Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran anti malware programs, now Windows won't start


  • Please log in to reply
10 replies to this topic

#1 AlinNYC

AlinNYC

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 06 June 2010 - 10:50 AM

This laptop was on a network with another one that became infected with some nasty malware, so I quickly took it off the network and ran MalwareBytes and SuperAntiSpyware. Neither program seemed to find anything of importance. MBam found nothing at all and SAS found only tracking cookies. However, upon reboot after deleting the tracking cookies it ran the Dell splash screen and went to just a flashing cursor. Windows wouldn't load. Pressing F8 at reboot did nothing - just beeping.

I booted to CD and ran chkdsk /r from the recovery console. It claimed to fix a few errors, and chkdsk /p showed nothing further. But still no Windows start.

I then tried to repair XP from CD. Windows was recognized on disc and the repair ran, but still just got flashing cursor on reboot.

A few things about this laptop: The original hard drive died and was replaced by a new larger one at some point. The original operating system, and the one on the disc I was using, was XP Home SP1a, but it had since been updated to XP Home SP3.

How do I get back into Windows on this machine and get the files back?

BC AdBot (Login to Remove)

 


#2 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:08:04 AM

Posted 06 June 2010 - 12:01 PM

Something in the windows system is REALLY corrupted. I would reccomend either removing the drive and slaving it on another system and get the files off of or use a PE (pre-existing environment) Disc such as UBCD or Bart PE to get the laptop running and save the files onto a USB drive. Then format and do a clean install of windows.
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:04 AM

Posted 06 June 2010 - 02:07 PM

FWIW: Chkdsk /p does not attempt to recover files from bad sectors, is less exhaustive than a chkdsk /r command.

A flashing cursor in the upper left of a black background...is usually indicative of a damaged MBR.

Any other type of flashing cursor or black background screen...may indicate a boot sector or hard drive problem.

Since you say that you ran a repair install and still have the flashing cursor, my money would be on the hard drive (at this point). But, if you did not delete the previous install and then format/install XP...it could be your NTFS file system that is problematical.

Louis

Edited by hamluis, 06 June 2010 - 02:07 PM.


#4 AlinNYC

AlinNYC
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 07 June 2010 - 01:09 PM

A flashing cursor in the upper left of a black background...is usually indicative of a damaged MBR.


That describes the symptom exactly.

Since you say that you ran a repair install and still have the flashing cursor, my money would be on the hard drive (at this point). But, if you did not delete the previous install and then format/install XP...it could be your NTFS file system that is problematical.


It certainly could be hard drive death, although there were no signs at all that that may be coming up (as I've experienced with other computers) before I ran those anti-malware programs. I did not delete the previous XP install. Any ideas how I might address an NTFS problem? Or deal with a damaged MBR?

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:04 AM

Posted 07 June 2010 - 01:38 PM

I suppose that you can try the fixmbr command from the XP Recovery Console. Please read the instructions before attempting this.

Black Screen (fixmbr) - http://support.microsoft.com/?scid=kb;en-us;314503

It seems that Dell systems...may not be able to employ this command...without problems. Please read http://en.community.dell.com/support-forum...t/19304465.aspx.

You can create a bootable CD containing the XP Recovery Console.

How to Create a Bootable XP Recovery Console CD - http://www.bleepingcomputer.com/forums/t/276527/how-to-create-a-bootable-xp-recovery-console-cd/

Sooo...it's your decision.

OTOH, I would probably make a post at the BC Am I Infected forum and ensure that the system was devoid of malware...before I did anything else. Believeing that the system has no malware...is not the same as making sure, IMO.

BleepingComputer.com - Am I infected What do I do - http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

Louis

#6 joseibarra

joseibarra

  • Members
  • 1,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:08:04 AM

Posted 07 June 2010 - 04:19 PM

You need more clues.

Perhaps you can try harder to get into the XP boot options menu by tapping (continuously) F8 before Windows loads? If you miss the F8 window of opportunity, try again. Have you ever seen the F8 boot options menu before this incident (do you know it works)?

What happens when you choose Safe Mode?
What happens when choose Last Known Good Configuration?
What happens when you choose Disable automatic restart on system failure?

You say you booted to CD and ran chkdsk /r from recovery console - was that a genuine bootable XP installation CD, a Recovery Console CD you made or some system manufacturer system recovery type CD?

Describe the beeping. One short, two shorts, one short one long, etc.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#7 AlinNYC

AlinNYC
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 07 June 2010 - 11:33 PM

F8 does nothing but beep (one short with each keystroke). F8 boot options were present and usable before this incident. I cannot access any of the options you've mentioned.

The CD used was the operating system reinstallation CD that came with the laptop when it was purchased from Dell.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:04 PM

Posted 08 June 2010 - 02:59 AM

Hello there, please see if the following works. The CD will allow you to access your files using My Computer.

Please download OTLPE (filesize 120,9 MB)
  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
Since this is indeed most likely a corrupt MBR, please see the steps here on how to create a CD and repair your Dell MBR.
In case you have any questions, please post back here :thumbsup:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 joseibarra

joseibarra

  • Members
  • 1,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:08:04 AM

Posted 08 June 2010 - 07:12 AM

Hmmm... I would still give the XP Recovery Console a shot (sounds like you have not done that part yet) - at least to see if you can boot on a CD, run chkdsk /r and fixmbr (if you suspect that). Maybe the Dell fixmbr thing will work - whatever that "Repair" option does from the CD - who knows if it is different than the Windows fixmbr command...

I have never used any kind of manufacture CD to fix any system since I don't know how they work or what they do. I would never use a manufacturers operating system reinstallation CD for anything but a coaster or to create attractive shiny mobiles, but that could just be me.

Boot into the Windows Recovery Console using a bootable XP installation CD, or create on a bootable XP Recovery Console CD.

This is not the same as any recovery disks that might have come a store bought system. If you are not sure what kind of bootable CD you have, make a bootable XP Recovery Console CD and be sure.

You can create a bootable XP Recovery Console CD when no XP media is available by following the directions in this link:

http://www.bleepingcomputer.com/forums/t/276527/how-to-create-a-bootable-xp-recovery-console-cd/

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:04 PM

Posted 08 June 2010 - 07:28 AM

at least to see if you can boot on a CD, run chkdsk /r and fixmbr


Fixmbr will mess up the Dell MBR because it is a non-standard MBR as you can see in the link I posted earlier. Using fixmbr on Dell will make the Recovery partition and Utility partition inaccessible.

Of course that is, only in case those are still present, since the harddisk was changed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 joseibarra

joseibarra

  • Members
  • 1,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:08:04 AM

Posted 08 June 2010 - 07:46 AM

I see...

I guess I am too used to fixing things when there are no such options available and have never used any such methods.

Why would I ever want to return my computer to the factory condition anyway...

The first thing I usually I do is unfactoryize it and get it into the Jose condition :thumbsup:

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users