Classic Shell
http://www.classicshell.net/forum/

W10 anniversary update, installed CS4.3 , had to repair OS
http://www.classicshell.net/forum/viewtopic.php?f=22&t=6434
Page 2 of 2

Author:  SquaredCircle84 [ Wed Aug 03, 2016 2:30 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

anewuser wrote:
Friend, you aren't supposed to just copy the ISO file like that or extract its contents. You gotta "burn" it into the USB dongle (ISO is like a copy of a CD for you to burn it and use it as an original CD).


You can use a program like ROSA Image Writer do burn it to an USB drive, and then format the driver after you are done fixing it all. ROSA Image Writer is free and safe.


Thanks for the information. I'm up and running now, but this is good to know in general. Can you tell I've never done this before? :oops:

Author:  bmdman [ Wed Aug 03, 2016 5:53 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Hi,

Worryingly I was on Fosshub earlier today, downloading Audacity. It seems that I have been infected with this virus.
I have read the posts in this thread and like squaredcircle84, I am not very experienced in PC maintenance.

My first hurdle has been downloading the file ubcd535.iso and burning it to a USB flash drive using RosaImageWriter.

I do this, but I Still boot to the spade logo, (even when selecting the flash drive as the boot device in the menu accessed at power up). On plugging the flash drive into another PC, it seems that the flash drive is not bootable. So where am I going wrong in this 'first simple step'?

Author:  Gaurav [ Wed Aug 03, 2016 6:13 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

The bootable flash drive can either be MBR partitioned or GPT depending on what your PC supports. For MBR, choose NTFS file system for the bootable drive. For UEFI/GPT choose FAT32. Also try using another tool to write the ISO to USB. Maybe the tool you are using doesn't support the specific combination your PC has: UEFI/MBR, UEFI/GPT or BIOS/MBR. I recommend Rufus: https://rufus.akeo.ie/

Author:  dmccabe [ Wed Aug 03, 2016 7:11 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Like most others, I am really confused with trying to fix this.

If I try booting normally, I get the boot/bcd error:


If I try booting selecting a boot option of SSD...


...I get the Spade prompt:


I have tried the following:

- Boot into Win10 Repair USB and tried Startup Repair - Failed
- Boot into Win10 Repair USB and tried the command prompt > bootrec /fixmbr > exit > removed disk > Startup Repair - Failed
- Boot into Win10 Repair USB and tried the command prompt > bootrec /fixboot <enter> > bootrec /fixmbr <enter > bootrec /rebuildbcd > exit > removed disk > Startup Repair - Failed (tried above again with adding bootsect /nt60 SYS and still failed)

- Tried DISKPART in the command prompt and it showed the following information:
I have 8 volumes (7 installed hard drives and the USB boot drive). Volume 1 was the affected SSD
- sel disk 1
- list vol
DISKPART listed all my other HDD's but did not show the SSD or any mbr (mbr should have been 100mb in size and FAT32 according to google searches), so couldn't fix the mbr this way either!!!



It seems then, that the Win10 Recovery disk (repair startup, bootrec.exe and diskpart.exe) does not recognize the corrupted SSD. At all!


So... Downloaded and boot from UBCD and run testdisk > selected the SSD > selected EFI/GPT partition type > Analyse > Quick Search:
It returned 5 entries:


P MS Data (1)


P MS Data (2)


D MS Data (3) - Shows that my C: drive data is still intact


D MS Data (4)


D MS Data (5)


Upon running gparted, I get the following:


Bottom line is, I am at a total loss on what to perform next to repair the mbr.
Please, please, please can someone help!!!

Thanks,

David

Author:  bmdman [ Wed Aug 03, 2016 8:30 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Gaurav wrote:
The bootable flash drive can either be MBR partitioned or GPT depending on what your PC supports. For MBR, choose NTFS file system for the bootable drive. For UEFI/GPT choose FAT32. Also try using another tool to write the ISO to USB. Maybe the tool you are using doesn't support the specific combination your PC has: UEFI/MBR, UEFI/GPT or BIOS/MBR. I recommend Rufus: https://rufus.akeo.ie/

Thanks I was able to create a bootable flash drive at last.
But much like the other novices here, I'm unsure of exactly where to go with this now. If anyone can provide step by step guidance, without assuming that I understand the finer nuances, it would be a great help.

Author:  CaffeinePizza [ Wed Aug 03, 2016 8:39 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

dmccabe wrote:
Like most others, I am really confused with trying to fix this.

If I try booting normally, I get the boot/bcd error:


If I try booting selecting a boot option of SSD...


