Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Booting Hangs On Black Screen After Malware Removal


  • Please log in to reply
49 replies to this topic

#1 OrygunGal

OrygunGal

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 05 October 2008 - 01:08 AM

Hello,

I went through the steps for malware removal with one of the pros who review the HiJack This logs. Upon completion, I noticed my PC hangs on the black screen when I start or restart. This had not happened prior to the infection. Perhaps a registry issue caused by the malware? It takes several attempts either hitting the reset button or the power button to get it to fully boot up. I'm leary of restaring at all for fear that it won't come back up. Your HiJack This pro referred me to this forum for further assistance. I am running Windows XP Pro SP2 and am including the URL to my HJT thread for further info in case it may be of assistance.

http://www.bleepingcomputer.com/forums/ind...mp;#entry949041

Thank you,
OrygunGal

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,757 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:42 PM

Posted 05 October 2008 - 01:25 AM

Try doing a System Restore, if this doesn't work there are a couple of things we can do.

Start> All Programs> Accessories> System Tools> System Restore.

When this opens make sure that "Restore my computer to an earlier time" is chosen, and click on Next>.

The dates appearing in bold are the dates that you can restore to, click on the date that you want and then click Next> to start the System Restore. This may take a long time to complete, and when it is done it will restart your computer. When the computer restarts and you have logged on as the administrator a Restoration Complete page will appear, click on OK to complete the process.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:09:42 PM

Posted 05 October 2008 - 06:23 AM

In most cases the black screen event is caused either by a corruption in the video drivers - or by a problem with the hard drive (either physical or with the drive's contents).

If you can boot into Safe Mode without issue that'll usually point at the video drivers. To get to Safe Mode, repeatedly tap the F8 key just before the Windows Splash Screen first appears.

If you can, let us know the make and model of your video card - if you don't know it, let's start with the make and model of your system.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 OrygunGal

OrygunGal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 05 October 2008 - 02:11 PM

Thank you for your responses. I'm no pro here and I don't mean any disrespect, but why would I want to restore this thing to any prior point when the prior point may be when the PC was infected? That does not seem logical to me. As I said above, I'm guessing this has something to do with changes that were made by the malware, perhaps to the registry? This hang on boot issue did not happen prior to the infection. It started somewhere during the malware removal process. There were restarts early on in the removal process that had no hang ups. As far as the black screen goes, I want to clarify. The screen is not all black. It hangs on a screen during the boot process (white type on black background) prior to loading windows, often the very first part where it gives me the choice of either going into the bios or to express recover. When it hangs, the keyboard is useless and the only option is to push reset or power. I'm using the PC with the boot issue now. It will boot up, it just takes several attempts (sorry, should have mentioned that before). However, each time it hangs I'm afraid it will be the last and that I won't get it back up.

I want to answer your questions now.
- To dc3 - There are no system restore points available that are prior to my PC being taken over by the malware. In fact the only restore points available are to after this boot issue had arisen. Unfortunately, I was not able to get right back on this issue once the system was clean from the malware.
- To usasma - Where it usually hangs is prior to the point where I can try to get into Safe Mode. I have a non-proprietary system. I believe the graphics card is NVIDIA but I don't recall the model as this system was built a few years ago.

Anyway, I thought it was likely that something that I was instructed to do during the malware removal process on the HTJ board was the culprit. That's the reason I posted a link to that thread. Is there a way to find out if the issue has to do with a change in the registry during the infection and removal process?

Thank you,
OrygunGal

Edited by OrygunGal, 05 October 2008 - 02:42 PM.


#5 perr

perr

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 05 October 2008 - 02:22 PM

Start-run-type SFC /SCANNOW to check for bad/corrupted files. You will need the xp cd.

#6 OrygunGal

OrygunGal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 05 October 2008 - 03:28 PM

perr, thank you for your response. The scan is done. What next? Restart?

