Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Pro hosed by malware, unable to boot


  • This topic is locked This topic is locked
1 reply to this topic

#1 nmlss

nmlss

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 05 January 2010 - 11:28 AM

[Reposted from another forum because help was not forthcoming, unfortunately]

Earlier today I got infected by a LIVE 2010 malware. I was able to catch it with ProcessExplorer and kill the rogue processes, but as usual that didn't get rid of everything. I ran autoruns and removed any reference to weird files, but as usual a DLL must've stayed resident and they kept reappearing.
Therefore, I deleted as many files with a <today> mod date in WIN\system32 and in the various temp directories as I could find (sys/exe/dll only), then I rebooted.
Driven by previous experience, I then used a Linux liveCD with ntfs-3g to kill the DLL/EXEs that were still extant.
So far so good, except that when I rebooted I got:
STOP 0x...7B from safe mode w/command prompt
STOP 0x...24 (0x001902FE....) from regular boot
I therefore consulted with a friend and against my better judgement performed another install of XP - so that now I have a C:\WINDOWS.0 installation that works and a C:\WINDOWS that does not.
I then tried with UBCD4WIN (BARTPE) and did both the FIX_HDC and the registry rollback to 01/02/2010. No change.
I then speculated that there may still be a conflict between the pagefiles of the two installations - both pagefile.sys - so I made the 'old' registry match the new one in the SessionManager memory keys... the only result has been a
STOP 0x...7E (0xC0...05....) in REGULAR safe mode and in COMMAND PROMPT safe mode - better than 7B I guess.
All the STOPs, by the by, do NOT come with any further information below the STOP line and no Minidumps are being generated.
I am, at this point, literally at wit's end. While I do have a backup of most data AND I can get to my old 'Documents and Settings' folder, I would much rather not reinstall everything.
Is there a way to bring the old XP installtion back to life?
Thanks!

Update: I just rebooted again and went into safe mode with networking: I got
STOP 0x0000007B (0xF789E524, 0xC0000034, ...) as before. Same with regular safe mode.
I can, BTW, revert all registry changes from BARTPE if that would help.
And better yet: at the end of the load screen for the drivers in safe mode it asks me in bold white to press esc if I'd like to avoid loading SPTD.sys (which is related to Alcohol 120% AFAIK). If I do so, the error changes to STOP 0x....CF (0xBBDBC000,....) with a POSITIVELY LOVELY TERMINAL_SERVER_DRIVER_MADE INCORRECT_MEMORY_REFERENCE header, which is quite novel.

Further update:
I have Recovery Console on the machine and I chkdsked multiple times. The only thing I did not try is the /r variety, because I think a read error that SMART didn't catch on a 2009 drive is a somewhat low-probability event.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:12 AM

Posted 06 January 2010 - 09:30 PM

Topic closed
Op reinstalled
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users