Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows doesn't boot. BSOD. Pretty sure it's a virus.


  • Please log in to reply
3 replies to this topic

#1 romanvaras

romanvaras

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 27 January 2011 - 07:09 PM

Guys, I need help.

I did click in an exe file I shouldn't. Right after that my computer became strange, slow and unresponsiveness. I realized that I had done wrong. Anyway... I couldn't boot anymore, not even in safe mode. The bsod was giving me a Stop 0x0000007 (not sure of the last character). Then I tried :

-Safe mode. Didn't boot.
-Recovery console. The boot drive nor any of its partitions were recognized.
-chkdsk, didn't work, as the drive wasn't even recognized...

So I feared I had completely lost all the data, but no.. I booted from an exteranl drive loaded with OSX (Mac) and I saw all the data there. Then I brought the drive to my other pc... and sure, the info is there... but windows will not boot...

Can anyone give me some tips or steps to follow ?

Thank u very much.
Roman

Edited by hamluis, 27 January 2011 - 08:03 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:33 PM

Posted 03 February 2011 - 02:36 PM

Hello, and sorry for the delay.

At which point does the computer crash? Do you still see the Windows Splash screen? Does tapping F8 on startup bring up the Advanced Boot Menu?

We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 romanvaras

romanvaras
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 03 February 2011 - 03:16 PM

Hey Elise, thanks for ur reply !

At this point I have already fixed it. But in order to cooperate with the forum, I will describe (as much as I remember) what happened and what I did.

1. I got infected by my own fault by clicking in an executable file. Before clicking it, I DID scan it with AVG and found nothing, that's why I felt confident to run it. Beware with AVG not detecting some virus... After that point windows did not boot anymore. The point of crash was 5 seconds after the windows boot logo. I was geting a BSOD at 0x0000007B (0xF78A2524).

2. At first I was scared of having lost all the data in the system HDD, but after booting my PC from a MAC OSX external hard drive, I saw that OSX recognized the disk, and I could see and open all my files and the hardware was ok... So I calmed down. I got a 1TB hard drive and BEFORE PROCEEDING WITH ANY ATTEMPT TO RECOVER THE OS I DID A FULL BACKUP OF ALL MY DATA !!!..... THEN... what I think I did was..

3. Tried to boot in safe mode... no luck, I was getting another BSOD, this time at with a 0x000000D3 (0xf755b580) and blaming SPTD.sys.... Also tried windows recovery console, but the system hard drive was "invisible" I could not perfomr any command on that disk.

4. Tried to install windows on top of itself but windows installer wasn't seeing the system drive, so it was asking me wether I wanted it to be installed in another partition or another HDD... wHich I did not want.

4. So I took out the HDD, plugged it in another PC and scan it with AVIRA and spybot search and detroy. It did find a virus.

5. Brought the HDD back to the main PC... Tried to boot.. didn't work... but now Installation WAS SEEING the old install. So I tried once more to install it over itself.. with no luck, as it crashed again (don't remember if it crashed during reinstall or upon first boot)

6. Boot in recovery console and applied the following commands :

copy G:\i386\ntldr c:\
copy G:\i386\ntdetect.com C:\

FIXMBR
FIXBOOT
BOOTCFG /rebuild

7. Installed windows on top of itself for the third time.

8. Worked !! Everything was set, and Windows was up and running again just like before the infection.

At some point I also try deleting sptd.sys, but that did not change anything...

Disclaimer : Everything I wrote was a result of reconstructing all the episode in my memory. I take no rsiponsability for what this may cause to other user. I think, this fixed my PC.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:33 PM

Posted 03 February 2011 - 03:22 PM

Thank you for sharing your solution, I am glad to hear things are okay now. :)

Most likely the MBR of the drive was infected and had become corrupted, either by malware or by the tool that attempted to fix it. A Repair installation can fix that, but does not always detect it. The fixmbr command did the trick.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users