is that?) Plus there are settings that relate to the school like the "registered to" shit.




marvinmatthew

Tech is where you'll find me..

50 XP

13th April 2005

0 Uploads

3,627 Posts

0 Threads

#4 12 years ago

Good point.

Well, you can download a few anti-virus programs, install them, and remove them once your done.

AVG Free Edition, and Avast! come to mind.




Enterprise2002

Your friendly nutcase

50 XP

15th December 2002

0 Uploads

873 Posts

0 Threads

#5 12 years ago

I didn't think he could get in to windows. And to answer your question about the SETI@home, click here.

Plus, I'd suggest you tell your robotics teacher, he would most likely be able to fix it, one way or another if its his.




Tango Protocol

Master of my own domain

50 XP

18th July 2003

0 Uploads

8,283 Posts

0 Threads

#6 12 years ago

Well it's not his per se. It's a school computer and he is basically incharge of all tech on the district. It does have AV on it. NAV. But.. the definations weren't up to date (subscription expired, pay for anotther sub, etc) Also my windows was not up to do date either. I don't know what SP it had either. I didnt perform any security updates unless i was told to because I didn't want to screw things up... mostly because my dad downloaded urgent system updates from update.windows.com and he got the BSOD whenever he turned on the computer.. bu tthats besides the point




marvinmatthew

Tech is where you'll find me..

50 XP

13th April 2005

0 Uploads

3,627 Posts

0 Threads

#7 12 years ago

Well I would say that it's not your fault then if they weren't paying to have the AV updates kept current.

What site were you on when this happened?




Tango Protocol

Master of my own domain

50 XP

18th July 2003

0 Uploads

8,283 Posts

0 Threads

#8 12 years ago

I dont remember exactly. I belive it was more than one, but I do know the last website I entered before it crashed (i think it was like 5 minutes) was addictinggames.com. I can't assess the validity of that though, because I wasn't paying attention to that (I wasnt expecting the system to crash, and I usually have multiple things at once) Here is an update though I created a boot disk with ntldr and ntdetect.sys on it. It passed the beginning part but now it says that /system32/hal.dll can not me found.




marvinmatthew

Tech is where you'll find me..

50 XP

13th April 2005

0 Uploads

3,627 Posts

0 Threads

#9 12 years ago

Here's what site advisor has to say about addicitinggames.com: http://www.siteadvisor.com/sites/addictinggames.com?ref=safesearch&aff_id=0

Anyway, that's pretty bad if a file is missing from Windows Root.




Tango Protocol

Master of my own domain

50 XP

18th July 2003

0 Uploads

8,283 Posts

0 Threads

#10 12 years ago

I'm a long time user of addicting games.com and never had any problems. I did some research on the javascript file that was detected. It comes hand in hand with a trojan called AdClick. So possible a malicious advertisement loaded it? I did some more research and it says that my boot.ini is messed up, so I take it that the sample boot.ini i got wasn't correct. so I am gonna add other samples and see what I can get.