Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer stuck in Boot.ini loop


  • This topic is locked This topic is locked
28 replies to this topic

#1 Strugoi

Strugoi

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 19 July 2010 - 12:13 AM

Hello,

I had just cleaned my cousins computer and wanted to run a Symantec anti virus scan on the computer in safe mode. The computer wouldn't go into safe mode by using the F8 key so I ran it from msconfig. I clicked "/SAFEBOOT" and hit apply and that was all she wrote. It was caught in the boot up loop and has been ever since. The OS is XP and that's pretty much it. Any help would be greatly appreciated. Thank you in advance for any help or advice.

Thanks again.
Strugoi

BC AdBot (Login to Remove)

 


#2 Guest_SteinPooch_*

Guest_SteinPooch_*

  • Guests
  • OFFLINE
  •  

Posted 19 July 2010 - 04:24 PM

Simple fix. If you still have your XP cd (that came with your computer) or any XP CD, just boot to it. Then wait for everything to load, and let it go to the partitioner. Then, scroll to the partition the XP install is on, and type R (or whatever button it says to press to repair). Now a Command Line will load, and ask you to type some stuff. once you get to a point where you can enter commands, type "fixboot" with quotes. This will fix the boot.ini file, thus allowing you to boot back into XP. I don't know why you can't boot into safe mode with the F8 key, are you hitting it at the right time? Anyhow, post back with the result of this fix.

#3 Strugoi

Strugoi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 19 July 2010 - 05:12 PM

Thanks for the help. I did the fixboot and all it does now is run in a post loop. It prompts to open XP in Safe Mode, or Safe Mode with networking, Safe mode with command prompt, Last known good configuration or Windows XP. I have tried to open XP in all manners to no avail. I don't understand it at all. It was running great right up until I did the "safe mode" boot with msconfig. Any more ideas before I scavenge the HD and reformat?

Thanks again,
Strugoi

#4 joseibarra

joseibarra

  • Members
  • 1,086 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:07:28 PM

Posted 19 July 2010 - 05:13 PM

Hmmm... There is malicious software that when you use msconfig to add the /SAFEBOOT option to the boot.ini, your system will never boot again - from the HDD. The malicious software knows you will try to find it and remove it, so it thwarts these general troubleshooting methods - like adding the /SAFEBOOT option to trick you into thinking you have to reinstall XP! So you can fool it.

When I see that situation and find out that the afflicted system had the /SAFEBOOT option added via msconfig, I boot into Recovery Console or some other method with some maneuvering room and rename the c:\boot.ini to something like c:\boot.ini.bak - so there is no boot.ini file. Something like this from the Recover Console prompt will do it:

cd \
attrib -shr boot.ini
ren boot.ini boot.ini.bak

In a general XP configuration with one HDD and one partition, the system will boot just fine without a boot.ini file (it will complain but still boot). Try it, you non-believers!

Once booted, rename your boot.ini.bak back to boot.ini and use msconfig to undo the /SAFEBOOT option or just fix the boot.ini by hand or whatever you need to do to fix it.

If this is happening it sounds like you are still infected, so once you get going, I would do this:

Download, install, update and do a full scan with these free malware detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

Edited by joseibarra, 19 July 2010 - 05:16 PM.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:28 PM

Posted 19 July 2010 - 07:00 PM

Please do this....

Let's try to boot your computer using an Ultimate Boot CD for Windows (UBCD4win).

Please print this guide for future reference!


First we have to make one. Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

1. Download and Run Ultimate Boot CD for Windows
  • Save it to your Desktop.
  • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
    NOTES:
    • Do not install to a folder with spaces in it's name.
    • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
  • Click "I agree" to the Builders License.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
      • Source:(path to Windows installation files)
        • Enter the path to the drive where your XP CD is located.
        • You can click on the "..." button on the right to navigate to the path as well.
      • Custom: (include files and folders from this directory)
        • No information is necessary, leave blank.
      • Output: (C:\ubcd4win\BartPE)
        • Keep the default BartPE
    • Media output
      • Choose Create ISO image
      • Do not choose Burn to CD/DVD


        Please note: If your XP install disc is SP1 then please .....
        1. Disable- DComLaunch Service
        2. Enable- LargeIDE Fix

          This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

      Also note: If you have a Dell XP install disc you will need to follow the instructions here
      http://www.ubcd4win.com/faq.htm#dell

    3. Click on the "Build" button
    • You will see the Windows EULA message. Click on I Agree
    • You will now see the Build Screen. Let it run it's course
    • When the Build is finished you can click close, then exit


    4. Burn your ISO file to CD
    • Please see HERE on how to burn an ISO to CD.

    ==========


    1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
    • Insert the UBCD4Win disc in to one of your CD/DVD drives.
    • Restart your computer.
      • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.

    • If your PC is not booting from the CD, you need to change the boot order:
      • Restart your PC
      • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
      • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
      • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
      • The tab should now show your current boot order.
        If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
      • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
    • Your PC should now boot from your CD.
      Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

    • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
      • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
    • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
      • Click on NO
    • You should now have a desktop that looks like this:

    Let me know when your booted.

