BleepingComputer.com: blackscreen on boot - unhide.exe

I received an error on one of our users aptop this morning and upon follwing the Windows Recovery in Bleeping Computer. I keep getting the pc to reboot to the blackscreen over and over. How can I get past this feature and boot into the Administrator profile?

Can you boot into Safe Mode?

It would help if you were to post the make and model of this computer.

It would also help if you were to post the exact error message.

When do you see this black screen? Are you able to tap F8 on startup and see the Advanced Boot Options menu, do you still see the XP splash screen?

I recently ran into a issue after running the Unhide.exe from a laptop and now can't access my safemode or local login. Comes back and says it can't find any hard disk drives installed. How can a simple Unhide.exe feature casue such trouble?

This post has been edited by hamluis: 10 May 2011 - 04:58 PM
Reason for edit: Moved from XP to Am I Infected.

Well...there's always the possibility...that you had problems before running the named application...and that running it just complicated the basic issues.

Since the unhide.exe is a tool designed to be used in connection with malware issues...I'd say that the possibility exists that malware is your problem.

I will move this to the Am I Infected forum, where a better assessment than mine...can be made.

Louis

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

Please take note:

• If you have since resolved the original problem you were having, we would appreciate you letting us know.
  
• Please tell us if you have your original Windows CD/DVD available.
  
• If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  
• Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  
• Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

This sounds like it may be a MBR rootkit that was partially removed. It could also be hardware failure. In addition to the questions above, I have a lot of others we need to get started:

Do you get any beeps when you boot? If so, what is the pattern (here's some examples

What virus did you have to remove that caused you to run unhide? In addition to letting me know if you have a windows CD handy, please also let me know if you have a non-infected computer you can use and a USB flash drive we can play with to gain access to the drive?

Also, is this a dual boot system or does it only have one operating system on it? Which OS is it? Windows XP? Vista? 7? Are you running any disk encryption?

Thanks!
-etavares

adminoem2111, I merged both topics as they discuss the same problem. Please do not start any other topics, instead reply in this one if you still need help.

In regards to all the forums, it's a HP Compaq nx7400, and was brought to me with a Windows Recovery error message. I went thru and found a document from bleeping computer and followed it to a tee, when installing the Unhide.exe application, this is when I noticed the pc was stalled at one particualr screen and restarted it. Probley what started the whole issue of not beign able to get back into the laptop from either the local login nor the safe mode, I was completly locked out. So that's the point I desided to look for a way to restore my registory and find a back way into the laptop. I've since restored the laptop from a recovery backup, but running into a lsass.exe error now and wont allow me to get logged on either.

What kind of backup did you use to restore?

My laptop had a restored drive that was setup by HP, when booting to the safe mode, it prompt me if I want to restore from backup drive. It's a partition on the drive that's setup especially for just these kind of details.

What exactly is the lsass.exe error?

It's an annoying popup message that won't allow you to gain access the system, locally or thru safemode, the following messages is what shows up if you have th time to read it before it reboots the pc/laptop. Very aggravating!!!!!!

"System error: Lsass.exe
When trying to update a password the return status indicates that the value provided as the current password is not correct."
Then my machine restarts and tries again, and again and again.....

That usually happens when the LSA key is broken. Have you tried booting using the Last Known Good Configuration?

Did you do anything to the registry after restoring the backup?

Tried the Last Known Configuration and it to didn't take off. Seems that everything I tried sent the laptop into a restarting process and repeated over and over.

I had copied all the information on the hard drive off externially by hooking up the laptop hard drive to my desktop system via a CoolGear cable and copied the files off to the local network of my desktop pc. Then proceded to put the laptop harddrive back in and downloaded the latest Windows updates and removed once again and migrated the saved files from my pc back to the hard drive completing the task late yesterday. Upon rebooting this morningis when I received the error. So I've once restored the laptop from a good backup regestry devise and hopefully with any luck I'll have it this time.

Thx.

Quote

Sorry, but I'm not sure I am following you here. You only restored the registry backup? And now still get the LSASS.exe error?