Windows 7 Startup Repair Looping to no effect

[reynola1]

Hello,

My computer contracted the AntiMalware Doctor/Spyware Suite trojan several days ago. I was able to remove the majority of it, but upon booting AND connecting to the internet I would receive the following message:

"Windows has encounterd a critical error and will restart in 1 minute."

After doing some research the solution seemed to be to run the 2010 Kapersky Recovery disk. I did this, it ran and found several remaining trojans, restarted, and......


Went into startup repair. Now every time I boot, regardless of the choice (Safe mode, last known good config, normal) the computer instead goes to startup repair.


The startup repair will take several minutes and then return saying "could not fix the problem" (I can get the exact error message again if need be).

Here are the things I've tried so far:

Letting startup repair run
Running startup repair from the Windows 7 disk
Using bootrec.exe /FixMbr
Using bootrec.exe /RebuildBCD
Using bootrec.exe /FixBoot

I have put another hard drive in the computer and installed a copy of Windows 7 on it and run EasyBCD 2.0. Using EasyBCD 2.0 I have:

Reset BCD configuration
Recreated/Repaired Boot files
Installed the Windows 7 bootloader to the MBR

So far nothing has worked. Is there any more information that would be of help to solving this?


Thank you in advance.

 

[TorrentG]

Hi.

Based on your description, you have a particularly bothersome strain of malware that affects a Windows service necessary to run.

You will have best luck by low level formatting the hard drive with Killdisk, to 0 it out and destroy all malware.

Then proceed to install Windows by booting to the DVD.

You'll have to backup anything you want to keep, first. I'd be careful though with that, as whatever you backup may be compromised as well.

 

[reynola1]

Well I think I have managed to solve the problem.

Using EasyBCD on my alternate installation I installed the BCD onto my formerly damaged partition.

Now instead of booting into startup repair it would return an error saying that system file ""wwfzuyy.sys"" in the System32/Drivers folder was corrupted. A quick Bing/Google search did not turn up anything so, using the alternate install I removed the file from the damaged windows installation. Rebooted, selected the damaged Windows and.....


Sucsess

Booted straight into windows with no problems. I'm now going to run several virus/malware scans to try and see if it is still there.

TorrentG would you happen to know the name of this bothersome piece of malware?

Anyways I shall be sure to update if anything more of note happens.

Thanks

 

[TorrentG]

No, I don't know the name as I was generalizing.

Based on your post, wwfzuyy.sys was/is definitely malware and it was great what you have done to repair Windows.

I have to say from a technical standpoint though, that once Windows is compromised in this manner, there is absolutely no way to tell what the malware has done behind the scenes, so to speak.
This is not only my opinion, but that of the world famous security expert Steve Gibson.

So I still recommend a clean install in the manner I described above. If you don't care too much and would rather take your chances, you may be fine and get away with the fix you've already done.

 

[reynola1]

I have no doubt that Windows has been compromised. I have allready noticed that the performance has degraded considerably. However, I just need to keep it up and running long enough for me to buy another hard drive to back up my data.

Again, thanks for your help.