Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus did something and now windows keeps restarting even when I try safe mode


  • Please log in to reply
21 replies to this topic

#1 lethalaffairs

lethalaffairs

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 10 December 2009 - 12:45 PM

I downloaded a file and thought that it was safe but when I installed it I saw a MS-DOS window open and something installing I knew right there it was probably something really bad. I then started to get pop-ups and redirects.

I kept using the computer for a few days and it booted fine. Except for the redirects it seemed to be working like normal. It wouldn't let me open up Internet Explorer though. That didn't matter because I was using Firefox anyhow. Everything else was working fine.

I then connected the drive from that computer to this one I am using now and I ran MBAM and SAS both and only SAS came up with a few tracking cookies and nothing major. Other then that they found nothing.
So I put the drive back and kept using the computer like normal. It still worked but I still couldn't open Internet Explorer. It would do nothing when I clicked on it and I was still getting redirects in Firefox. The redirects were for virus scanning software and other things.

Finally a couple more days later after I shut it down and went to restart it windows would not start. It would just get to the splash screen and then restart. It would keep doing this if I tried to start it normally. I even tried safe mode and it would still just restart. So now it just keeps restarting no matter which boot choice I choose.

This same thing happened to a friend of mines computer and I did a repair install of windows only it messed up alot of things so I would like to try to fix it without doing that.

I am running Windows XP and I do have access to another computer if that helps.

BC AdBot (Login to Remove)

 


#2 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:09:36 AM

Posted 10 December 2009 - 01:16 PM

So it looks like you pulled the drive and used another computer to scan it with MBAM and SAS. I would pull it again, update both of those and run the scans again. I would then scan the drive with an up-to-date AV program as well. Get rid of what they find and then place the drive back in the computer it came out of. Fire it up and see if you can install MBAM and SAS. If you can they update and run them again, get rid of what they find. Update your AV and run it, get rid of what it finds.

You can also try using something like Hirens Boot CD 10.0 to run scans before the system boots.
DJ Digital Gem

I gave up on computers and now I just DJ!

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:36 AM

Posted 10 December 2009 - 06:55 PM

Unfortunately, I dont think MBAM or SAS can do much good in that type of setup.

Are you able to get into the recovery console? Do you have a Windows CD laying around?

info on recovery console can be found here:

http://www.bleepingcomputer.com/tutorials/how-to-install-the-windows-xp-recovery-console/

You can also boot up with the Windows CD and access the recovery console by selecting repair mode.

#4 lethalaffairs

lethalaffairs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 10 December 2009 - 10:00 PM

I hooked up the drive to another computer again. I updated and ran both MBAM and SAS again. MBAM didn't find anything and SAS only found a few more tracking cookies. I also ran AntiVir and Avast. The only error in AntiVir was a pagefile.sys that was locked. Other then that neither of them found anything else.

Yes, I do have a copy of Windows. Once I am in recovery console what do I do?

#5 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:02:36 AM

Posted 11 December 2009 - 05:18 AM

Please do the following first ...
Get a look at the error message presented by the BSOD (blue screen of death).
Start tapping the F8 key after you press the ON button, and continue tapping until you are presented with the "Windows Advanced Options Menu" screen.
Use the UP/DOWN arrow keys to select "Disable automatic restart on system failure" and press the <ENTER> key.
Your system will attempt to restart normally, but when it crashes, it will not re-start. Instead, you will see a BSOD with error message.
Record the error message details, and post in this thread.

Then run chkdsk /r from the XP Recovery Console ....
How to use CHKDSK in the XP Recovery Console:
http://pirules3.14.googlepages.com/recovery_console_chkdsk

Type the command chkdsk /r (with a space before the /) and press the <ENTER> key.
There are 5 stages. This might take some time to complete, so be patient.
If errors are found and repaired, it may be prudent to repeat chkdsk /r
Type "exit" and press the <ENTER> key to restart the system normally.

Does your computer start normally now?
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#6 lethalaffairs

lethalaffairs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 11 December 2009 - 12:00 PM

The blue screen error is *** STOP: 0x0000007B (0xF7C45528, 0x0000034, 0x00000000, 0x00000000)

I ran chkdsk /r using the Recovery Console and it said that it fixed one or more errors. I then type exit and tried to start it normally again but its still doing the same thing.

