Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 won't boot after using TDSS Killer


  • Please log in to reply
66 replies to this topic

#1 Oniamien

Oniamien

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 07 November 2010 - 12:08 PM

I had been having some strange problems with my computer, such as new tabs popping up to various websites (sometimes including words I had used in my most recent search), internet connection instability, and issues using some of my web browsers. Malware/spyware and viruses scans weren't showing anything (although I should mention that every so often active protection would detect and prevent a threat). I knew something was wrong though, so i searched around the internet and found an article that recommend running TDSS Killer to see if you had root kits. I ran it and sure enough, it found two problems. It asked me to reboot, so I said OK, that thats why my problems started. I restarted and my computer's motherboard splash screen came on followed by... nothing. It just hung with a blank screen and a blinking cursor. I tried restarting again, and was still having problems, so I tried using the start up repair on my Win 7 disk. This could not find a problem, although the computer did detect that it was not starting properly. I tried restoring to two different restore points, but that has not worked either. As it stands, the computer will start booting and get to the point where the four colored balls come together to form the Windows symbol, but then the computer restarts, and goes to a text screen offering to run start up repair or continue to boot normally. Since neither of these options have worked I need help.

P.S. I don't think the hard drive has physically failed since Windows does start to boot, but if it is necessary to test that I have Ubuntu on a USB drive, so let me know if you want me to make use of that.

Thanks in advance!
-Michael

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:28 AM

Posted 08 November 2010 - 04:53 AM

Hi, did you try to press F8 on startup, bring up the Advanced Boot Options menu and select "repair windows". Select Startup Repair, run that and see if it fixes the problem.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Oniamien

Oniamien
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 08 November 2010 - 05:08 PM

First of all, thanks for taking the time to help me with this.

I pressed F8, which bring up a menu called "Boot Menu". The only options on it are to boot from various drives, such as the CD drive or hard disk drives (or a bootable USB drive, though I don't have one currently connected). There are no options in this menu other than what device to boot from, and, more specifically, no "repair windows" option. To clarify, this is a tower computer (not a laptop) and does not have a repair partition; I have an physical Windows 7 DVD. However, I thought maybe you want me to use the repair options on the disk. As mentioned in my previous post, I have already attempted to use the Startup Repair on the DVD, with no success. Just to be sure, I tried Startup Repair again, and again it did not detect any problems and my computer still will not boot.

Also, I forgot to mention in my previous post that for a fraction of a second before the computer spontaneously resets during the booting process, there is a BSOD (blue screen of death), but unfortunately it is displayed so briefly that I cannot tell you anything about what it said. Thought I would mention it in case it helps though.

Any additional suggestions would be very appreciated.

Edited by Oniamien, 08 November 2010 - 05:12 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:28 AM

Posted 09 November 2010 - 02:56 AM

Hi, what you mention is the boot order menu. You need to leave the computer on a bit longer before tapping the f8 screen (untill after the POST/BIOS screen).

We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Oniamien

Oniamien
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 09 November 2010 - 02:33 PM

OK, now I what you mean in terms of when to hit F8, I didn't even know that menu was there! In any case, I did what you wrote and copied down the BSOD. Here is the whole thing:

-------------------
A problem has been detected and Windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screeen,
restart your computer. If this screen appears again, follow these steps:

Check for viruses on your computer. Remove any newly installed
hard drives or hard drive controlers. Check your hard drive
to make sure it is properly configured and terminated.
Run CHKDSK /F to check for hard drive corruption, and then
restart your computer.

Technical information:

*** STOP: 0x0000007B (0xFFFFF880009A9928,0xFFFFFFFFC000000D,0X0000000000000000,0x0000000000000000)
--------------------

Also, would you like me to try start up repair through this menu? I figure it is the same as doing start up repair through the DVD, but I thought I would ask.

Thanks!

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:28 AM

Posted 09 November 2010 - 02:51 PM

No need to do that. However, please try to access the Command Prompt (either through the F8 menu or from the DVD).

Type the following and press enter after each line

c:\

bootrec /fixmbr

exit


Let me know if you can reboot normally afterwards.

