Posted 19 January 2011 - 05:22 PM
Machine is Lenovo Thinkpad running XP service pack 2. I am pretty sure that it has malware on it, and I was attempting to clean it ... and now the machine won't boot.
When I put the XP Setup CD in the drive and start up, screen reading Windows Setup appears and at the bottom of the screen cycles through different files that are being loaded. Then it reads "Setup is starting Windows" and gets to "Welcome to Setup." I select "To repair a Windows XP installation using Recovery Console, press R." I press R and receive the following (between [START] and [END] below):
Microsoft Windows XP Recovery Console.
The Recovery Console provides system repair and recovery functionality.
Type EXIT to quit the Recovery Console and restart the computer.
The path or file specified is not valid.
I remember DOS from years ago and tried some of the commands, but almost all of them return "The path or file specified is not valid." For example, I get this message after typing CD WINDOWS or DIR. (I don't know Recovery Console well and based on Google search, I had expected to have it prompt me for which Windows installation I wanted to work with and dump me in the C:\WINDOWS directory.)
The one command that might work is FIXMBR, which produces the following message:
** CAUTION **
This computer appears to have a non-standard or invalid master boot record.
FIXMBR may damage your partition tables if you proceed.
This could cause all the partitions on the current hard disk to become inaccessible.
If you are not having problems accessing your drive, do not continue.
Are you sure you want to write a new MBR?
I think this is a standard message, but I'm afraid to select "Yes" without really knowing what I'm doing. Especially since I don't know what it does. (I've seen references to FIXMBR and FIXBOOT in Google searches for the problem but I'm not knowledgeable enough to know if they're a good idea or to guess if the malware would cause one of these to hose the system.)
Why am I trying to get into Recovery Console in the first place?
When I start the computer *without* the XP Setup CD, all that appears is a blinking underscore in the upper-left hand corner of the screen.
Note: I tried running the BIOS Setup Utility "Hard disk drive diagnostics program" and received the following:
Main hard disk drive | HDD0 :HTS541060G9SA00
Status | Test complete
Result | Pass: Read verification and speed test
More backstory, hopefully this isn't superfluous, ignore if so.
This blinking cursor is new; earlier today I changed the SATA setting in the BIOS to be Compatible (with IDE, I guess?) to fix the error I had been receiving when booting:
Cannot boot from any device
Current boot order and device status
1: USB FDD: -->Device not found
2: ATAPI CD0: Model HL-DT-ST DVDRAM GSA-4083N -->MNo valid operating system
3: USB CD: --> Device not found
4: ATA HDD0: Model HTS541060G9SA00-(S1) -->No valid operating system
5: PCI LAN: Model IBA GE Slot 0200 v1231 -->No valid operating system
6: USB HDD: -->Device not found
7: ATA HDD1: -->Device not found
Excluded from boot order:
When I booted with the XP Setup disk in the CD drive. Chose "To repair a Windows XP installation using Recovery Console, press R." Immediately received the following:
"Setup did not find any hard disk drives installed in your computer.
Make sure any hard disk drives are powered on and properly connected to your computer, and that any disk-related hardware configuration is correct. This may involve running a manufacturer-supplied diagnostic or setup program.
Setup cannot continue. To quit Setup, press F3."
So ... after I changed the SATA BIOS setting, I no longer get these messages, so it appears to have solved one problem but I still can't get into Windows.
This all started when I was trying to fix some malware. I ran the various programs in the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" from the web site, after shutting down these problems started. Prior to running those programs, I downloaded and ran Spybot and allowing it to cleanse infected files (or whatever the proper terminology is). Prior to that, ran a full scan of C: with McAfee Virus Scan and ran another spyware detection program (don't remember name and don't have acces to see it since I can't get into the computer).
So stupid, I didn't run a backup of my data before doing this cleansing. (I do have backups but was traveling and so the latest backup is probably a month old.)
Any suggestions? Many, many thanks for your time.