    Kind regards,
    ~ t



    Proud member - Unified Network of Instructors and Trained Eliminators
    Posted Image

    I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

    http://donatelife.net/register-now/

    #6 boopme

    boopme

      To Insanity and Beyond


    • Global Moderator
    • 72,759 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:NJ USA
    • Local time:10:28 PM

    Posted 19 July 2010 - 07:37 PM

    Moved this to Security > Virus, Trojan, Spyware, and Malware Removal Logs, carry on thumbup2.gif
    How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

    #7 thcbytes

    thcbytes

    • Malware Response Team
    • 14,790 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:11:28 PM

    Posted 19 July 2010 - 07:42 PM

    Thanks Boop!
    Proud member - Unified Network of Instructors and Trained Eliminators
    Posted Image

    I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

    http://donatelife.net/register-now/

    #8 Strugoi

    Strugoi
    • Topic Starter

    • Members
    • 17 posts
    • OFFLINE
    •  
    • Local time:10:28 PM

    Posted 19 July 2010 - 10:10 PM

    THCBytes,

    The broken computer does not see the CD. It is running in what i'll now call the "F8" loop. It reboots and then goes to the screen of multiple boot modes.
    Any suggestions?


    Strugoi

    #9 Strugoi

    Strugoi
    • Topic Starter

    • Members
    • 17 posts
    • OFFLINE
    •  
    • Local time:07:28 PM

    Posted 19 July 2010 - 10:31 PM

    Update,

    In my own splendid randomness, I managed to hit the "f10" key and started an HP recovery program. I know that it won't clear the virus, but i'm hoping that i'll be able to boot off of the new ISO cd's that were created. Feel free to hit me up for an update in a few.

    Strugoi

    #10 thcbytes

    thcbytes

    • Malware Response Team
    • 14,790 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:28 PM

    Posted 20 July 2010 - 06:58 AM

    I am back. smile.gif

    You need to change the boot order in the Bios to boot from that CD-ROM drive. We need to figure out which key to hit to change the boot order.

    Did you try this...
    http://h10025.www1.hp.com/ewfrf/wc/documen...cname=c00364979

    What is the make and model of your computer?
    Did you have any troubles creating the boot CD?

    Thanks,
    ~ t
    Proud member - Unified Network of Instructors and Trained Eliminators
    Posted Image

    I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

    http://donatelife.net/register-now/

    #11 Strugoi

    Strugoi
    • Topic Starter

    • Members
    • 17 posts
    • OFFLINE
    •  
    • Local time:10:28 PM

    Posted 20 July 2010 - 10:41 AM

    THC,

    I had set the bios to boot from CD 1st, but again to no avail. While poking through the F keys I hit F10 and it kicked of the HP recovery program. This reset everything on the computer but left most of the data that was on the HD. I don't know if the safe mode land mine is still apart of this configuration or not, but the computer is working and updating fine. I didn't really like running the HP recovery but I couldn't stop it once it was kicked off. The computer is an HP Pavillion, a1019H, S/N MXK51309XN. Should I let it go at that or should I poke around some more?

    #12 Strugoi

    Strugoi
    • Topic Starter

    • Members
    • 17 posts
    • OFFLINE
    •  
    • Local time:07:28 PM

    Posted 20 July 2010 - 11:14 AM

    T,

    As far as the boot CD's were concerned the instructions were very easy to follow and my burn program (Roxio Creator 2009) had 3 different ISO settings in which to burn the disks. I burned a disk in all 3 ISO formats. The computer didn't pick up on any of them.

    Strugoi

    #13 thcbytes

    thcbytes

    • Malware Response Team
    • 14,790 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:28 PM

    Posted 20 July 2010 - 02:37 PM

    Hi, smile.gif

    So your up and running normally again?

    Let's scan the computer for malware...


    1. Please download OTL from one of the following mirrors:
    2. Save it to your desktop.
    3. Double click on the icon on your desktop.


      Change the following settings
      • Change Drivers to All
      • Change Standard Registry to All

    4. Copy and Paste the following code into the textbox. Do not include the word "Code"


      CODE
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %ALLUSERSPROFILE%\Application Data\*.
      %ALLUSERSPROFILE%\Application Data\*.exe /s
      %APPDATA%\*.
      %APPDATA%\*.exe /s
      %SYSTEMDRIVE%\*.exe
      /md5start
      userinit.exe
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      CREATERESTOREPOINT

    5. Push
    6. A report will open. Copy and Paste that report in your next reply.
    7. Two reports will open, copy and paste them in a reply here:
      • OTListIt.txt <-- Will be opened
      • Extra.txt <-- Will be minimized

    ==========

    Scan With RKUnHooker
    • Please Download Rootkit Unhooker Save it to your desktop.
    • Now double-click on RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
    • Wait till the scanner has finished and then click File, Save Report.
    • Save the report somewhere where you can find it. Click Close.
    Copy the entire contents of the report and paste it in a reply here.

    Note** you may get this warning it is ok, just ignore

    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"


    ==========

    With your next post please provide:

    * Answer to question
    * OTL.txt
    * Extra.txt
    * RKU log
    * Please copy and paste all logs directly into your reply. Do not attach the logs please.

    Kind regards,
    ~t
    Proud member - Unified Network of Instructors and Trained Eliminators
    Posted Image

    I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

    http://donatelife.net/register-now/

    #14 Strugoi

    Strugoi
    • Topic Starter

    • Members
    • 17 posts
    • OFFLINE
    •  
    • Local time:10:28 PM

    Posted 21 July 2010 - 12:00 PM

    T,

    I'm getting a forbidden 403 error when I try to access the mirror site for the OTL.

    strugoi

    #15 thcbytes

    thcbytes

    • Malware Response Team
    • 14,790 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:28 PM

    Posted 21 July 2010 - 01:34 PM

    The mirror is down.

    Do this instead..

    We need to see some information about what is happening in your machine. Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE
    Proud member - Unified Network of Instructors and Trained Eliminators
    Posted Image

    I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

    http://donatelife.net/register-now/




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users