Edited by elise025, 09 November 2010 - 04:20 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Oniamien

Oniamien
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 09 November 2010 - 05:31 PM

I tried typing c:\ into the command prompt which I opened through the windows repair option, but it said:

'c:\' is not recognized as an internal or external command,
operable program or batch file.

I also tried typing that in variations, including using c, C, \, and /, but I got the same response every time. Also, I noticed that the command line is starting with the following:

X:\windows\system32>

This is strange, because although I have 2 hard drives and a few media drives, I don't think any of them are dive X, least of all the drive with Windows installed on it, which should be drive c.



Please advise on whether I should try the next 2 commands or not, or something completely different.

Thanks!

Edited by Oniamien, 09 November 2010 - 09:57 PM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:28 AM

Posted 10 November 2010 - 03:10 AM

Sorry, my bad, try this:

cd c:\

bootrec /fixmbr

exit

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Oniamien

Oniamien
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 10 November 2010 - 12:15 PM

I tried cd c:\ and it did not give an error message, but it also didn't seem to do anything. I would have expected the next line to have readc:\, but the command prompt still displayedX:\windows\system32>. Maybe that is normal, but I thought I would mention it.

I then used bootrec /fixmbr, which returned "The operation completed successfully" (or something to that effect). I exited the command prompt and restarted, but the computer failed to boot, as before. Perhaps it has something to do with the directory in the command prompt not reading [b]c:\[b/] even after using [b]cd c:\[b/], and thus causing [b]bootrec /fixmbr[b/] not to execute in the right directory?

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:28 AM

Posted 10 November 2010 - 12:17 PM

Try this please. You will need a USB drive and a CD to burn.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Download xPUDtestdisk.exe and save it to the USB device
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • In xPUD, click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter
  • The TestDisk command window will open
  • Choose Create and press Enter
  • TestDisk will now detect all local hard drives
  • Use the arrow (up and down) keys to highlight the disk called /dev/sda if it represents your primary hard drive and press Enter
  • If your not sure then note everything you see and post it for my review
  • Select [Intel] and press Enter
  • Select [Analyse] and press Enter, then press Enter again to run a [Quick Search]
  • When complete, press Enter to continue, then select [Deeper Scan] and press Enter.
  • When the deeper search completes, press Q repeatedly until TestDisk closes.
  • Close the Terminal Window
  • Remove the flash drive and put it back in the working computer, then post the contents of (or attach) the testdisk.log file on the flash drive.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 blimper

blimper

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 10 November 2010 - 03:42 PM

Oniamien, I am having the exact same problem with my computer. As the four colours come together at the boot of Windows 7, the machine restarts following a brief blue screen which says the same thing as yours. Pulling my hair out here. I have treid to recover windows 7 through the repair disc and it was totally unsuccessful - the system is unable to repair itself OR recover to a previous state. NOTHING is working. Was this TDSS killer thing actually a virus? Or has it just corrupted the computer software irreperably? Oh, and I can't even open a command prompt through the windows repair option for some reason.

And thanks Elise025, I can see you're trying to get to the bottom of this.

#12 Claytonic3000

Claytonic3000

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 10 November 2010 - 09:36 PM

Hey Onaimen and elise025. I am having the same problem that you are. I followed the first steps that were suggested. Windows 7 reports this error:

STOP: 0x0000007B (0x80786B58, 0xC000000D, 0x00000000, 0x000000000)

Please advise.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:28 AM

Posted 11 November 2010 - 03:08 AM

blimper and claytonic3000, please start your own topic. Hijacking someone elses topic with your own problem is considered rude.

Besides that, the chance to get help is a lot bigger when you have your own topic. :huh:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 blimper

blimper

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 11 November 2010 - 06:23 PM

Apologies, I was unaware of this etiquette.

#15 Oniamien

Oniamien
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 11 November 2010 - 07:28 PM

Just wanted to post an update to let you know I haven't disappeared. The laptop I am using does not have a CD burner, so I have to find my external CD burner drive, which is in a box somewhere. I will post the results of running your "GETxPUD.exe" instructions tomorrow afternoon/evening.

Thanks again for your continuing help elise025!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users