Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ran HelpAsst_mebroot_fix.exe now my PC won't boot


  • This topic is locked This topic is locked
61 replies to this topic

#1 GigabytePC

GigabytePC

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 25 March 2010 - 09:13 PM

I was browsing the forum and ran HelpAsst_mebroot_fix.exe by noahdfear and now my PC won't boot! censored2.gif

My MBR infection was confirmed by HelpAsst_mebroot_fix.exe and it went to remove it and shut down my computer but when I turned it back on to reboot I got a "NTLDR is missing press Ctrl+Alt+Delete" message and it just kept hanging at that message each time. questionmark.gif

I can't remember the order of the following actions but I did try to let the PC boot from the Windows XP Home CD as well as tried the use the Recovery Console but had more issues. blush.gif

I put in my Windows XP Home CD in hopes it would replace the missing file and it did start to load drivers but then was prompting me to seemingly reinstall the OS and format the drive (so I hit EXIT). When I tried to run the Recovery Console I just got a C:\ (no prompt to choose an OS but maybe I was just supposed to type in a 1?). unsure.gif

Know the PC just gets stuck during the boot at the black screen that lists the PCI(POST?) and when I attach the drive via USB to another PC it shows the drive partition is 'unallocated' excl.gif

Oh, please tell me there is some hope I'm nauseous that I've lost everything! sad.gif

PS - no, I don't have a Dell (saw a warning somewhere about HelpAsst_mebroot_fix.exe and Dells)

My PC is a clone (Antec case, Gigabyte mobo, WinXP Home SP3) and I only had the one primary partition.

Best Regards!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:49 AM

Posted 25 March 2010 - 09:28 PM

I found it

I have posted for an assistant.

Edited by boopme, 25 March 2010 - 09:30 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:49 PM

Posted 26 March 2010 - 03:33 AM

Hello there, I am moving this topic to the appropriate forum.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Use Safelist
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 GigabytePC

GigabytePC
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 26 March 2010 - 10:16 AM

Hi elise025! Sorry for the delayed reply. Thank you for your help!

I booted up the OTLPE CD has directed but when double clicking on the OTLPE icon I get a dialog box titled 'Browse for folders' only which lists:
3 1/2 Floppy (A:)
RAMDisk (B:)
CD Drive (D:)
ReatogoPE (X:)
Shared Documents

NO HARD DRIVE C: !!!

When I click 'Cancel' I get a error dialog box titled 'Run Scanner' that says 'No windows installations found'

Please, please tell me one of these other utilities on this Reatogo.X.PE desktop can help find my data. I'm getting a sick feeling all my data is lost.

PS I have to leave home for four hours. Hopefully you are in a part of the world that's awake when I return. I'm in CST time zone and its 10:12am as I type this. Are you 7 hours ahead?
Best Regards!

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:49 PM

Posted 26 March 2010 - 02:20 PM

I'm indeed 7 hours ahead smile.gif

Please try the following steps
  • Insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.

  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your XP-CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open

    Type chkdsk /r and press enter.

    Afterwards you can exit by typing exit and pressing enter.



regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 GigabytePC

GigabytePC
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 26 March 2010 - 04:21 PM

Okay, I'm back. Took a little longer than I expected to get back from work. Hopefully you are still awake.

I got to the blue 'Windows Setup' screen using the WinXP CD as directed.
I choose the option listed on the screen to start the Windows Recovery Console by pressing 'R' but something appears to be wrong. Immediately after pressing 'R' the screen reads as follows:

Microsoft Windows XP™Recovery Console.
The Recovery Console provides system repair and recovery functionality.
Type EXIT to quit the Recovery Consile and restart the computer.
The path or file specified is not valid.
C:\>

I pressed 'ENTER' (no admin password) and it just repeats the C:\>
I typed chkdsk /r as instructed and it now reads:

C:\> chkdsk /r
The specified drive is not valid, or there is no disk in the drive.

Getting really worried here. sad.gif

What's next?

Best Regards!