...I get the Spade prompt:


I have tried the following:

- Boot into Win10 Repair USB and tried Startup Repair - Failed
- Boot into Win10 Repair USB and tried the command prompt > bootrec /fixmbr > exit > removed disk > Startup Repair - Failed
- Boot into Win10 Repair USB and tried the command prompt > bootrec /fixboot <enter> > bootrec /fixmbr <enter > bootrec /rebuildbcd > exit > removed disk > Startup Repair - Failed (tried above again with adding bootsect /nt60 SYS and still failed)

- Tried DISKPART in the command prompt and it showed the following information:
I have 8 volumes (7 installed hard drives and the USB boot drive). Volume 1 was the affected SSD
- sel disk 1
- list vol
DISKPART listed all my other HDD's but did not show the SSD or any mbr (mbr should have been 100mb in size and FAT32 according to google searches), so couldn't fix the mbr this way either!!!



It seems then, that the Win10 Recovery disk (repair startup, bootrec.exe and diskpart.exe) does not recognize the corrupted SSD. At all!


So... Downloaded and boot from UBCD and run testdisk > selected the SSD > selected EFI/GPT partition type > Analyse > Quick Search:
It returned 5 entries:


P MS Data (1)


P MS Data (2)


D MS Data (3) - Shows that my C: drive data is still intact


D MS Data (4)


D MS Data (5)


Upon running gparted, I get the following:


Bottom line is, I am at a total loss on what to perform next to repair the mbr.
Please, please, please can someone help!!!

Thanks,

David



Unplug any other drives from the system except for the one that is affected and try running testdisk again. You may have to do the deeper search option in testdisk.

You may be able to start from your Windows disk, open cmd with shift+f10, type in notepad, click file>open, and figure out which drive letter is your Windows installation. Close notepad and go back to the cmd. Type in "bcdboot DRIVELETTER:\Windows /s DRIVELETTER: /f UEFI" an example if your Windows drive happens to be conveniently at drive C in WinPE: "bcdboot C:\Windows /s C: /f UEFI" In my case I didn't have to use bcdboot since I was MBR/BIOS based but I did notice my Windows drive ended up on drive D instead of C. Check to make sure first. Unplug any drives that aren't affected.

Author:  Gaurav [ Wed Aug 03, 2016 10:29 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

@dmccabe, Yes with so many disk drives, I would recommend temporarily unplugging them until the affected drive is fixed. You can reconnect them later of course. Windows Startup Repair and bootrec /rebuildbcd sometimes get confused when there are many drives present.

@bmdman, have you tried these step-by-step instructions? viewtopic.php?f=22&t=6440

Author:  aussiebear [ Wed Aug 03, 2016 1:02 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

bmdman wrote:
Hi,

Worryingly I was on Fosshub earlier today, downloading Audacity. It seems that I have been infected with this virus.


The hacker group targeted both Classic Shell and Audacity with the same malware.

Here's the explanation from the Audacity developers, as well as an update from FOSSHUB folks.
=> http://www.audacityteam.org/compromised ... d-partner/

Author:  Gaurav [ Wed Aug 03, 2016 3:05 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

I just tried running the infected installer for experimentation in an isolated virtual machine with UEFI 2.1 and it became unbootable too.

Author:  aussiebear [ Wed Aug 03, 2016 3:06 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Gaurav wrote:
I just tried running the infected installer for experimentation in an isolated virtual machine with UEFI 2.1 and it became unbootable too.


Was "secure boot" enabled?

Author:  Guest [ Wed Aug 03, 2016 3:18 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Hi All,

just a quick question. I have had Classic Shell installed for awhile. Am I safe if I update it.

Is this just affecting brand new downloads from the mirror, or is it similar to Puush in that they also went after updating?

Thanks for any assistance!

Author:  Gaurav [ Wed Aug 03, 2016 3:23 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

No the Virtual Machine app, VirtualBox doesn't have Secure Boot yet for guests. I don't know any other Type 2 hypervisor either that supports it. Hyper-V on Windows 8.1, which is a Type 1 hypervisor supports Secure Boot for VMs. Will try it later.

Author:  Ivo [ Wed Aug 03, 2016 3:31 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Guest wrote:
Hi All,

just a quick question. I have had Classic Shell installed for awhile. Am I safe if I update it.

Is this just affecting brand new downloads from the mirror, or is it similar to Puush in that they also went after updating?

Thanks for any assistance!

Yes, it is safe to download from the main site. Before running it verify that the file has a valid digital signature. Don't accept any UAC prompts that say "Publisher: Unknown".

Author:  dmccabe [ Wed Aug 03, 2016 4:00 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Yay!!! :D

Finally managed to get this fixed. Thank to CaffeinePizza and Gaurav for suggesting to remove the other drives, leaving the C: SSD as the lone solitary one.
bootrec /fixmbr and Repair Startup worked first time with the one drive installed.

Thanks again for the assistance. I couldn't bear spending the next week or so rebuilding Windows back to its original state.
(Time to clone a backup methinks)

Thanks again from one happy Scotsman :D

Author:  Guest [ Wed Aug 03, 2016 4:01 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Ivo wrote:
Guest wrote:
Hi All,
just a quick question. I have had Classic Shell installed for awhile. Am I safe if I update it.

