Startup options dissappeared after computer infected with a virus.

Joe
Joe used Ask the Experts™
on
About a week ago my computer was infected with a trojan. I removed the virus... I think. When i went to go boot the computer in safe mode it just said ASUS...Windows is starting up then it starts up normally. But no start up options BIOS menu or anything.

The First sign of the infection was that my AV (Kaspersky internet security 2011) detected it. It found Trojan.Win32.TDSS.ccpk. Then about thirty seconds later i could not access anything my admin permissions were completely reduced to nothing. However i have a maintenance admin account for just this purpose. I fixed the problem and completely removed the old admin account and all associated files. Even though my OS is showing no signs of the Trojan but I still cannot access my bois or startup options.

I am pretty experienced with repairing infected computers but ill have to admit that this one is new.

I am running windows 7 Home Premium.
I have a ASUS M4A78T-E motherboard.
I i am lost on where to continue with this

Thanks in advance
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
The trojan or your restore efforts may have reset the BIOS.  If the trojan did so, it was likely to remove any hardware passwords.

Most BIOS startup options are function keys, i.e. F1, F2, F3, etc.  Power the system off completely and turn it on trying each one until you find one that will bring up your BIOS.

Once you have brought up the BIOS, disable any "Quick Boot" settings and enable any F-key Prompt or Display options.  This will slow your boot screen down and ensure that the function keys are listed.

I would further suggest that you use the Kaspersky Rescue Disk.  This will allow you to virus check from an incorruptible live CD.

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
It sounds like you may have been infected with a root kit.  I would start by going to Sysinternals.com and downloading their rootkit revealer:

http://technet.microsoft.com/en-us/sysinternals/bb897445

Can you still get into the bios? It might be that just the splash screen has been disabled and not yet restored.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author of the Year 2011
Top Expert 2006
Commented:
Review the instructions in my article and use the options:
1 -
2 -
6

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html
Author of the Year 2011
Top Expert 2006

Commented:
Experts posting advice about either ComboFix or Malwarebytes are encouraged to read the information here: http://www.experts-exchange.com/Q_26896002.html

Our recommendations for the use of either product need to follow the guidelines of the developers - which in virtually every instance is that both products be run in "Normal Mode".
JoeSystems Administrator

Author

Commented:
Okay no fighting.

I actually just found out a workaround to get the bois menu to come up and for me to be able to boot my computer into safe mode. Then i scanned my computer with malwarebytes and no infections. Kaspersky is a great av.

I installed Asus Express gate (A boot program) after getting my mother Board. When I boot into this and then exit out of it the BIOS options come up normally not like they were before, but it gives me something to work with. The BIOS seemed pretty normal but i reset it to default settings and it still doesn't come up normally.

Is there possibly something going on with the express gate program? I don't use it. I just blindly installed it with the rest of the ASUS motherboard software. It is not in add remove programs so i don't know how to uninstall it.

Any suggestions
Commented:
Express gate helps to boot your computer in 5 secs. I wont recommend uninstalling the program. i think you have an option in bios to disable it.


Ded9

Commented:
So what might be happening is when you are resetting the bios express gate is getting disabled in bios.

Enable express gate and your issue will be resolved.



Ded9
Author of the Year 2011
Top Expert 2006

Commented:
Have you tried the rootkit revealer in http:#a35298554 (cheers4beers)

In addition to the rogue process stoppers I mentioned (followed by MBAM in Normal Mode),
you can also try:
TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

and HitmanPro
http://www.surfright.nl/en/hitmanpro
JoeSystems Administrator

Author

Commented:
Yes no root kits sorry i forgot to post that. I used root kit revealer from sysinternals.

ded9: i will look into your idea. Give me a little bit.
Best way to think about Express Gate is that it's another OS (fyi, linux based), and you've got a dual boot system. BIOS comes before either Express Gate or Windows, so I'm having trouble understanding where you seem to be having a problem. Is there a problem with the BIOS? Booting Windows? Booting Express Gate? More than one?
JoeSystems Administrator

Author

Commented:
When i boot my computer it goes straight to express gate then boots windows. The only way for me to get to the BIOS since the trojan is to exit out of express gate then the computer reboots and goes to the bios menu. Before on startup it was BIOS then Express Gate then Windows.

Sorry for the misunderstanding
JoeSystems Administrator

Author

Commented:
I think i fixed it.

I checked the bios and went to Tools and saw that express gate was enabled. So i disabled it now everything comes up normally.

I don't know what causes this problem then the virus or express gate.

Commented:
You can close this question if you do not need any assitance.


Ded9
Author of the Year 2011
Top Expert 2006

Commented:
Go ahead and follow the steps outlined in the article linked above.

None of the tools listed will cause any harm to your system and if nothing else you will have some assurance that your system is clean of malware.

It will only take about 5 minutes of your time to download, install, and start the tools running.

The MBAM scan will take anywhere from 10 minutes to an hour, but you can minimize it and do other work while it is running.

If nothing comes up on the scan, just click on the "Accept as Solution" link below your last comment. Doing that will save the information about disabling Express Gate.

It might help a future reader of this question who has the same problem.

Commented:
@josefah..did running mbam resolved your issue..or disabling the option from bios.


Ded9
JoeSystems Administrator

Author

Commented:
Sorry i accidentally selected the wrong one.  
Author of the Year 2011
Top Expert 2006

Commented:
@josefah,
Based on your comment: "Sorry i accidentally selected the wrong one.", this question has been re-opened.
JoeSystems Administrator

Author

Commented:
Okay i gave the points to the right person this time. Honestly are points really that important. My computer is fixed now isn't that what this website of for? BOTH of you get 125 points.

Commented:
Select the answer that resolved your problem..its your decision..as younghv: informed that it will help others.




Ded9

Commented:
@josefah: ...did running mbam resolve your problem or disabling ...Express Gate from bios. ...you have mentioned that disabling express gate resolved your issue and mbam did not find any virus.


Ded9

Commented:
You dont have to split points becuase i am asking this question... take a fair decision .....I  dont want points...but at least make sure you select the right answer.



Ded9
JoeSystems Administrator

Author

Commented:
I also mentioned that i had a virus in the first place. How do you think that I removed it. Scanning the computer with Kaskersky and malwarebytes. At the time malwarebytes DID find malware but i used several step i've learned from other people to remove the virus.

You said select the one that solved the problem and will help others to solve the same issue. Well not everyone is experienced in removing Trojan's or virus's from there computers so i selected both of your answers because I enjoy helping people out.

I'm think the "accept multiple solutions" button is there so if more than one person gave useful advice then you can give them both credit.

I'm not changing my response but thanks so much you really did help me out I was getting frustrated.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial