Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot problem - most likely due to malware related activity


  • Please log in to reply
4 replies to this topic

#1 creighs

creighs

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:ON
  • Local time:06:30 PM

Posted 25 May 2009 - 05:00 PM

Hi all!

I'm having some computer troubles and I need guidance from one or more of you kind people. I have a related thread going in the A/V Am I Infected? forum (http://www.bleepingcomputer.com/forums/topic228133-15.html). It gives some other background information that might be helpful to read in understanding my problem.

So, to give a quick overview - currently I'm trying to rid my desktop (and then later I'll be working on my laptop) of any malware it has - which according to MBAM is quite a few nastys and they seem difficult to remove thus far. I've had my desktop for about 8 years now; never formatted, never backed up (yes stupid, I know). Obviously I want to rescue these files in the (likely) event that I need to format my computer.

I'm not sure if I've accidently set off a payload, am botted, or a hacker is directly and actively messing with my system (I *was* "borrowing" a wireless internet connection for about a week...), but my desktop system stability has gotten substantially worse - to the point that I am now unable to boot my computer. So I need help in making it somewhat usable so that I can at least save some of my 8 years worth of files.

This problem began after I had run an MBAM quickscan in normal mode after disabling my wireless connection and clicked on ok to reboot the computer - because certain files could not be deleted until reboot. It shut down normally but then windows would not load (I couldn't even make it to the logon screen). There was a message (which I didn't write down word for word unfortunately) saying something about how the computer could not restart to its previous point as the image file was corrupt. It then it gives a message beneath that text saying something like "You can return to your last known good configuration by pressing enter." I click enter, it tries to load windows, but then the following occurs...and reoccurs...

Here's what happens: After a while of being turned off (I suspect several hours), when I first try to boot my machine I am greeted with this pleasantry:

1) "Windows could not start because the following files is missing or corrupt: <Windows root>\System32\hal.dll. Please reinstall a copy of the
above file"

2) when I press enter to continue I recieve this message: "Windows could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM. You can attempt to repair this file by starting Windows Setup using the original setup CDROM. Select 'r' at the first screen to start repair."

If I again press enter the screen goes black and then the same message 2) shows up again. The only way to shut the computer down is by pressing and holding the power button. Attempting to boot the computer immediately again I only get message 2) on the screen.

I *can* boot the machine to show the F8 start up options (i.e. I tried to boot into safe mode to see if that would work). Again, a similar thing happens - the text loads up to the entry "multi (0) disk (0) rdisk (0) partition (2)\WINDOWS\system32\config\system" and then I receive an error message after a brief wait time that says the same filepath I just listed, however, instead of ending at \SYSTEM it ends as \SYSTEM.alt"

Any help would be gratefully appreciated. In the event that I have to format my computer I'll need some guidance with that process as well...I have a Dell Dimension (8300???) desktop PC running windows xp SP 3.5, and I have the original disks that came with it. Let me know anything else that would be helpful in solving this problem.

S.

P.S. - I've just noticed there's a pinned post that describes the hal.dll issue I have. I would try and follow the instructions there, but I'm not quite sure what I'm doing and since there's other things happening as well, I don't want to risk screwing up my computer even more.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,559 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:30 PM

Posted 25 May 2009 - 06:10 PM

If you have an open post in any of the malware forums....you probably should not be posting issues here until your malware situation is resolved.

And you certainly should not be anticipating or making changes to your system...based on what someone other than the malware folks suggest.

Louis

#3 creighs

creighs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:ON
  • Local time:06:30 PM

Posted 25 May 2009 - 06:45 PM

Hi Louis,

The member who was helping with my malware problem directed me to this forum for help with the boot issues so that I might continue to resolve the malware situation once I could properly boot my computer. I am aware of the rules regarding one post per problem. And I believe the pinned post I make reference to was authored by one of the mods, however, I may be mistaken. I also think it's reasonable to anticipate that changes will have to be made; if I can't boot I can't solve the malware issue. I'm definitely not an expert in computing matters, but I'm trying to learn. :thumbsup: Regardless, I'm sorry for the misunderstanding.

Cheers,
S.

#4 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:30 PM

Posted 25 May 2009 - 09:55 PM

Since you were directed by the person helping you in the malware forum, I feel it is ok that I reply here.

The only real options I know of are either using a linux program that I know nothing about but others here do, so maybe they will be able to offer some info on that, or using a boot disk that will allow you to boot your system and use System Restore to get you back to where your system was operable, as in, before you removed the malware. I have used a disk called "Fix-it Utilities 9" to do that. Besides having other programs on it, it has an emergency Windows rescue boot disk and that allowed me to do get my system up and running when I received the missing config/system message. I bought the disk at Walmart for around 30 bucks last November and it worked like a charm.

Do be aware though that if you use System Restore to get your system going, you will also be restoring the malware. If you do that, I would back up your files immediately and then follow the directions in the other forum to get rid of the malware.

Good luck

#5 creighs

creighs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:ON
  • Local time:06:30 PM

Posted 30 May 2009 - 11:26 AM

Thank you for replying and for your advice stang!

I'm sorry it has taken me a few days to reply to your post - I'm working on fixing/saving two different computers right now. I'll give you an update on the situation soon, hopefully.

Take care!
S.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users