Is this just affecting brand new downloads from the mirror, or is it similar to Puush in that they also went after updating?

Thanks for any assistance!

Yes, it is safe to download from the main site. Before running it verify that the file has a valid digital signature. Don't accept any UAC prompts that say "Publisher: Unknown".



Thank you, I was more wondering if it is safe to update it as I already had it installed for the past year. :)

Author:  SquaredCircle84 [ Wed Aug 03, 2016 4:02 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

bmdman wrote:
Thanks I was able to create a bootable flash drive at last.
But much like the other novices here, I'm unsure of exactly where to go with this now. If anyone can provide step by step guidance, without assuming that I understand the finer nuances, it would be a great help.


Have you tried the guide here? That's what worked for me, and I'm an amateur when it comes to this stuff. Good luck!

Here's a YouTube video showing the steps, too.

Author:  TheSoulless [ Thu Aug 04, 2016 7:35 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Is it still infected? I heard about this virus from danooct1 so I looked to see if it was still live

Author:  Ivo [ Thu Aug 04, 2016 7:44 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

The download from the main page is clean. The website that was compromised is currently offline.

Author:  TheSoulless [ Thu Aug 04, 2016 7:49 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Ivo wrote:
The download from the main page is clean. The website that was compromised is currently offline.


Ok thank you ivo

Author:  TheFly [ Thu Aug 04, 2016 10:05 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

I thank everyone that is wrote everything here, @danooct1, on /r/PCmasterrace and /r/Windows10, but unfortunately none of it has worked for me. Below is step by step of what has happened to my machine in the last 72 hours.

Before I begin my setup is as follows. Note, I'm currently operating on my Samsung Galaxy Note 3.

C:\ is my 250gb SSD for Windows and program files.
D:\ is my 500gb HDD for e v e r t h i n g else. Music, movies, photos, videos, cell phone data back up, applications from winzip to Adobe Premiere, back files like favorites, invoices, etc. etc. etc. etc. etc. I do have an external back up... I think I last updated in February. None the less I have crucial files to lose.

1. Install Windows 10 from the free the upgrade on my Windows 7 (I think premium) 64bit. It's not an OEM, I have a key.

2. I installed the infected version of Classic Shell. Ran the setup and a small window appeared then disappeared almost immediately.

3. I noticed the D drive missing from File Explorer. I rebooted.

4. I am greeted with a black screen with a white spade and a white blinking cursor next to each other in the bottom left corner. The machine freezes here and does not go any further.

5. I seek help on Reddit on /r/Windows 10. I am told to make a recovery USB on an operational PC. Did that. Boot up, choose 64-bit installation.

6. Get a message that says: it looks like you started an upgrade and booted from installation media period if you want to continue with the upgrade, remove the media from your PC and click yes. If you want to perform a clean installation instead, click No.

7a. Clicking yes just reboots the machine and boots the USB Drive again. Dead end.

7b. So I click No.

8. I'm greeted with the first Windows setup window. it asks for Language to install, Time and currency, keyboard and input method. Everything is fine. Next.

9. Second window gives me two options. In the center is a big inviting button that says Install Now. In the bottom left is the Repair Your Computer option. I choose repair.

10. In this screen I have 2 options. 1) Troubleshoot and 2) Turn Off your PC. I choose troubleshoot.

11. In Troubleshoot, I have the following options: SYSTEM RESTORE, SYSTEM IMAGE RECOVERY, STARTUP REPAIR, COMMAND PROMPT, UEFI FIRMWARE SETTINGS, GO BACK TO PREVIOUS BUILD.

12. I started with Start Up Repair first. Click it. I get this message "Start Up Repair couldn't repair your PC. Press advanced options to try other options to repair your PC or shut down to turn off your PC. Advanced options just brings me back to step 10.

13. I try System Restore, I get this message in a window with a white x in a red circle: to use system restore you must specify which Windows installation to restore. Restart this computer select an operating system and then select system restore. I cannot do any of this.

14. I try System Image Recovery. I get a message that says this: windows cannot find a system image on this computer. Attach the backup hard disk or answer to the final DVD from a backup set and click retry. Alternatively close this dialogue for more options.

14a. I asked on Reddit but no one gave me a definitive answer; if it was possible for someone to give me an image file and then I could put it on an external HDD or USB key and then use it for this step? But perhaps that's not possible or it shouldn't be necessary. None the less, let's move on.

15. I tried going back to previous build option. It said: we ran into a problem and won't be able to take you back to the previous build. Try resetting your current build instead.

16. This is when I looked further and found the YouTube video by @danooct1.

17. I did just what he said to do. Went back to Startup Repair, but still getting the message in step 12.

18. I followed the link in the description to here. Finally found people that were getting the spade and cursor, not the message that says the journey ends here. CaffeinePizza was the first user that had my symptoms but they said their fix was for every Win OS but not 10. So that doesn't help me.

