Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No XP Boot, Missing NTLDR


  • Please log in to reply
5 replies to this topic

#1 pheochromocytomata

pheochromocytomata

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 10 July 2005 - 02:25 AM

This is my desperate attempt to regain usable access of my computer. I'll narrate, for your interest:

So I am online, as usual. Talking to people, perusing the web, etc. Pretty normal. Well, in my adventures through the web, I somehow picked up a worm onto my system. I didn't realize it immediately--that I an infection in fact had occured. I shut down the computer and realized I had forgot to check email online, so immediately rebooted it. And went online. And couldn't stay on one page without 5 pop ups popping up out of NOWHERE. I opened Task Manager to see that there were some 60 processes running when I remembered from normal days that the max had been somewhere around 40. I realized I had some random advertisement programs running in. So I went into Add/Remove Programs and removed any software which I knew was not downloaded by me.

I then tried to run Symantec Antivirus, but I coudln't. It relayed some wierd error to me, and turned off by itself. So I thought, why not go into Safe Mode & run it? So I did. I don't know why, but I thought that would be okay to do.

Lo and behold, I had 55 infected files. The program quarantined them, but some files it could not so it left them alone. But these were random *.tmp's in my Temp folder or random things in my Temporary Internet Files Folder in my user's Documents & Settings. So I went in manually and deleted those.

Then I rebooted my computer. It restarted, and I opened Task Manager immediately to see what had changed. "Yay!" I thought, "There are only 26 processes running!" And that seemed almost TOO little to me. This had never happened before.

By the by, I went down to click my IE icon on the quick launch. No IE window popped up. Instead, the dialog popped up which pops up when a type of file does not have a program associated with it and windows wants to know what *.exe to open these types of files with. It asked me, basically, what application I wanted to open the "iexplorer.exe" with. I thought it quite odd. I closed that box, and went to Start then Internet Explorer from the menu therefrom. And IE immediately opened up a fresh window at a remarkably quick speed. Even more odd, I thought. So then I tried running different applications--media player, AIM, notepad, word--and found that everything made that box pop up asking what type of file is this and what application I wanted to use to open it. Now I knew something was disasterously wrong.

So I took it upon myself to find out what the hell was going on. I checked the logs of Symantec Antivirus to see 2 files had been "quarantined" from C:\Windows\System32: "RUNTPAL32.EXE" and "$WINNT$.EXE". I figured this was the problem. Immediately, I rushed myself to Start then Help so I could do a System Restore. Horrorstruck, I sat in awed silence as my computer made its loud beep of erroneous protest with which I had accustomed become while telling me that he "Could Not Find Rundll32.exe".

I was ready to collapse. I rushed to My Documents to see if my data was still there. It was, fortunately. I started zipping whatever I could, as fast as I could, and burned some 500 MB's of files onto disk. (I only later remembered, when it apparently had become too late, that I had important data stored in other places besides My Documents.) I dont know if this data may have been corrupted though, as zipping certian files randomly produced errors of "Could Not Copy" and etc.

By this time, I knew my computer was under attack from all sides. More and more random errors, more frequently. The water was rushing in. My computer was going to drown if I didn't do something very soon.

I called Compaq. "You have a worm," they told me, "which has corrupted or latched itself onto important Windows files." No bleep. What the hell should I do about it? "Use your Windows XP CD to restore these files to normal."--But I don't have a Windows CD, Ma'am, I was never given one. "Sucks, doesn't it? We'll send you one." But I won't get it until Tuesday. "Yeah I know. Hang in there. Bye!"

Great. What was there to do now? I went online to try and look for more help, and I went into the Symantec Logs to figure out that the virus I had was called "W32.HLLW.Oror.B@mm". I found out information about it, but immediately it started acting up. Symantec kept telling me, EVERY 2 SECONDS, that it had quarantined another file. And another and another and another. The thing was, though, it was the same few files being quarantined. I guess the virus was replacing each quarantined file w/a new one and Symantec was desperately trying to keep up. Every so often, Symantec itself shut down by itself. While all this chaos is going on, I'm trying to look up what the hell to do about it online without luck. I read somewhere that system restore will do it, but I didn't have access to system restore cause the computer couldn't find "Rundll32.exe". So I decide I'll go into Symantec and stop it from quarantining the two files it was quarantining in System32 folder. When I did that, suddenly I have access to everything as normal. I open system restore and restore my system to 2 days ago.

Reboot.

And it WORKS! Dear God, the virus is gone!! Except its really not. Everything works normally, but I now have 60 processes running again. Let's restart symantec to scan my computer, and now only 3 files are being hazardous to my computer, 2 of them being in System32--RUNTPAL32 & $WINNT$ (.exe's). So Symantec goes ahead and quarantines them. Yay, I think, everything is okay now! So I do one more restarting of the computer to be sure everything's gonna be alright.

Reboot.

NTLDR IS MISSING. PRESS CNTRL-ALT-DEL TO RESTART.

I practically had a heart attack. It went from bad to worse to bad again, down to this state of ultimate disaster. WHAT THE HELL ELSE IS MISSING THEN?!?! This is the point I realized I should've backed up other data too, instead of just the "My Documents."

