Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't boot normal, can boot to safe mode


  • Please log in to reply
5 replies to this topic

#1 Eggs Zachtly

Eggs Zachtly

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 07 February 2009 - 05:19 PM

I've spent the better part of the day working on a most peculiar problem on a friend's machine. When first trying to get the machine to boot, it would restart randomly (sometimes at the Windows login, sometimes several minutes later, etc). My first suspects were: overheating, bad power supply, malware). I was able to get the machine to boot (and stay booted all day) in safe mode. To me, this rules out any hardware issues, so I turned my attention to possible malware.

I first ran Malwarebytes Antimalware, and it found 3 files in temp internet files, listed as Trojan.Agent, and successfully deleted them.
Spybot found no problems.

I attempted to reboot normally, but had the same results (after logging in to an admin account, the machine restarted).

Machine specs:
Dell Dimension 4600
Pentium IV @ 2.66GHz
512MB PC-2700 (256MBx2)
Windows XP Home (SP-3)

I'm wondering if SP3 is the issue? Results from any searches I've done on automatic/random restarts all say that the user can't get into Safe Mode, either. In this case, that's not the issue.

Any ideas? Or, any other info that I can gather from Safe Mode that you need, to help resolve this issue?

BC AdBot (Login to Remove)

 


#2 chameleon437

chameleon437

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 08 February 2009 - 07:36 AM

I've spent the better part of the day working on a most peculiar problem on a friend's machine. When first trying to get the machine to boot, it would restart randomly (sometimes at the Windows login, sometimes several minutes later, etc). My first suspects were: overheating, bad power supply, malware). I was able to get the machine to boot (and stay booted all day) in safe mode. To me, this rules out any hardware issues, so I turned my attention to possible malware.

I first ran Malwarebytes Antimalware, and it found 3 files in temp internet files, listed as Trojan.Agent, and successfully deleted them.
Spybot found no problems.

I attempted to reboot normally, but had the same results (after logging in to an admin account, the machine restarted).

Machine specs:
Dell Dimension 4600
Pentium IV @ 2.66GHz
512MB PC-2700 (256MBx2)
Windows XP Home (SP-3)

I'm wondering if SP3 is the issue? Results from any searches I've done on automatic/random restarts all say that the user can't get into Safe Mode, either. In this case, that's not the issue.

Any ideas? Or, any other info that I can gather from Safe Mode that you need, to help resolve this issue?


Hi Eggs Zhactly,
I see you have done the correct thing - have you done a manual check on the registry keys as listed here? Also might be advisable to download a live Linux distro to recover any data for external storage before proceeding any further and if a re-install is required later scan all backed up data for any other nasties before re-install.

regards,
chameleon437

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,291 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:20 AM

Posted 08 February 2009 - 09:58 AM

Hi :thumbsup:.

First step...Disable Auto Reboot On System Crash - http://www.theeldergeek.com/auto_reboot_on_system_crash.htm

This will (hopefully) provide some documentation as to what error or errors may be taking place.

Have you checked Event Viewer for possible clues on previous errors?

How To Use Event Viewer - http://www.bleepingcomputer.com/forums/t/40108/how-to-use-event-viewer/

Generally, you can ignore Information items listed in EV and focus on the errors listed.

Louis

#4 Eggs Zachtly

Eggs Zachtly
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 08 February 2009 - 10:07 AM

Hi chameleon, thanks for the reply. I spent a few more hours with the machine last night, and think I've got all the "kinks" out of it.

The machine has multiple users, so going through and deleting all of the temp files took a while. Under one of the users (with Admin rights, and the only account that was passworded), I found 3 files tagged as "Trojan.Agent", and the Malwarebytes software had no problem deleting them. Even finding the Temporary Internet Files proved to be a chore. After finding and deleting what I thought was all of the temps, I ran Spybot. It prompted me that it wanted to delete some 1600 temp files, so I closed the scan and went hunting for them myself. I had already enabled "View Hidden Files and Folders" in the global Folders-->View, but that didn't show the Temporary Internet Files. As that folder can be placed anywhere, I did a Search for it. I came up with nada. Scratching my head, I found a setting that I didn't know about previously that displayed it. I don't have XP on any machines, as I've never had the need to upgrade to it from Win2k SP4 (I've no need for Movie Maker or the XP firewall.), so that probably slowed me down a bit. With all temps finally deleted, I ran a Spybot scan which only showed tracking cookies.

I was also puzzled by a "bum" hard drive that was appearing. Apparently, a new hard drive was added (listed as 233GB NTFS). The original drive was split into two partitions. The first (31MB FAT) and the second (38.25GB NTFS). The smaller drive was tagged as EISA Configuration, which is Dell's Utilities, and the rest of that drive was (most likely) the original C:\ drive. It showed as "Healthy" in Disk Management, but couldn't be accessed via Explorer, which stated that it was not formatted. I checked the Event Viewer for clues, and found many errors of a "Bad Block". I tried to run chkdsk on it, but it wouldn't cooperate. A defrag on it halted at 12%. As the owner of the machine now has a 233GB drive that's 90% free, I assume they don't need the 38GB drive, and deleted it. My guess is, the original hdd died, and they upgraded, leaving the unusable partition showing because they didn't know how to delete it.

I tried booting normally now, and still had the same issue (unwanted, automatic reboot). Back in Safe Mode, this time with Networking (so I could grab files from my machine without wasting CD-R's). I found Firefox and installed it (I detest IE). The first time I launched Firefox, I was prompted by McAffee Site Advisor that it apparently wanted full control over everything Internet-related. I tried to disable the Site Advisor using it's own "Disable" link, but it wanted no part of that. I finally resorted to uninstalling that bloated POS, and installed Avast.

On the reboot after the Avast install, I let it go to normal. It rebooted right after the login, but I let it go normal again (just to see), and this time I got in. I let it sit for about an hour (a record for this machine, since I've had it here), and it seemed stable. Still convinced that SP3 was part of the problem, I searched Microsoft's site for anything I should look for, in uninstalling SP3, and then "went for it". Believe me, I was watching closely, with fingers crossed, during that uninstall. I've no idea the consequences of a Service Pack uninstall that is interrupted by a hard reset, nor did I want to find out. The uninstall went uneventful, and after it, the machine required a reboot. The machine is up now for 12 hours without issues.

I've no idea if any one of the above fixes was actually the fix, or if it was a combination of them (which is my guess). The bad drive may have been freaking Windows out. McAffee, coupled with XP, was definately too much bloat for the amount of RAM on board. And, I've read/heard too many horror stories about SP3 to ever suggest that someone "upgrade" to it. Anyway, it appears fixed. It was quite a challenge, but I'm glad it's over! =)

Sorry to be so long winded here, but I tried to leave as much info about what I did as I could, in case someone has a similar issue in the future (I hope not, for them, heh). Thanks again for the reply.

Eggs

#5 Eggs Zachtly

Eggs Zachtly
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 08 February 2009 - 10:08 AM

Hi :thumbsup:.

First step...Disable Auto Reboot On System Crash - http://www.theeldergeek.com/auto_reboot_on_system_crash.htm

This will (hopefully) provide some documentation as to what error or errors may be taking place.

Have you checked Event Viewer for possible clues on previous errors?

How To Use Event Viewer - http://www.bleepingcomputer.com/forums/t/40108/how-to-use-event-viewer/

Generally, you can ignore Information items listed in EV and focus on the errors listed.

Louis


Louis, thanks for the reply. I had already done those things. =)

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,291 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:20 AM

Posted 08 February 2009 - 10:58 AM

Glad you solved it...happy computing :thumbsup:.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users