19. Back on Reddit someone suggested I try ##Windows on IRC and I was met with lukewarm reception at best. I logged in, explained my issue, and received these two responses:. "ew Classic Shell", and, "Users in here don't respond well to third party apps". I haven't been in an IRC chatroom since I thought I was a 1337 haxor back in the t50.com/astalavista.box.sk warez days, but being on my Note 3, I wasn't about to try and squeeze out any help on my puny 5 inch screen with these guys acting like that.

So now I'm about to enter Doomsday Scenario unless someone can actually help me out here.

20. In command prompt, I tried to see if I could format my C drive and possibly start over. The format instruction works but I didn't go through with it for obvious reasons.

21. I then went back to step 9 and tried that big inviting button that said Install Now. I applied my Win 7 key and it works. Now I saw something devastating but I only hope it's the virus at work and not the truth.

So in the installation process it prompts to choose drives to install on. My C drive is unable to (unless I choose the format option it offers).

But then I saw something on my 500gb D drive. It says 500gb capacity, 500gb free. Before anything else, can someone tell me whether or not that's a true reading of my drive, or is that just the MBR being screwed up? Because if it's a true reading I will have lost some crucial pieces of my life.

Additionally, would it help if I installed a fresh install of Windows on an external drive, that way I could get in and fix this problem on a working OS, or is that unnecessary; I mean I'd prefer not to install on an external and fix the problem from here.

So, this is where I'm at. I've given every piece of detail up to this point. Man like... I really just want this fixed. I'm not an idiot, I know to run a computer... Jeeze, someone call me and walk me through it if you know exactly what to do.

Thanks for any help.

Author:  Guest [ Thu Aug 04, 2016 12:34 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

TheFly wrote:
I thank everyone that is wrote everything here, @danooct1, on /r/PCmasterrace and /r/Windows10, but unfortunately none of it has worked for me. Below is step by step of what has happened to my machine in the last 72 hours.

Before I begin my setup is as follows. Note, I'm currently operating on my Samsung Galaxy Note 3.

C:\ is my 250gb SSD for Windows and program files.
D:\ is my 500gb HDD for e v e r t h i n g else. Music, movies, photos, videos, cell phone data back up, applications from winzip to Adobe Premiere, back files like favorites, invoices, etc. etc. etc. etc. etc. I do have an external back up... I think I last updated in February. None the less I have crucial files to lose.

1. Install Windows 10 from the free the upgrade on my Windows 7 (I think premium) 64bit. It's not an OEM, I have a key.

2. I installed the infected version of Classic Shell. Ran the setup and a small window appeared then disappeared almost immediately.

3. I noticed the D drive missing from File Explorer. I rebooted.

4. I am greeted with a black screen with a white spade and a white blinking cursor next to each other in the bottom left corner. The machine freezes here and does not go any further.

5. I seek help on Reddit on /r/Windows 10. I am told to make a recovery USB on an operational PC. Did that. Boot up, choose 64-bit installation.

6. Get a message that says: it looks like you started an upgrade and booted from installation media period if you want to continue with the upgrade, remove the media from your PC and click yes. If you want to perform a clean installation instead, click No.

7a. Clicking yes just reboots the machine and boots the USB Drive again. Dead end.

7b. So I click No.

8. I'm greeted with the first Windows setup window. it asks for Language to install, Time and currency, keyboard and input method. Everything is fine. Next.

9. Second window gives me two options. In the center is a big inviting button that says Install Now. In the bottom left is the Repair Your Computer option. I choose repair.

10. In this screen I have 2 options. 1) Troubleshoot and 2) Turn Off your PC. I choose troubleshoot.

11. In Troubleshoot, I have the following options: SYSTEM RESTORE, SYSTEM IMAGE RECOVERY, STARTUP REPAIR, COMMAND PROMPT, UEFI FIRMWARE SETTINGS, GO BACK TO PREVIOUS BUILD.

12. I started with Start Up Repair first. Click it. I get this message "Start Up Repair couldn't repair your PC. Press advanced options to try other options to repair your PC or shut down to turn off your PC. Advanced options just brings me back to step 10.

13. I try System Restore, I get this message in a window with a white x in a red circle: to use system restore you must specify which Windows installation to restore. Restart this computer select an operating system and then select system restore. I cannot do any of this.

14. I try System Image Recovery. I get a message that says this: windows cannot find a system image on this computer. Attach the backup hard disk or answer to the final DVD from a backup set and click retry. Alternatively close this dialogue for more options.

14a. I asked on Reddit but no one gave me a definitive answer; if it was possible for someone to give me an image file and then I could put it on an external HDD or USB key and then use it for this step? But perhaps that's not possible or it shouldn't be necessary. None the less, let's move on.

15. I tried going back to previous build option. It said: we ran into a problem and won't be able to take you back to the previous build. Try resetting your current build instead.

