Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dell Notebook with Windows XP is Unbootable


  • This topic is locked This topic is locked
49 replies to this topic

#1 JP2010

JP2010

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 18 January 2011 - 05:55 PM

Hello -

I have posted my problem elswhere, but i think this is the right place for it.

I am unable to boot my dell notebook after a malware infection took place.

I have a blinking cursor. I have tried to make some ISO image cds with mutiple different ISO burners, and several versions of windows xp home and the recovery console So far no luck. I am able to access f2, and F12 where i changed the boot sequence for the cd/dvd & or usb drive to boot first, however i have not been able to boot up anything. I have tried using my dell windows xp home sp2 reinstallation disc, however the infected pc does not do anything when i insert that disc(or any other disc). I was able to get a reaction from a bootable program i installed on the usb drive when i installed another bootable program, but it did not get me to the recovery console. I believe I need to "fixmbr", from my understanding in the recovery console, but I cannot get there! Super frustrated that I cannot get back to my recovery console, since i ran chkdsk /r on it. Once it found and fixed errors, I have never been able to get back in. From the little I know, it appears my "mbr" is messed up, and i obviously have some malware on the pc. Any help would be GREATLY appreciated.

One other question: If i obtained an original Windows XP CD it would make any difference loading via the cd/dvd drive? As i previously mentioned the oem dell disc does not get a response from the infected pc.

Thanks so much Bleeping Com tech support! ( Attached are snaps shots of the screen on my pc, after intially rebooting the pc, and then after running the recovery console and running chkdsk /r)

JP2010

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:38 AM

Posted 19 January 2011 - 03:22 AM

Hello and welcome to bleeping computer!

First lets have a look at the MBR to see if it needs fixing.

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter
    • The TestDisk command window will open
    • Choose Create and press Enter
    • TestDisk will now detect all local hard drives
    • Use the arrow (up and down) keys to highlight the disk called /dev/sda if it represents your primary hard drive and press Enter
    • If your not sure then note everything you see and post it for my review
    • Select Intel (even if you have an AMD processor) and press Enter
    • Select Advanced and press Enter
    • Select [Boot] and press Enter
    • Select [Dump] and press Enter
    • Select [Quit] to exit
  • A log will be created in the root of the usb device
  • Remove the USB drive and insert back in your working computer

    Please note - all text entries are case sensitive
Copy and paste the resultant log for my review

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 JP2010

JP2010
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 19 January 2011 - 04:18 AM

Hi Elise,

Thanks for helping me. I followed your instructions, and created the usb for the infected pc. I put it in the infected pc, booted per your instructions and got an error.

SYSLINUX 3.72 2008-09-25 EBIOS Copyright ©

Could not find kernel image: linux
boot:


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:38 AM

Posted 19 January 2011 - 05:08 AM

Double click the unetbootin-xpud-windows-387.exe that you just downloaded

What happened when you did this? Did you successfully have the xpud iso downloaded and on your desktop?

You don't have to copy those files to your USB drive, instead you need to run the unetbootin file, which will then extract the .iso file to the USB drive.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 JP2010

JP2010
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 19 January 2011 - 03:00 PM

I followed your steps exactly. Downloaded both Unetbootin, and then the xpud iso. Formatted my usb stick. I ran Unetbootin then clicked ok, and it installed a small file on the stick. I then downloaded and saved the XPUDTest file directly to the usb stick. I double clicked, and the extraction was immediate (which created a folder in the usb stick). I then took it out and I have tried same steps at least 3 times (with reformating the stick)and i get the same result i posted above.

Edited by JP2010, 19 January 2011 - 03:07 PM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:38 AM

Posted 19 January 2011 - 03:09 PM

Can you verify if the xpud iso file you downloaded is 64 MB?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 JP2010

JP2010
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 19 January 2011 - 03:25 PM

Yes I checked the properties, and it shows 64mb

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:38 AM

Posted 19 January 2011 - 03:36 PM

Can you verify how much space is occupied on your USB drive?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 JP2010

JP2010
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 19 January 2011 - 03:40 PM

With the data you had me install, 13.5mb

#10 JP2010

JP2010
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 19 January 2011 - 04:54 PM

Any other advice Elise? Should I try a CD version? I would prefer the USB Stick method, as it is much easier to work with over all.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:38 AM

Posted 20 January 2011 - 02:45 AM

Yes, lets try the CD version. For some reason the image does not get extracted correctly to the USB drive (it should be much larger than 15 MB).

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 JP2010

JP2010
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 20 January 2011 - 03:59 AM

I borrowed a copy of xp professional from a good friend, I put it in the cd/DVD with no change. My OS is Xp Home.

I will try your method now-

#13 JP2010

JP2010
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 20 January 2011 - 05:33 AM

I was able to create the disc per you instructions.

Unfortunately, I still have the dreaded blinking cursor.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:38 AM

Posted 20 January 2011 - 05:58 AM

Did you change the boot order to CD first? Does the CD drive's lights blink/do you hear it spinning?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 JP2010

JP2010
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 20 January 2011 - 11:24 AM

Yes the boot order was changed in the bios. The cd/dvd light does come on , and it keepa trying to load . I hear it spinning, and stopping and spinning .... So frustrating . Is there another method for USB, because i did mention that I was once able to get something to boot via USB but it was nothing helpful.. I also tried to extract the PUD Test file from my desktop to the USB from the previous USB method u suggested and had a larger total used space of 70+MB. It didn't work tho....:(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users