[SOLVED] Possible Boot sector virus? Winload.exe wont load. Windows Defender found Persistence!rfn

1WaffleIron

Distinguished
May 11, 2013
24
0
18,510
0
Hi all,

Last night a friend I thought I could trust when it comes to this stuff, shared a cracked program with me, telling me that it was safe. I scanned it with Malwarebytes Pro and it came back fine. I stupidly downloaded it and immediately realized the installer was doing something shady. I'm pretty sure it was attempting to make changes to my MBR. I was too late to stop it and although my computer did not show any signs of infection after the download, i decided to run a Quick Scan with Windows Defender. It found the trojan Win32/Persistence!rfn. I removed it with defender. I told my friend and asked where he got the program from, then looked up the site and first off, the site was blocked by my Malwarebytes, second, plenty of people have complained about the site hiding Cryptominers and Ransomwear in it's downloads.

The next thing I did, which in hindsight might have been the wrong choice, was frantically attempt to use a backup of my system drive to attempt go restore to a clean version from earlier this week. The new problem is that after my computer restarted, it was unable to boot windows! I receive an error from my bootmanager stating:

\Windows\system32\winload.exe

0xc000000e

The selected entry could not be loaded because the application is missing or corrupted.


So, my computer is now seemingly out of commission and i'm very freaked out that there's something bad hiding in the bios and what not. I'm out of my element here and would appreciate some help. My first instinct is to repair windows using the Windows 7 Install disk and to use bootrec to repairmbr but I don't want to do more damage here. Even if I have to reformat and start with a fresh computer I'd just like to be sure I get rid of whatever this is. I know without me being able to send logs or info from the comp it may be hard to help but I appreciate any advice you have. Thank you!
 

USAFRet

Titan
Moderator
Mar 16, 2013
123,067
3,762
159,940
19,504
Full wipe and reinstall.

From a different, known good system, create a new Win 10 USB to install with.

Full wipe and reinstall.

 

USAFRet

Titan
Moderator
Mar 16, 2013
123,067
3,762
159,940
19,504
Full wipe and reinstall.

From a different, known good system, create a new Win 10 USB to install with.

Full wipe and reinstall.

 

1WaffleIron

Distinguished
May 11, 2013
24
0
18,510
0
Full wipe and reinstall.

From a different, known good system, create a new Win 10 USB to install with.

Full wipe and reinstall.

Thanks for the quick reply. I have a D drive for my data, should I be wiping that as well? Can I just wipe the system drive? In doing a full wipe does that also mean I should be reformatting. Sorry if i'm coming off like a rookie, I just want to be 100% sure.

I didnt get the oppurtunity to make a proper backup, though I do have most of it, it would be a real loss if I had to wipe my D drive too. Of course i'm willing to.
 

USAFRet

Titan
Moderator
Mar 16, 2013
123,067
3,762
159,940
19,504
Also I'm running windows 7 not 10 so is it ok for me to just use my Windows 7 install disk?
If you have a working WIn 7 DVD, use that.
Deletion of ALL existing partitions.

For your other drive? Unknown.
In any case, have it disconnected and offline when you do this install.

Backups? As said, that needs to happen before something bad happens.
Dead drive, virus, accidental deletion, whatever. All of those might cause loss off data. A good backup routine will recover it.

 

1WaffleIron

Distinguished
May 11, 2013
24
0
18,510
0
Last question i promise, and then i'm off to work on it. I read a few articles that suggested doing a low level format in addition to the wipe and reinstall for a Boot virus like this. Would that be overkill?
 

1WaffleIron

Distinguished
May 11, 2013
24
0
18,510
0
So it looks like the drive was already wiped? When I started the install it seems like I had 100% unallocated space. There was one partition with a 100mb that i deleted. Now I'm left with a blank Disk 0. It won't even give me the option to delete it.

I'm thinking maybe when I tried to use my system restore program to go to a previous backup, something went wrong and the system was just wiped without installing anything and THAT is why I was unable to boot. So you're right about this not being a boot virus. I just had nothing to boot from. Going to try to reinstall windows to it now. Thank you again!
 

1WaffleIron

Distinguished
May 11, 2013
24
0
18,510
0
Thank you once more. Got windows installed. Now the issue I've been dealing with is that the fresh windows installation wont recognize my modem for some reason and is unable to find any drivers for it since it's offline. I've got it plugged in via ethernet but it just wont work. Netgear doesn't provide the driver file so I cant even download it on my laptop and transfer it over via usb. Unfortunately for me my backup program EaseTodo wont let me install it without a connection so until I solve this issue, I cant restore to my backup from last week. I'll troubleshoot this elsewhere i guess. Anyway, I appreciate everything. Hope you're staying safe through all of this Covid-19 stuff!
 

USAFRet

Titan
Moderator
Mar 16, 2013
123,067
3,762
159,940
19,504
Thank you once more. Got windows installed. Now the issue I've been dealing with is that the fresh windows installation wont recognize my modem for some reason and is unable to find any drivers for it since it's offline. I've got it plugged in via ethernet but it just wont work. Netgear doesn't provide the driver file so I cant even download it on my laptop and transfer it over via usb. Unfortunately for me my backup program EaseTodo wont let me install it without a connection so until I solve this issue, I cant restore to my backup from last week. I'll troubleshoot this elsewhere i guess. Anyway, I appreciate everything. Hope you're staying safe through all of this Covid-19 stuff!
You need the LAN driver for your motherboard.

Then, try to access your router.
 

ASK THE COMMUNITY

TRENDING THREADS