16. This is when I looked further and found the YouTube video by @danooct1.

17. I did just what he said to do. Went back to Startup Repair, but still getting the message in step 12.

18. I followed the link in the description to here. Finally found people that were getting the spade and cursor, not the message that says the journey ends here. CaffeinePizza was the first user that had my symptoms but they said their fix was for every Win OS but not 10. So that doesn't help me.

19. Back on Reddit someone suggested I try ##Windows on IRC and I was met with lukewarm reception at best. I logged in, explained my issue, and received these two responses:. "ew Classic Shell", and, "Users in here don't respond well to third party apps". I haven't been in an IRC chatroom since I thought I was a 1337 haxor back in the t50.com/astalavista.box.sk warez days, but being on my Note 3, I wasn't about to try and squeeze out any help on my puny 5 inch screen with these guys acting like that.

So now I'm about to enter Doomsday Scenario unless someone can actually help me out here.

20. In command prompt, I tried to see if I could format my C drive and possibly start over. The format instruction works but I didn't go through with it for obvious reasons.

21. I then went back to step 9 and tried that big inviting button that said Install Now. I applied my Win 7 key and it works. Now I saw something devastating but I only hope it's the virus at work and not the truth.

So in the installation process it prompts to choose drives to install on. My C drive is unable to (unless I choose the format option it offers).

But then I saw something on my 500gb D drive. It says 500gb capacity, 500gb free. Before anything else, can someone tell me whether or not that's a true reading of my drive, or is that just the MBR being screwed up? Because if it's a true reading I will have lost some crucial pieces of my life.

Additionally, would it help if I installed a fresh install of Windows on an external drive, that way I could get in and fix this problem on a working OS, or is that unnecessary; I mean I'd prefer not to install on an external and fix the problem from here.

So, this is where I'm at. I've given every piece of detail up to this point. Man like... I really just want this fixed. I'm not an idiot, I know to run a computer... Jeeze, someone call me and walk me through it if you know exactly what to do.

Thanks for any help.



It sounds like your partition table ended up corrupt? My only suggestion would be to find a Linux LiveCD or DOS diskette; something that can run testdisk and see if you can rewrite your partition table. If not, you can go warez and get hiren's bootcd. It should have some software in it that will let you can for "deleted" files on the drive and copy them off to another external hard drive or flash drive.

Author:  CaffeinePizza [ Thu Aug 04, 2016 1:38 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Quote:
It sounds like your partition table ended up corrupt? My only suggestion would be to find a Linux LiveCD or DOS diskette; something that can run testdisk and see if you can rewrite your partition table. If not, you can go warez and get hiren's bootcd. It should have some software in it that will let you can for "deleted" files on the drive and copy them off to another external hard drive or flash drive.



Whoops didn't realize I wasn't logged in. It does sound like your partition table is gone but not the actual data. Try not to create any partitions or write new data to the drive unless you are trying to recover with testdisk.

Author:  dogapult [ Thu Aug 04, 2016 9:00 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

So I'm the next in the list of people who encountered the spade. Pretty sure mine came from a copy of Audacity, since I hadn't updated Classic Shell recently. I'm running Win10.
( have pictures, but imgur makes them massive, so they're linked.)


So far:
Rebooted PC, no dice.
grabbed Win10 installation disk
booted to that
Ran startup repair. it rebooted the PC and went back into the disk
ran it again, it rebooted the PC, and went back into the Win10 disk.
Ran bootrec /fixMbr
"completed successfully"
Rebooted PC, no dice.
Ran Startup Repair. "startup repair failed" this time.
Ran bootrec /FixMbr
"completed successfully"
Ran bootrec /fixboot
"completed successfully"
Ran Startup Repair "startup repair failed."
Burned a copy of UBCD on roommate's computer
rebooted PC
Inserted UBCD, no option to run UEFI SATA BD Drive in my boot menu, only option for disc drive was AHCI, rather than the UEFI option that existed with the Windows DVD inserted.

https://i.imgur.com/qZ31kdU.jpg (with Win10 disc inserted UEFI optical drive is a choice.)

https://i.imgur.com/sQvVo7Z.jpg (with UBCD disc inserted UEFI optical drive is not a choice)

Attempted to run AHCI version, just got "please insert proper boot device"

Getting frustrated.

Create a bootable UBCD flash drive using my 9 year old laptop.
Plug in.
Boot up.
Two choices: UEFI:USB and USB:USB

https://i.imgur.com/iTTOfSP.jpg (two choices)


ran "USB:USB"
Boot into UBCD.

https://i.imgur.com/8gACw6U.jpg (UBCD worked!)