I figured this was not going to be easy. There must be some other way other than doing a repair install.

What do I do next?

#7 mmmmm...beer

mmmmm...beer

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 11 December 2009 - 12:10 PM

The blue screen error is *** STOP: 0x0000007B (0xF7C45528, 0x0000034, 0x00000000, 0x00000000)

I ran chkdsk /r using the Recovery Console and it said that it fixed one or more errors. I then type exit and tried to start it normally again but its still doing the same thing.

I figured this was not going to be easy. There must be some other way other than doing a repair install.

What do I do next?


Exact same thing happened to me yesterday and I too did everything you did. Got to the same point... ran chkdsk /r and it repaired stuff... same results.. blue screen of death... can't get into safe mode.. can't dot.

So what I did was go into the Windows XP disc... PAST the Recovery Console... go into Windows Setup like your going to do a fresh install.. You'll come to a choice to do a fresh install or a big "R" for Repair current Windows installation.. I did that and it went to a blue screen with a yellow progress bar like it was fresh installing windows but it said repair. It took about 40-50 minutes but when it was done I could at least get back into windows.... and when windows started it was still acting like a fresh install with the windows is installing options blue screen stuff at the beginning.

I then ran the Super Anti-Spyware program found on another post here.... and low and behold 3 trojans.... in C:\WINDOWS\system32\lowsec\ . I then booted into safe mode, which worked by the way thank God and ran it again. Found 3 more..... got rid of those.... booted into regular mode... downloaded the Malwarebytes program found on the same post in here... and it found a PILE of stuff including stuff in that lowsec file .... then it made me reboot and finally got rid of it all.

I dunno.. worked for me... hopefully this helps. :thumbsup:

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:36 AM

Posted 11 December 2009 - 12:31 PM

Did you happen to run Combofix before the issue happened?

#9 lethalaffairs

lethalaffairs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 11 December 2009 - 03:00 PM

No, I did not.

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:36 AM

Posted 11 December 2009 - 03:36 PM

Try booting into the recovery console and issuing this command:

copy c:\WINDOWS\ServicePackFiles\i386\atapi.sys c:\WINDOWS\system32\drivers

If it asks you if you want to overwrite the file, allow it to do so. Then reboot and see if you can boot up.

#11 lethalaffairs

lethalaffairs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 11 December 2009 - 05:30 PM

The system cannot find the file specified


There is no folder named servicepackfiles in the windows directory. The computer that I am using now doesn't either.

They are both running Windows XP SP3.

#12 lethalaffairs

lethalaffairs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 14 December 2009 - 11:30 AM

Okay, I copied the atapi.sys file that you sent me into the drivers folder and Windows did boot normally. Last time this happened to a friends computer I couldn't boot into just safe mode. What would cause that?

I have not tried to boot into safe mode yet. Just normal mode. What do I do next to restore Internet Explorer to make sure it actually opens when I click on it and doesn't just do nothing?

Also is this virus or whatever it was gone now? What do I do next?

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:36 AM

Posted 14 December 2009 - 11:33 AM

Well you have part of the infection gone, but there may be other infections still on the computer. Try scanning your computer with MalwareBytes now.

Then see if IE works again.

#14 keithy

keithy

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:36 PM

Posted 14 December 2009 - 02:21 PM

hi,

I've got the same problem?? (Win XP Home SP3)
Yesterday updates were installing from ms & kept reinstalling
tonight nothing works, I'm now on my laptop now!

I have run chkdsk /r and now running it again (found & repaired one or more problems)

after reunning it the second time it said the same

booted in safe mode ran Malwarebytes which found nothing?

now it's booted up in normal ok, seems to be working fine, fingers crossed
and thanks for your help!

#15 lethalaffairs

lethalaffairs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 14 December 2009 - 02:45 PM

I booted into normal mode, updated and ran Malwarebytes. It didn't find anything. I tried Internet Explorer and it did work. I used the computer for a couple of hours and I still had one window that redirected and to some antivirus scan in which it wanted me to click ok. I just closed that windows out. I was using Firefox at the time. There must still be something on it.

I tried out safe mode and it does work. What should I try next?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users