#7 perr

perr

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 05 October 2008 - 03:38 PM

yes

#8 OrygunGal

OrygunGal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 05 October 2008 - 04:15 PM

Luckily I have a laptop. Now the PC wont boot up. It gets past the black DOS type part and starts to load Windows. Then a blue screen flashes too fast for me to read it and it starts booting from the beginning again. I tried twice. I then put the Windows CD back in and I now have 3 choices: 1. set up XP now; 2. repair an XP installation using Repair Console; 3. quit setup without installing. Now I'm concerned about losing everything. Please help!!

Edited by OrygunGal, 05 October 2008 - 04:15 PM.


#9 perr

perr

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 05 October 2008 - 04:26 PM

How to do a system repair.--Boot from the xp cd and go past the recovery console to the install menu. Select repair the existing installation. You won't lose any data except the xp updates. Unless you have a slipstream sp1 Or SP2 cd you will have to d/l sp1 or sp2 and all subsequent updates. You MUST have at least SP1 installed and the updates for security reasons. Be sure the firewall and A/V is active before going online as you will be susceptible to sasser and msblaster.

#10 OrygunGal

OrygunGal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 05 October 2008 - 04:30 PM

So of the 3 options I posted above, I select #2? Does it just walk you through? I've never done this before. Will I have to re-install and set up all of my software?

It is an SP2 CD.

Edited by OrygunGal, 05 October 2008 - 04:32 PM.


#11 perr

perr

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 05 October 2008 - 04:33 PM

Setup now, then select the windows system to REPAIR.
With SP2 you will have over 80 updates to install if you elect not to install SP3.

Edited by perr, 05 October 2008 - 04:38 PM.


#12 OrygunGal

OrygunGal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 05 October 2008 - 04:53 PM

It found 2 previous intallations of XP, both on the C:\ drive. However, it was later installed on the D:\ drive and that is what I've been using. How do I repair the installation on the D:\ drive when it is not listed?

What I normally see when it boots are 3 choices after "Please select operating system to start:"
Microsoft Windows Recovery Console
Microsoft Windows XP Professional
Microsoft Windows XP Professional 1st
(my friend set this up so the 3rd option that ends with "1st" starts automatically after 3 seconds)

Here is what the XP CD finds as option for previous installations to repair:
C:\WINDOWS "Microsoft Windows XP Professional"
C:\WINNT "Microsoft Windows XP Professional 1st"

The second choice appears to be the correct choice but it's showing on the C:\ drive instead of D:\. I'm unsure how to proceed.

#13 perr

perr

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 05 October 2008 - 04:57 PM

Then I assume the "1st" is the correct one. Use it. I have no idea why it would show on D if it was installed on C. They may both be on C but "1st" was installed beside it.
As a note, regardless of what drive you install the windows folder the boot files are put on C drive.

Edited by perr, 05 October 2008 - 05:05 PM.


#14 OrygunGal

OrygunGal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 05 October 2008 - 05:20 PM

It didn't show as D:\. That's what I thought would create a problem. There was a side-by-side installation done when I had some sort of failure and was too stupid to back up my photos, etc. (I've since learned from that scare). I think my friend installed beside the previous intall so I would be able to retrieve the data that was important to me. Anyway, he set it up on the D:\ drive (program files, system files, etc.). If the boot files are always on C then I'm guessing as well that the "1st" is the correct installation as well. It's copying files over now.

I'm guessing I should update to SP3 when the repair is complete. I think I'd rather do that than install 80 separate updates. Is there anything I should know or be concerned about in doing that? I've heard rumblings that it can cause some issues.

#15 perr

perr

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 05 October 2008 - 05:26 PM

SP3 has been known to cause some problems, particularly on some proprietary AMD processor machines. It does install a removal option in the remove applications in the control panel. I have installed it on a few machines with no problem but had trouble with 1 machine. Solved that with dial-a fix permissions repair. I guess what I am saying is it will be your choice but I don't anticipate a problem with a fresh system repair.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users