Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computers won't boot


  • This topic is locked This topic is locked
8 replies to this topic

#1 obxjerry

obxjerry

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 28 February 2010 - 10:55 PM

I have 3 maybe 4 computers that won't boot. In chronological order, my son's old custom built computer crashed. I had him bring his tower over. I put it in our system in place of our HP. Starting up, it would bring up the Windows XP screen, then a flash of a blue screen with text, then reboot over and over. Safe mode yielded scrolling text, hold on text, reboot. I was going to try booting a Linux live-cd but the CDrom tray wouldn't open. I used our Dell desktop to make a XP rescue floppy. His computer started to boot to the floppy but said it couldn't find COMMAND.COM. I put the HP back in and burned a startup floppy from ME. It would boot to a command prompt. I'm not good with DOS and didn't get anywhere that way. I finally got the cd tray to open, changed the boot order and put in a Puppy Linux live-cd. It won't start to boot it. I didn't even think about a virus. I suspected a hardware failure. I found him a rebuilt computer to replace his.

The next day, back to usual equipment, we have the 2 desktops (wired) and 2 laptops (wireless) on our network connected to DSL. The HP desktop is dual boot, ME and Puppy Linux. For several hours we noticed the HP and a laptop (dual boot; 98se and Puppy) both running Linux, were slow and erratic surfing the net. They were replacing a utility pole close to our house and we thought the DSL service had gone flaky.

The following day, when my wife started the HP, she thinks she chose Puppy at the boot menu. Windows started but wouldn't boot. I tried it again and it didn't boot. I didn't try booting Linux. By now I was suspecting my son's computer may have a virus so I shut the HP down and unplugged power and ethernet. 2 computers infected.

The Dell doesn't get used much since it doesn't have Linux yet but it is our fastest and main computer. I wanted to make sure it stayed safe so I caught it up with the Windows updates and did a virus scan with Avast. The scan turned up a few files as usual but everything seemed OK. Using Linux on the laptop to find a cure for the infected computers I saw a recommendation for Kaspersky Rescue Disk. I used the Dell to download and burn the image disk. I tried to run Kaspersky's on the Dell. It ran for about 4 hours altogether, froze and had to be restarted twice before it got to where it wouldn't boot. It would start to boot and then start Windows. I would restart at that point so I don't know if Windows will boot. I unplugged power and ethernet. 3 computers infected.

Running out of computers and a little paranoid, the dual boot laptop seems slow to start Windows so I restart it before it does. It runs Linux close to usual, probably OK. Maybe 4 computers infected.

The second laptop is new to us, runs XP Pro and is the only computer with a firewall. It's running fine. All computers have Avast AV installed.

How did the virus spread? I may have put a floppy in one or both of our desktops after it was in my son's. I did not try to boot from them in those computers. I connected and disconnected my son's computer several times. I would say it's likely that it may have been connected to our network at some time. As far as which computers were connected to the network at the same time, the only thing I'm sure of is the HP and my son's computer were never connected at the same time. None of the computers have file sharing enabled.

I don't have a lot of knowledge about computers so please keep the terminology simple. For the most part I can follow the advice given on this website. Hardware value on these computers is on the low side but I would like to keep the data. Taking them to a pro and likely having the HDs formated is not an option.

Advice appreciated










BC AdBot (Login to Remove)

 


#2 obxjerry

obxjerry
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 01 March 2010 - 01:44 PM

I can't boot to hard drive or CD drive. I can boot to the floppy drive. What are the odds of just a corrupted boot vs. everything is infected? It's not a hardware problem. 3 computers have it.

Thanks

Edited by Orange Blossom, 01 March 2010 - 10:38 PM.
Merged topics. ~ OB


#3 obxjerry

obxjerry
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 02 March 2010 - 03:14 PM

Any response would be appreciated. I know my situation is bleak. I do have a list of questions.

Are they all dead, no hope whatsoever?

What killed them? Is there anywhere I can look for clues?

I've only been working on the first computer. Is there any reason not to turn the other 2 on to take a look? Of course I do know they have to be quarantined.

Do I have to destroy all floppies that could have been in any of these machines? What about CD-Rs or thumb drives?

Does it help that I can run Basiclinux from a floppy installation to RAM?

Is there anywhere I can look for more information? I don't see much for can't boot from HD or CD.

I know it's a big if but, if I could get data off of these machines is there a way I can access it without spreading the virus?

If I got one of these machines to the point it would run Linux, could it be a carrier, able to infect a Windows machine?

Thanks for any answers or info.



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:55 PM

Posted 04 March 2010 - 04:29 PM

The tools we have at our disposal are for Windows XP. How many computers are running Windows XP?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 obxjerry

obxjerry
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 05 March 2010 - 09:56 AM

The tools we have at our disposal are for Windows XP. How many computers are running Windows XP?

2 My son's computer and the Dell are running XP only. The HP is ME and Puppy Linux.

I do appreciate your help. I have found help on another site. There are more suggestions than I can follow up on. I'm thinking the most useful information would be identifying the virus. I have no feedback in that direction so far.

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:55 PM

Posted 05 March 2010 - 12:25 PM

Mark those computers with Windows XP, A & B. We will be working with computer A only. Once we finish with Computer A, we will then deal with Computer B. Do not attempt fixes used on Computer A in Computer B, as the issue could be different.

So lets start with Computer A.

You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Two programs to download

First

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 obxjerry

obxjerry
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 05 March 2010 - 02:47 PM

JSntgRvr, I'm sorry to put you to trouble. I should have made it more clear that since I asked for help here I have found another source for possible cures.

Of the 3 computers, I know 2 of them will not boot from a proven bootable CD. The third is in mothballs. I'm hoping not using it will stop the virus from spreading in it. I don't know if it will boot a CD but I'm guessing not. I am only working with one sick computer.

I am familiar with burning image files to a bootable CD. I would use InfraReader. Unfortunately, the 2 desktops I own, that are equipped to burn CD/DVDs, have the virus. Neither laptop I'm left with can.

I really think I spread the virus with removable media (floppies). I have a 16 gb flash drive that is quarantined until I am sure it isn't a carrier for the virus.

Again I am sorry and hope I haven't ruffled any feathers. I may be back here before all is said and done.

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:55 PM

Posted 05 March 2010 - 02:58 PM

I will keep the topic opened for a couple of days should you require further help.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:55 PM

Posted 17 March 2010 - 03:05 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users