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:49 PM

Posted 27 March 2010 - 02:42 AM

Yes, that doesn't look too good.

You can use the following tool when booted up from the Reatogo CD. Just make sure Testdisk is extracted on your flashdrive and open it from there.

You're going to need a program called TestDisk. It's a free and open source disk recovery program.

Step 1: Download the TestDisk executable for Windows here: Download
Step 2: Extract the downloaded zip file using your favorite archive extractor.
Step 3: Double-click on the testdisk_win.exe file (found in the win folder of the extracted archive)
Step 4: You will now be at a scary looking text-based command window:

Press Enter here to create a new log file.

Step 5: TestDisk will now detect all local hard drives, and present them in a list like this:

You have indicated that there is only one hard drive attached to your computer, with two partitions. So, use the arrow (up and down) keys to highlight the disk called /dev/sda.

Note: If /dev/sda isn't listed or you have more than one hard drive, STOP and post back here.

With /dev/sda selected, press Enter

Step 6: Now we need to specify the type of partitions that are on your disk. Select Intel (even if you have an AMD processor).

Press Enter.

Step 7: Select Analyse and press Enter.


Step 8: The next screen will list all found partitions.


At this point exit by pressing Q and locate the log. Post it in your next reply please.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 GigabytePC

GigabytePC
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 27 March 2010 - 05:17 AM

Hi Elise, it's 4:15am here as I start typing this (yawn) but couldn't sleep well and wanted to catch you early in your day as I'll have to leave for work before 10am my time (which is 5pm your time) and you'll likely be asleep when I return from work and I will be very busy tomorrow most all day.

One important point I want to clear up before I run Testdisk is that I didn't mean to communicate I had two partitions on my hard drive (meaning one primarily/physical and one logical ...I believe that is the correct terminology). What I meant to communicate was that my hard drive hadn't ever been partitioned (divided) so the OS was originally installed on the hard drive (brand new at the time) on the primary/physical drive which I was calling a 'partition' meaning THE only area on the drive, but again, the drive was never divided (partitioned) into more than one area on the hard drive so forgive my improper use of terminology which lead to the miscommunication. There are no other hard drives in that (sick) PC. I'm using a secondary PC to communicate with you. I do have a couple of spare old hard drives laying around that could be installed into the sick PC if that would help at some point in some way (though they are 60GB and 80 GB which is too small to hold all the 235GB of data

For what it is worth, I wanted to mention again that when I had attached the hard drive via a USB/SATA adapter to another PC a couple days ago, the WinXP Computer Management-Disk Management application showed the drive to be 'unallocated' which I take to mean it was considering it to be in an unformated state (or the MBR or some part of the file structure was damaged so that it couldn't be properly read).

So with that said should I proceed with downloading Testdisk to a USB flash drive and booting up with Reatogo CD?
Do I need to try to run a MBR fix utility first as I understand ever time I use the hard drive I could be over writing my data files (I think)?
Does originally having no partition decrease my chances of recovering my data?
Are there forensic/data recovery tools on Reatogo (or elsewhere) that could still possibly pull my data off?

Sorry if I'm jumping ahead of the process you are walking me through but the suspense of if I've lost my digital world is tough.

Best Regards,
Best Regards!

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:49 PM

Posted 27 March 2010 - 06:22 AM

Testdisk has an option to re-write the MBR. TBH, I think thats the problem here. The MBR fix you did may have messed up the Master Boot Record of your drive, which has made it unreadable.

MBRs always are tricky stuff. Testdisk is an advanced utility to analyze and repair HD problems.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 GigabytePC

GigabytePC
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 27 March 2010 - 09:34 AM

Hi Elise, sorry, feel asleep earlier. Ran Testdisk and here is the log. I noticed the sick PC time is off by a couple hours as shown in the log (had been correct before the botched MBR fix. Don't know it that's relevant. What's next? Fix MBR fix with Testdisk?

