BleepingComputer.com: XP Does Not Boot

Hello. This will probably be fairly lengthy, so I apologize in advance. A coworker's computer seemed to be running slower than normal, so he asked that I look at it. Granted, I don't know much about computers, but I know slightly more than my coworker. Here is what unfolded:

I tried to run TDSSKiller and it scanned 3 files and reported no detections. That seemed odd, so I ran it again and it scanned 5 files and reported no detections. From here I went into Safe Mode with Networking and gave TDSSKiller one more try, and again it was 3 files, no detection. From here I decided I'd try RKill. It seemed to finish abruptly as well, my desktop washed away (as if explorer had restarted) and came back reporting it had terminated Firefox. After this I tried SuperAntiSpyware. It told me I needed to update, one update completed and it prompted me for another, which I proceeded with, and was then asked to restart the computer (I was still in Safe Mode with Networking at this point). Once I restarted it never got back to Windows.

I noticed that the restart process was hanging in safe mode on AVG files (last was AVGIDSEH.sys, then it would auto restart), so, using AVG's utility I renamed/moved the files and tried again. This time it showed MUP.sys as the last file and clicked off to an automatic restart again.

After this I went into recovery console, did chkdsk /r, and repaired one or more files, but was still unable to restart. Then, I was going to do fixmbr, but received a message that my partition could become inaccessible, and decided to pass that up.

I am not sure if this should have gone in "Am I infected" or here. I am pretty sure the computer is infected, but I am also now unable to boot to Windows. Any help is greatly appreciated. Thank you.

This post has been edited by hamluis: 16 January 2012 - 03:49 PM
Reason for edit: Moved from XP to Am I Infected.

So you cannot get to the desktop in any mode?

Please have a look at How to fix an XP\Win 2000 System that freezes after loading mup.sys while booting

Correct, I cannot get to the desktop in any mode - it is stuck in a constant boot sequence.

I do not have access to this computer outside of work hours, so I will have to try these suggestions tomorrow, then get back. Thanks.

I read over the link you provided and tried a few things. All USB and external devices were unplugged, and I moved the RAM around and tried each stick individually, but no luck. I performed a hardware scan through the HP recovery and it found no issues. Also, I don't really know how to do anything with the BIOS. Should I attempt doing the manual restore of the XP registry that is mentioned? In doing so, I will not render the hard drive inaccessible or lose data, will I? Or is there a different course of action I should take first? Thanks.

I have asked another to look here,someone that specializes in these matters.

Thank you for your help.

Hello, first lets have a look at the MBR.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

• Run GETxPUD.exe
  
• A new folder will appear on the desktop.
  
• Open the GETxPUD folder and click on the get&burn.bat
  
• The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  
• Click on Start and follow the prompts to burn the image to a CD.
  
• Remove the USB & CD and insert it in the sick computer
  
• Boot the Sick computer with the CD you just burned
  
• The computer must be set to boot from the CD
  
• Gently tap F12 and choose to boot from the CD
  
• Follow the prompts
  
• A Welcome to xPUD screen will appear
  
• Press File
  
• Expand mnt
  
• sda1,2...usually corresponds to your HDD
  
• sdb1 is likely your USB
  
• Click on the folder that represents your USB drive (sdb1 ?)
  
• Press Tool at the top
  
• Choose Open Terminal
  
• Type the following and press enter:
  
  dd if=/dev/sda of=mbr.bin bs=512 count=1
  
  
  
• Press Enter
  
• After it has finished a file will be located on your USB drive named mbr.bin
  
• Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.