Run "testdisk 7.0"
Boots up PartedMagic

https://i.imgur.com/9vUamKS.jpg (figured default was a good choice)

Select "Testdisk" under "System Tools"

https://i.imgur.com/FaTthnc.jpg

Check out the disk

https://i.imgur.com/lCog4GK.jpg (seems to have found it)

Everything seems okay

https://i.imgur.com/1Jjs8Lx.jpg (it said that was detected, so I went with it)

https://i.imgur.com/9w8gTmR.jpg (doing analysis)

Partitions seem okay, I guess. not really sure what I'm looking at.

https://i.imgur.com/a5JFlNQ.jpg ( I don't think I had two partitions, but a lot of drives have that little bit of extra space)

"write partitions to disk"

https://i.imgur.com/Cj40rKF.jpg (y)

it did it.
Reboot the system
Still nothing.


What am I missing?

Author:  TheFly [ Thu Aug 04, 2016 10:44 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

CaffeinePizza wrote:
Quote:
It sounds like your partition table ended up corrupt? My only suggestion would be to find a Linux LiveCD or DOS diskette; something that can run testdisk and see if you can rewrite your partition table. If not, you can go warez and get hiren's bootcd. It should have some software in it that will let you can for "deleted" files on the drive and copy them off to another external hard drive or flash drive.



Whoops didn't realize I wasn't logged in. It does sound like your partition table is gone but not the actual data. Try not to create any partitions or write new data to the drive unless you are trying to recover with testdisk.



Someone suggested I use Gparted on Ubuntu.

This is good? Same thing you suggested? And will work on my 64-bit machine?

Author:  Gaurav [ Thu Aug 04, 2016 11:06 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

@dogapult, Startup Repair should be the last step, after you have recovered your partition table and fixed your MBR. Try it preferably with just the boot drive attached and other drives temporarily disabled.

Author:  dogapult [ Thu Aug 04, 2016 11:37 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Gaurav wrote:
@dogapult, Startup Repair should be the last step, after you have recovered your partition table and fixed your MBR. Try it preferably with just the boot drive attached and other drives temporarily disabled.


Gaurav wrote:
@dogapult, Startup Repair should be the last step, after you have recovered your partition table and fixed your MBR. Try it preferably with just the boot drive attached and other drives temporarily disabled.


Okay, so in order:
1. run testdisk and write the partitions. They seem to be there, but I don't necessarily know what I'm looking for.
2. run Bootrec and /fixMbr and /fixboot
3. run Startup Repair.

Okay, I'll give that a shot and report back.

I just tried those in that order. there's only my solid state attached. (other than the bluray drive that has the Win10 disc in it, and the flash drive with UBCD.

I ran just "quick search" on testdisk, I'm not sure if I should have run "deeper search." everything really seemed in order.

I wrote the partitions, and then rebooted into the Win10 recovery DVD, and ran both of those bootrecs.

I ran startup repair and just got "couldn't repair your PC." I wish I could show you guys more, I'm usually a fairly tech-savvy person, but this is kicking my butt.

Author:  Gaurav [ Thu Aug 04, 2016 11:55 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

@dogapult, also try bootrec /rebuildbcd.

Author:  dogapult [ Fri Aug 05, 2016 12:15 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Gaurav wrote:
@dogapult, also try bootrec /rebuildbcd.


http://imgur.com/a/a1MVV

this is annoyingly what I get.

I'm sorry for being a bother, I realize this isn't a forum for figuring out what's wrong with my system.

Author:  Guest [ Fri Aug 05, 2016 4:06 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

PRESS:

Classic Shell, Audacity downloads infected with retro MBR nuke nasty
The Register
Hackers were able to inject some retro-malware into the popular applications' installers hosted on fosshub.com, an official home for Classic Shell and ...
http://www.theregister.co.uk/2016/08/04/classicshell_audicity_infection/

Author:  Guest [ Fri Aug 05, 2016 4:17 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Guest wrote:
PRESS:

Classic Shell, Audacity downloads infected with retro MBR nuke nasty
The Register
Hackers were able to inject some retro-malware into the popular applications' installers hosted on fosshub.com, an official home for Classic Shell and ...
http://www.theregister.co.uk/2016/08/04/classicshell_audicity_infection/


This may be a helpful tool to reset the MBR - but only up to Vista and Win 7, of course with Win8 replacing BIOS as we knew it. This tool is used to quickly safely remove Linux and its partitions, any, and resetthe MBR record. It may be possible to use just the reset MBR record and then even run the quick learning curve to see if any of the partition etc can be dealt with if existential via the infection (s).

WATCH THIS SHORT HOW TO VIDEO TO SEE IT.... https://www.youtube.com/watch?v=Z6I6xv8BNoc


I Live here on the net: HOME: https://sites.google.com/site/pcsecurityhelper/

Author:  Guest [ Fri Aug 05, 2016 10:57 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

I got hit with this unfortunately. It was a fresh install, so I simply did another clean install using a USB with Windows 10 on it. However, I was wondering if anyone here was able to analyze the source to see if the trojan had anything else packaged with it other than breaking the MBR. I'm super paranoid about there being something else (like a keylogger for example) hidden that a basic reinstall wouldn't catch. I was considering using diskpart's clean all command to zero the drive before reinstalling another clean copy of Windows. Does anyone happen to know if doing this would cover my bases (or as aforementioned, was anyone able to analyze the source code/knows someone who did to verify its contents)?