And this is the point at which I am now. Nothing will work. Not Dos, not XP, not anything. That is, unless I get past this screen. So I went online on another computer--this one is not mine, though, it is the university's in a computer lab--to see what the hell I could do about it now. I found www.bootdisk.com which will give me a clean NTLDR and boot.ini etc to use to boot.

Question 1: Will using these files from www.bootdisk.com work to fix the NTLDR boot error?

Question 1.a: If the error does get fixed, then what happens?
Question 1.a.1: Would XP be okay and work, at the very least?
Question 1.a.2: Would my files be okay and be uncorrupt? Please say yes. For the love of god, say yes.

Question 1.b: If the error does not get fixed, then what the hell do I do?

Question 2: How would I get rid of the W32.HLLW.Oror.B@mm worm, if/when I did get access to Windows back? (I've read all about the guy at Symantec's website, about how to remove it and all. But I don't understand how they expect me to know the location of where he's hiding and what name he's hiding under to go in and stop him in the win.ini or etc. Isn't there some program I can download which will get rid of the guy? Like something directed specifically toward killing him, not just a virus utility in general.)

Question 3: Why did W32.HLLW.Oror.B@mm act up when it acted up? Why didn't it give me this NTLRD error earlier?


I will be INFINITELY THANKFUL to whosoever has anything to say to my post. And to he who helps me solve this problem, I will be forever indebted. ='(

BC AdBot (Login to Remove)

 


#2 TEB

TEB

  • Banned
  • 449 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 10 July 2005 - 03:37 AM

Answers to your questions:

1. They might work, but its probably not safe to download and burn anything to a disk without risking it getting infected and you using infected files to restore.

a1: If the error doesnt get fixed youll have a corrupted version of windows forever. In this case though with my expiriences, I just reccomend starting completely new.

a2: No, you can restore full functionality and be virus free with a clean format.

a3: Sorry to say this, but when you get a devastating worm like that, its almost stupid to save files from an infected machine and put them on a new machine. The virus has already had the chance to corrupt any files it was programmed to.

3. The worm prbably wasnt the cause of the error, the worm probably replaced many system files with its own virus oriented files and when norton removed them, your system was left with nothing to boot on.


Heres what course of action I think you should take.

Wait for your official windows xp cd to arrive in the mail. Until then, i reccommend shutting off your computer to avoid any possible problems.
When your xp cd arrives do the following:

(A printable version of my guide on how to reformat can be found here)
http://www.techsomething.net/SupportMiscel...terFriendly.htm
________________________________________________
1. Place the Windows XP CD into your CD drive. Reboot your computer with the CD in the drive. It depends on your system, but most of the time hit F12 to get to the boot menu.

2. You will be taken to the boot menu, once there, use your arrow keys and naviagte to the command that says boot from cd. After, Once the boot menu pops up hit boot from disk, Windows will take a few minutes scanning your files and a blue screen will popup and say loading windows files and all that stuff.

Once its finished there will be three options, one to repair windows, one to reinstall windows, and one to exit and go back to your regular computer operating stance. Hit the key that takes you to a clean windows install If your trying to remove a virus you need to completely reinstall windows, including delete the partitions.

3. You will be asked if you wish to create a new partition. First, select the partition that you already have, and press D to delete your existing partition, and then L to confirm that you wish to do this. This will completely erase all documents and programs (and viruses!) off of your computer.

4. You then need to create a new partition. To do, this select C.

5. When asked what size you wish to make your new partition, just press Enter to make your partition the maximum size.

6. Select the partition that you have created to install Windows XP on by pressing Enter.

7. Your computer will prompt you asking if you wish to do a quick installation or a regular installation. Either will work fine, but "quick" goes faster.

8. Now you need to select Format the partition by using the NTFS file system.

9. Windows XP will now be installed. This may take some time and then your computer will reboot. From now on all the screens during the installation process will look like the Windows XP screens you are used to.

10. Make sure you properly enter your product key. This is either on the CD that came with your version of Windows XP or on your computer's case.

11. Windows will now complete the installation. XP will likely detect the drivers for all of your hardware, but you may need to use the disks that came with your hardware to install some of your hardware. You will now also need to install any software you need. Most importantly, INSTALL ANTIVIRUS SOFTWARE, AND RUN WINDOWS UPDATE IMMEDIATELY TO PROTECT YOUR COMPUTER!!! If your connection has been disabled, you will not be able to run windows update. However, you can download the patches from
http://v4.windowsupdate.microsoft.com/en/default.asp

Hope this guide helped you.

#3 Aviator

Aviator

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 10 July 2005 - 04:19 AM

I had to reformat and do a clean install of XP a few weeks ago to get rid of a trogan I had. After backing up my files I disconnected my internet connection "before" doing the clean install. Read somewhere that some users had problems installing XP while being connected to the internet.

#4 jcxhc

jcxhc

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 10 July 2005 - 01:13 PM

try holding f10, or "insert" while your computer loads up..

#5 TEB

TEB

  • Banned
  • 449 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 10 July 2005 - 05:38 PM

You cant connect to the internet while installing xp. Theres always some network, or some drivers to install.

#6 Aviator

Aviator

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 11 July 2005 - 06:00 AM

You cant connect to the internet while installing xp. Theres always some network, or some drivers to install.

You are correct. What I should of said is I disconnect all external peripherals except the monitor, keyboard, and mouse prior to the clean install. Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users