Windows 7 Virus Problem Loading Startup Repair File

User downloaded a toolbar to watch football and it gave him a nasty virus that doesn't allow him to boot to the desktop. I had him run some antivirus on it using a bootable DVD antivirus BART PE type thing with some antivirus, but it is still loading this "startup repair file" when it boots.
LVL 1
mrmythAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Thomas Zucker-ScharffSolution GuideCommented:
Read this article about Malware Fighting Best Practices by younghv, it will give you some tips and advice on why scanning from an alternate boot device may not help.
0
IanThCommented:
can you rollback to an earlier system restore point
http://www.howtogeek.com/howto/windows-vista/using-windows-vista-system-restore/
0
davetorresCommented:
Can you start up in safe mode?

My guess is that he has a bootkit. A bootkit is a type of malware that infects the Master Boot Record (MBR).
This infection method allows the malicious program to be executed before the operating system boots. As soon as BIOS (Basic Input Output System) selects the appropriate boot device (it can be a hard disk or a flash drive), the bootkit that resides in the MBR starts executing its code. Once the bootkit receives the control, it usually starts preparing itself (reads and decrypts its auxiliary files in its own file system that it has created somewhere in the unallocated disk space) and returns the control to the legitimate boot loader overseeing all stages of the boot process.

The main feature of a bootkit is that it cannot be detected by standard means of an operating system because all its components reside outside of the standard file systems.
Some types of bootkits hide even the fact that the MBR has been compromised by returning the legitimate copy of the MBR when an attempt to read it has been made.

I would try to use TDSSKiller in safe mode if you can get there. If not, I would slave the hard drive  or attach it as an external HDD and run virus scans using your virus scanner, Malwarebytes, Sophos Anti-Rootkit  and any others that you may have available. (licensed of course)

Good luck
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nobusCommented:
you can try the Kaspersky's Rescue cd : http://support.kaspersky.com/viruses/rescuedisk

note : you find other virus utilities there as well
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.