Sorry for the paranoia. This has been the first bad download for me in over a decade - all because I was an idiot and too tired/lazy to check the fosshub file. I just want to make sure it's 100% dealt with and that it isn't hiding in the BIOS or somewhere that a normal reinstall wouldn't cover.

Author:  TheFly [ Fri Aug 05, 2016 2:46 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

I'm in Ubuntu, in Gparted.

How do I fix the MBR here?

Author:  TheFly [ Fri Aug 05, 2016 3:19 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

CaffeinePizza wrote:
I got hit with it too. It showed up as a blinking cursor with a spade in the lower left corner.
I "updated" Classic Shell on a server running Server 2012 R2, installed some Windows updates, rebooted, no go.
I "updated" on one of my personal computers. Same thing. I knew it wasn't drive failure at this point. Classic Shell was the last thing I had installed a couple hours earlier before I ended up rebooting.

How I fixed it: Applies to NT version 6 only! (Windows 7, 8, 8.1, Server 2008, 2012, 2012 R2. NOT 10)

I had Linux Mint 18 on a flash drive from a previous installation (lucked out).
Booted up Mint USB.
Open the Menu>Administration>GParted and see if you hard drive shows any partitions. You may luck out that your partition table wasn't cooked and only have to skip down and rewrite MBR. If it shows your drive as unallocated, continue with instructions.
Open terminal
run "sudo apt-get install testdisk" without quotes in terminal to install testdisk
(AT YOUR OWN RISK)
run "sudo testdisk"
analyse disk, made sure it found all of the correct partitions, wrote the partition table.
reboot and removed Mint USB.
booted from Windows installation USB/DVD corresponding to the version of Windows that is installed on the computer (for me, Server 2012 R2 and Windows 7)
When it gets to the start installation screen, push Shift + F10 to open command prompt

(AT YOUR OWN RISK)
bootsect /nt60 SYS /force /mbr
bootrec /fixmbr
bootrec /fixboot
bootrec /rebuildbcd (wait for it to find your installation and type y for yes)
exit (to close cmd)
reboot
Let it log into Windows.
May be good idea to remove any Classic Shell installations, download a clean copy provided by Ivo, and reinstall it.
Also probably good idea to run scan with something like malwarebytes to make sure you're clean.

sorry for the poorly written post. I was pulling my hair out for an hour until I found that someone else had the same problem. Hopefully I help someone. :)
♠_


edit:
added instruction to check to make sure partition table truly is destroyed before attempting to overwrite it. You don't want to risk losing data that isn't "gone."
thanks for danooct1 shoutout
danooct1 also made the comment in his video that the file size differs between the legit one and the fake one. The real one is around 6.88 MB and the fake one is about 6.81 MB. The fake one also doesn't have a signature which may trigger Windows Smartscreen.



Ugh... I tried to install test disk, and it says unable to locate package test disk

I tried updating Ubuntu, even though I got the latest from the website, and it says: error while moving old database out of the way. app stream cash update Failed.

Omg what do I have to do to get this going...

Author:  TheFly [ Fri Aug 05, 2016 3:32 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

ayyyylmao wrote:
Hey all, to those affected by the malware, I just fixed my partition table on my compromised drive using this software:

http://www.cgsecurity.org/wiki/TestDisk

Restored my partition table completely with no issues. Did a quick scan and then added the found partition back and wrote it to disk. You will definitely want to rewrite the hard drive's MBR code with the Windows MBR code though.

http://www.thewindowsclub.com/repair-ma ... br-windows


How do I run this on ubuntu. I downloaded it, it has no executable file???

Author:  dogapult [ Fri Aug 05, 2016 7:52 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

In case anyone's curious, my install of Win10 was only about a week old, so I just wiped the SSD, repartitioned it, and reinstalled Win10. Only lost a little bit.

Author:  Jcee [ Sat Aug 06, 2016 12:59 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

TheFly wrote:
ayyyylmao wrote:
Hey all, to those affected by the malware, I just fixed my partition table on my compromised drive using this software:

http://www.cgsecurity.org/wiki/TestDisk

Restored my partition table completely with no issues. Did a quick scan and then added the found partition back and wrote it to disk. You will definitely want to rewrite the hard drive's MBR code with the Windows MBR code though.

http://www.thewindowsclub.com/repair-ma ... br-windows


How do I run this on ubuntu. I downloaded it, it has no executable file???



You need to extract the file from the archive...

http://www.7-zip.org/download.html
Look for p7zip on this page

Author:  TheFly [ Sat Aug 06, 2016 3:04 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

I did. Which file do I click on to run it?

