Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista won't boot after running Malwarebytes


  • Please log in to reply
3 replies to this topic

#1 jsmitchell

jsmitchell

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 26 February 2009 - 11:47 AM

Summary: Vista only boots into the WinRe environment. Automatic attempts at recovery all fail even though the log shows all the tests were completed successfully. I can't boot from the last known good configuration and no restore points show up (they did at one time but did not work; see full story). I have run the memory diagnostics and everything passes. Chkdsk/r completed successfully. I can access DOS and see all the files intact (and therefore have been able to back up the non system files to an external drive). I very much want to avoid having to reformat and reinstall all the software on the PC if possible. (I've since bought imaging software to avoid this in the future!)


Full story: My younger son was "befriended" by some kid/guy who told him to click on a link to install a Microsoft Xbox Live Points Generator. As I eventually found out, thanks to Kaspersky (after numerous other virus programs missed it), it was a backdoor trojan (win32.virut.ce aka w32/scribble-A, which was apparently installed from a file called xbl_gen.exe carrying backdoor.win32.vb.gtf) that allowed someone to remotely turn the PC into a spambot. Way before I knew all the details, but knowing something was amiss, I decided to run Malwarebytes on my own PC. Important note: I had NO reason to suspect any viruses on my own PC, which is not connected to the kids' PC (they even have separate cable modems). I was just curious what it might find.

Upon running Malwarebytes (after making sure to have the latest, 2/11, update and the latest database), I saw a few flagged files, thought nothing of it, and went about doing household chores. When I came back the computer had rebooted. I thought this strange since Malwarebytes doesn't do an auto reboot. I ran it overnight and, once again, awoke to a rebooted computer. I ran it again, left for moment, and when I came back it was trying to reboot but failed. Dead. Fried. Kaput.

Once again, I have no reason to believe a virus is involved. Or, if one is, that the two episodes are related. I relay the info just in case.

I booted into WinRe and the Vista recovery tools said it passed all the tests (nine of them) and therefore has no suggestions on what to do, even after remotely accessing Microsoft. I was able to go to advanced recovery options and view a dozen system restore points but each one failed. Gateway has a recovery drive (x:) showing in gray, but somehow I couldn't access it. I had also previously made a special "system recovery disk" but apparently that's just software like what I just described, not some emergency boot disk. It basically allows you to restore to factory settings. Forget that. Too much stuff on the computer that I can't kill.

I should add that I always booted into my own settings where I have no password. Whenever I chose "administrator", it required a password but none of the ones I tried worked. I don't recall even making a password.

I could boot into safe mode with command prompt and had full access to both my c and x (recovery) drives. All my stuff seemed intact. I could even run a chkdsk-- no errors. Heck, I could even edit the registry. But I couldn't boot.

Then I read about the console tools to fix these things. Bad move on my part. At first I tried fixmbr which said it completed successfully immediately. I rebooted. Didn't affect anything.

I got back to the DOS prompt and tried fixboot. It took some time, but said it completed successfully. Rebooted. Didn't affect anything.

I got back to the DOS prompt and tried rebuildbcd. It said no windows installation was found.

I ran scanos and it came up with no windows installation anywhere on the system as well.

At that point I was down to bcedit:

bcdedit /export C:\BCD_Backup
c:
cd boot
attrib bcd -s -h -r
ren c:\boot\bcd bcd.old
bootrec /RebuildBcd

It said it found a windows installation so I rebooted and crossed my fingers. The result was that instead of saying Windows was corrupted and asking it I wanted to repair it, it went to the 'usual' boot choices (safe mode, safe mode with command prompt (which I chose), etc.) Safe mode scrolls all the files it loads. The last one I saw was crcdisk.sys before it again choked.

After that, I could not boot into anything. Nothing worked. I then tried to use the system restore disk I had made and asked to restore from a given point. All my restore points were gone, as was my ability to get back to the DOS prompt.

After trashing the house looking for my Vista disk from Gateway, I found it. This again allowed the PC to boot into recovery mode, but, again, automatic repair failed. It didn't even recognize a Vista installation. Luckily I could now access DOS again and undo the above bcedit script. I then backed up whatever files I was allowed to an external drive. Vista then showed as installed but my recovery points were all gone.

Again it passes all the various tests, but generates an event that the problem still persists:
Problem Event Name: startuprepairv2
Problem Signature 01: Auto Failover
Problem Signature 02: 6.0.6000.16386.6.0.6001.18000
Problem Signature 03: 6
Problem Signature 04: 1114129
Problem Signature 05: Corrupt registry
Problem Signature 06: 11
Problem Signature 07: 3221225804
Problem Signature 08: 3
Problem Signature 09: Rollback registry
Problem Signature 10: 0
OS Version: 6.0.6000.20.0.256.1
Locate ID: 1033

I very much want to avoid having to reformat and reinstall all the software on the PC if possible. Now what?

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:08:53 PM

Posted 26 February 2009 - 12:30 PM

Since it mentions a corrupt registry, have you tried a manual system restore? It's a bit chancy, but if you rename the registry files before replacing them you'll at least be able to get back to the point you're at now.

To do this, you'll need NTFS access and the ability to copy/paste/rename files. Windows RE allows this, but it's all command line stuff.
I'd suggest that you build a BartPE disk, use the Ultimate Boot CD, or a Live Linux distro to do this with a GUI - it's much simpler.

Here's the instructions for XP: http://support.microsoft.com/?kbid=307545
The instructions are the similar for Vista - only the names are changed (? to protect the innocent ? :huh:

You'll be looking at the files in the Windows\System32\config directory that have no file extensions. They are:
BCD-Template
COMPONENTS
DEFAULT
SAM
SECURITY
SOFTWARE
SYSTEM

There's 2 locations (that I know of) in Vista to get the old registry hives from:
- The System Volume Information folder (inside the Snapshot folder for the RPxx)
- The Repair directory (which I don't have on my system, so I can't tell you the location).

Also, this only works (IME) about 50% of the time. The odds are improved (IMO) by selecting the newest restore point that you can use - but it's gotta be old enough to make sure that the problem didn't exist at that time.

Good luck!
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 jsmitchell

jsmitchell
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 27 February 2009 - 03:29 AM

I also didn't see a repair directory but I did see system, software, sam, security, and default "default" files in the config directory-- of a noticeably smaller file size. For some odd reason I also saw those same files with the designation of "_previous" added to their name. Although the date of the files was 10/27/08, the file sizes were somewhat similar so I decided to backup the current (corrupted) files and rename the "_previous" ones to their normal names. Then I rebooted and crossed my fingers.

Lo and behold, my desktop appeared and things looked normal. The problem is, as you might have guessed, I now have a very confused computer. For example, I recently installed IE 8, which now doesn't work. I tried to install my new virus checker but it says the current version of Windows Installer is invalid. Media player warns that the version doesn't match what's in the registry. I tried installing a copy on my desktop of Mozilla which appeared to go OK but it couldn't find the Internet. I'm also thinking that's all messed up as well.

Is there an easy way to fix all this? Where do I begin? At least I think we made progress.

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:08:53 PM

Posted 27 February 2009 - 05:05 PM

If you're able to get into Vista, then you can try a repair install of Vista using these instructions: http://vistasupport.mvps.org/repair_a_vist...e_vista_dvd.htm
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users