Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SERIOUS problem-Computer won't boot after infection "fix"


  • Please log in to reply
6 replies to this topic

#1 DSBn

DSBn

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monterey, California
  • Local time:05:48 AM

Posted 03 December 2010 - 05:38 PM

Please help!! I have a WinXP-SP3 computer that had several serious infection problems, and I called in a computer repair tech. He tried and was unable to remove all of it - it would test clean, then reinfect itself. In the process of cleaning the machine will no longer boot - not to safe mode, to last known good condition, anything. It runs through the initial stages, it doesn't get very far into the process, and then just reboots. Before the repairs were attempted it would occasionally have a similar symptom, so I've left it to keep trying to log in for a while, in case it happens to catch one time. I'm not interested in having that tech take another shot at it. What can I do? I've never tried using the recovery console; I'm not sure I'd know what to do.

Please help!! Thanks in advance!!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:48 AM

Posted 03 December 2010 - 06:20 PM

You can try doing a Repair Install from the Windows Recovery Console. If you have a Microsoft Windows CD-ROM, you can get to the Recovery Console by booting from that CD and pressing any key when you told to 'Press any key to boot from CD'. When the 'Welcome to Setup' screen appears, choose the option, "To repair the Windows XP installation using recovery console", by pressing R.Note: In order to use your Windows CD, the boot order must be set to start from the CD-ROM drive. If the CD is not first in the boot order, the computer will attempt to start normally by booting from the hard drive. The boot order is a setting found in the computer’s BIOS which runs when it is first powered on. This setting controls the order that the BIOS uses to look for a boot device from which to load the operating system. The default will normally be A:, C:, CD-ROM. Different computers have different ways to enter the BIOS. If you're not sure how to do this, refer to:
If you don't have your XP CD, you can download an ISO of the Recovery Console files from one of these links:Unzip the file and burn it as an image to a CD disk with MagicISO or similar program to get a bootable CD which will startup the Recovery Console for troubleshooting and repair. This is especially useful for those with OEM systems with factory restore partitions or disks but no original installation CD. If you are not sure how to burn an image, please refer to How to write a CD/DVD image or ISO and How can I burn ISO files to CD or DVD?.

If doing a reinsatall using an original XP CD, you should not lose all your data. However, you may lose data that is stored in the All Users folder and default program templates and settings that are stored in the Default User folder after you reinstall, repair, or upgrade Windows XP. See You May Lose Data or Program Settings After Reinstalling, Repairing, or Upgrading Windows XP.

Important Note: If this is a virus/Trojan related issue, you should know that some types of malware can result in a system so badly damaged that a Repair Install will NOT help!. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Starting over by wiping your drive, reformatting, and performing a clean install of the OS removes everything and is the safest action. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


If you need additional assistance with the repair install, reformatting or partitioning, you can start a new topic in the Operating Systems Subforums forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 DSBn

DSBn
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monterey, California
  • Local time:05:48 AM

Posted 03 December 2010 - 06:59 PM

I'll take a stab at the recovery console, thanks for the links to information.

One thing before I try that - I disabled the restart on error, and saw that it was kicking out a BSOD. There wasn't a particular fault referenced, the "technical details" just said "STOP: 0x0000007B (0xF7A2B528, 0xC0000034, 0x00000000, 0x00000000)".

#4 DSBn

DSBn
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monterey, California
  • Local time:05:48 AM

Posted 03 December 2010 - 08:26 PM

Thanks for your help, but this is now a dead issue.

The recovery console that's installed on the hard disk came up with a BSOD, so I tried booting off the XP install disk and using that recovery console. It came up saying that it couldn't find any hard disks in the computer.

On a lark, I put the hard drive in another identical computer I have, and it booted up. I think the motherboard is the main problem, but it is definitely a hardware issue. The disk is infected, but I don't have a computer for it, so there's nothing to do with it for now. I'll start a new topic if it gets to the point that I want to resurrect that disk.

Thanks!!

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:48 AM

Posted 03 December 2010 - 09:09 PM

Sounds like multiple issues so I understand.

Should you need to retrieve data, you can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 DSBn

DSBn
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monterey, California
  • Local time:05:48 AM

Posted 03 December 2010 - 09:18 PM

Thanks for that advice. Cheers!

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:48 AM

Posted 03 December 2010 - 09:27 PM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users