I tried entering testdisk and sudo apt-get install testdisk and nothing.

This is crazy, I have the program. It's here. I just want to run it.

Someone said my Ubuntu was read only, 'cause Rufus does read only.

So I used Unetbootin instead. Put 3gb of persistence. I'm still getting error messages.

When I boot Ubuntu I start WITHOUT installing it. Should I install it, is that the issue?

Also, just before it goes into Ubuntu I get this error message on a DOS screen.

9.723222 usb 2-2 device descriptor read/64, error -110
24.940311 usb 2-2 device descriptor read/64, error -110
30.268692 usb 2-2 device descriptor read/64, error -110
45.485782 usb 2-2 device descriptor read/64, error -110
56.110542 usb 2-2 device not accepting address 4, error -110

What. the. hell. Is. Going. On.

At this point I just want to recover the partiion on my HDD D; drive, back up the files, and then bomb the whole machine, and start from scratch with C; SSD and D: HDD. I don't even care about salvaging Windows. I'll just RE-INSTALL e v e r y t h i n g I just wanna back up my 500gb HDD. I need to recover the partition on it.

Author:  TheFly [ Sat Aug 06, 2016 3:39 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Holy shit I FINALLY got testdisk to work.

I had to enable all the Downloadables in System Updates.

At that point, sude update worked

and then sudo apt-get install testdisk worked

SO NOW TESTDISK WORKS. 3 days later LOL.

FYI this is what my SSD (C drive with windows) looks like

http://imgur.com/0FrE1Ud

And my HDD (D drive with music, movies) looks like

http://imgur.com/a/7HZP9

I shouldn't need gparted also right? Is test disk enough?

Should I just follow Caffine Pizza's tutorial???

yay or nay?

Author:  TheFly [ Sat Aug 06, 2016 3:49 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Okay so I'm stuck at anyalyze disk.

How am I supposed to know how many partitions my SSD C drive (the one with Windows) Is supposed to have.

I see 3. a Primary bootable, and two primarys. I have the option to quick search and backup...

His tutorial just says make sure it has the correct number of partitions, restart and remove USB LOL

There's like 7 steps in between that... anyone care to expand on it with me please?

Author:  TheFly [ Sat Aug 06, 2016 4:03 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

actually, as I said, I'm more concerned about the D drive, just like in Gparted, it doesn't show a partition. So it's unallocated. How do I reclaim the partition without damaging the data?

Author:  Ivo [ Sat Aug 06, 2016 4:12 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

@TheFly - I apologize that I am not responding to your questions. I am not at all familiar with the disk recovery process, or the Linux-style recovery. Any suggestion I can give will most likely be wrong.
I hope somebody with a good understanding of partitions and the necessary tools can chime in with some advice.

Author:  TheFly [ Sat Aug 06, 2016 4:43 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

No problem. I appreciate any help I can get. I think I'm really close.

For anyone reading, this is where I'm at.

http://imgur.com/wgz2abl

Author:  TheFly [ Sat Aug 06, 2016 9:00 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

I figured it out. I'm currently copying files from the damaged HDD to an external.

God bless Linux.

Author:  Gaurav [ Sat Aug 06, 2016 11:13 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

@TheFly Glad you could recover your data. I was positive it wasn't wiped but only inaccessible. I am familiar with disk recovery terminology and concepts but not the exact steps which are different for each tool and definitely not familiar at all with the Linux tools. I recommended Testdisk because people said it worked for them. Well, thankfully your data was retrieved. :) Hopefully this will give anyone unfamiliar with the process the confidence to do it on their own.

Author:  TheFly [ Sat Aug 06, 2016 11:51 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Very well said. It was long, it was arduous. It's still not over. I need to format my C and D after ward, and correct their boot records. But I think Windows installation will do that.

Author:  Faederwulf [ Tue Aug 30, 2016 8:55 pm ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Is there any way I can use a TestDisk LiveCD with a CD that only has 702 MB of space? (Or any software that does the same job)
Edit: Tried using MagicISO for BootICE, it says the CD isn't empty (it is).

Author:  Gaurav [ Wed Aug 31, 2016 12:16 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

@Faederwulf, do you have a spare USB flash drive? Disc images can be written to USB flash drives using Rufus for example.

Author:  slimslob [ Thu Sep 01, 2016 8:35 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

I got the W10 anniversary update on my home laptop this morning. The update did not uninstall ClassicShell v4.2.5, it blocked it and also blocked the install for 4.2.5. I then had to download 4.3 and it installed and is now working.

Author:  mycroft [ Wed Sep 21, 2016 9:11 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

So what's the situation with the Anniv. update? Is 4.3 OK?

Author:  Ivo [ Wed Sep 21, 2016 9:16 am ]
Post subject:  Re: W10 anniversary update, installed CS4.3 , had to repair

Yes, 4.3.0 works fine with the Update.

Page 2 of 2 All times are UTC - 8 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/