Best Regards,

Sat Mar 27 11:13:25 2010
Command line: TestDisk

TestDisk 6.11.3, Data Recovery Utility, May 2009
Christophe GRENIER <grenier@cgsecurity.org>
http://www.cgsecurity.org
OS: Windows XP
Compiler: GCC 4.3, Cygwin 1005.25 - May 6 2009 20:35:43
ext2fs lib: 1.41.4, ntfs lib: 10:0:0, reiserfs lib: 0.3.1-rc8, ewf lib: 20080501
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(/dev/sda)=500106780160
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(/dev/sdb)=1028653056
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\PhysicalDrive0)=500106780160
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\PhysicalDrive1)=1028653056
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\C:)=1028636672
filewin32_getfilesize(\\.\D:) GetFileSize err Incorrect function.

filewin32_setfilepointer(\\.\D:) SetFilePointer err Incorrect function.

Warning: can't get size for \\.\D:
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\X:)=290246656
file_pread(4,1,buffer,976784129(60801/254/63)) lseek err Invalid argument
file_pread(5,1,buffer,2024189(125/254/63)) lseek err Invalid argument
Hard disk list
Disk /dev/sda - 500 GB / 465 GiB - CHS 60801 255 63, sector size=512 - WDC WD5000AAKS-00YGA0
Disk /dev/sdb - 1028 MB / 981 MiB - CHS 125 255 63, sector size=512 - USB DISK 2.0
Drive X: - 290 MB / 276 MiB - CHS 69 64 32, sector size=2048 - TOSHIBA DVD-ROM SD-M1502

Partition table type (auto): Intel
Disk /dev/sda - 500 GB / 465 GiB - WDC WD5000AAKS-00YGA0
Partition table type: Intel

Analyse Disk /dev/sda - 500 GB / 465 GiB - CHS 60801 255 63
Current partition structure:
No partition is bootable

Attached Files


Best Regards!

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:49 PM

Posted 27 March 2010 - 09:51 AM

QUOTE
Analyse Disk /dev/sda - 500 GB / 465 GiB - CHS 60801 255 63
Current partition structure:
No partition is bootable
Yes, thats indeed the first thing we are going to try. Please let me know if you can do this with Testdisk, if you are not sure, post back here, and I'll provide you with more detailed steps.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 GigabytePC

GigabytePC
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 27 March 2010 - 10:08 AM

I'd be guessing so yes, please provided detailed steps so I don't mess it up. smile.gif
Best Regards!

#13 GigabytePC

GigabytePC
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 27 March 2010 - 10:26 AM

PS, I don't know if this helps you to help me but I just found
http://www.cgsecurity.org/wiki/TestDisk
and this guide
http://www.cgsecurity.org/wiki/TestDisk_Step_By_Step.
Should I choose the 'MBR Code' option after 'Create' new log?

Best Regards
Best Regards!

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:49 PM

Posted 27 March 2010 - 10:31 AM

Yes, I know that one.

Try the steps here: http://www.cgsecurity.org/wiki/TestDisk_St...sector_recovery

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 GigabytePC

GigabytePC
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 27 March 2010 - 11:57 AM

Okay, I'm skipping some time work to get this right. I wasn't sure how to get to the 'NTFS Boot sector recovery' screen so I followed the steps:

Log creation
Disk selection
Partition table type selection
Current partition table status
Quick Search for partitions
Save the partition table or search for more partitions?
A partition is still missing: Deeper Search' step and the
'Partition table recovery' step (and saw my files listed when I selected p!!! YEAH!!!).
I completed the steps below
QUOTE
* Confirm at Write with Enter, y and OK.

Now, all partitions are registered in the partition table.


and got a message that "I needed to reboot" but didn't see that in the Testdisk instructions.

There was a

I ended up quitting out re-runnung the steps and even closed Testdisk out (thinking that was the possible reboot requested) but never could get to the NTFS Boot sector recovery screen.

Do I need to reboot Reatogo_X-PE. I seem so close to recoverying my files!!! I don't wan to mess it up now!

Best Regards!

Attached Files


Edited by GigabytePC, 27 March 2010 - 11:59 AM.

Best Regards!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users