Note: You’ll be glad to know that this issue is completely salvageable. Many forums suggest that a format & reinstall is the only solution… How wrong they are. :)
My God this has been driving me insane. I’ve had a few viruses in my time, but none as annoying as this. And yes… this is a virus. I’ve read speculations that it’s caused by Windows Update, and I believed this in the beginning. However, a virus scan, specifically TDSSKiller (details further down), resolved the issue.
Right. Yesterday, my laptop just shut down for no reason. When I came to boot it back up, it went straight to startup repair, hung there for about 20-30 minutes and finally reported Boot critical file C:\CI.dll is corrupt… and startup repair was unable to repair it. (You know, that thing that startup repair should be able to do).
This was driving me around the bend. I couldn’t even boot to safe mode. In the end, I loaded up my Linux partition and started doing a bit of research.
Here’s the geeky bit. If you’re just interested in fixing it, scroll past the next paragraph.
So it turns out that CI stands for Code Integrity. In layman’s terms, it’s a security layer that verifies that your programs have come from legitimate sources. The virus in question happened to target that security layer, which just so happens to load every time you try to boot… even in safe mode. You see the predicament?
Anyway, initially we just need to bypass it and get back into the system before we can fix it. To get past it, turn on your computer and bash the F8 key until you get to the Advanced Boot Menu, which should look something like this:
The one we want is the second option from bottom: Disable Driver Signature Enforcement.
This should get you booted up into your system. Note that you still can’t boot normally at this point.
After much more digging, I found that the malware belongs in a family called Rootkit.Win32.TDSS. Fortunately, Kaspersky have made a handy little free tool to remove TDSS called TDSSKiller. I know… catchy, right? And believe me, after the time I spent trying to figure this one out, I wanted nothing more than to kill it… with fire. But then I’d probably have to buy a new laptop, and that would suck.
Well, that’s pretty much the long and short of it. Once you’ve run the tool, it’ll detect the malware and remove it automatically. Afterwards, you can reboot your system normally.
Peace in the universe is once again restored.
And, because I’m an all-round top bloke, I’ve taken the liberty to mirror the download, in case the download link above is ever broken for any reason.