Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 won't boot


  • This topic is locked This topic is locked
31 replies to this topic

#1 chestnut212

chestnut212

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:08:09 AM

Posted 29 January 2011 - 07:51 PM

My daughter's Toshiba Satellite L555 will not boot; all I get is a black screen and a cursor. I removed the HD and checked it on my computer; I can read it and see all the appropriate directories. I can't boot with F8.

I made a startup CD, booted from it and tried to repair windows. I get the message "Startup Repair could not detect a problem. If you have recently attached a device to this computer, such as a camera or portable music player, remove it and restart your computer."

I went through this same kind of problem with my husband's laptop a while back and was going to follow the directions from that topic, but it was an XP and I don't see the BartPE Builder available for Win 7. Can you help?

Thanks!
Regards,
Barbara

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:09 PM

Posted 30 January 2011 - 03:27 AM

Hi Barbara,

Do you have any indication that this is caused by malware (before this problem started, were there signs of malware, like google redirects, pop ups, extreme slowness)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 chestnut212

chestnut212
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:08:09 AM

Posted 30 January 2011 - 10:25 AM

Hi Elise,

My daughter let a friend use her computer, and when she got it back, it wouldn't boot. When she first got the laptop in March of 2010, she was not very computer literate and clicked on popups, etc. I had to clean the computer a couple of times. Considering her friends, I'm betting on malware, but it's just a guess.

Thanks,
Barbara
Regards,
Barbara

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:09 PM

Posted 30 January 2011 - 11:55 AM

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following line and press enter.

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • After it has finished a report will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin

    Please note - all text entries are case sensitive
Zip mbr.bin up and attach it to this post.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 chestnut212

chestnut212
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:08:09 AM

Posted 30 January 2011 - 01:34 PM

Hi Elise - the file is attached.
Attached File  mbr.zip   246bytes   8 downloads
Regards,
Barbara

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:09 PM

Posted 30 January 2011 - 01:44 PM

Hi again,

Try this please. You will need a USB drive.

  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter
    • The TestDisk command window will open
    • Choose Create and press Enter
    • TestDisk will now detect all local hard drives
    • Use the arrow (up and down) keys to highlight the disk called /dev/sda if it represents your primary hard drive and press Enter
    • If your not sure then note everything you see and post it for my review
    • Select Intel (even if you have an AMD processor) and press Enter
    • Select Advanced and press Enter
    • Select [Boot] and press Enter
    • Select [Dump] and press Enter
    • Select [Quit] to exit
  • A log will be created in the root of the usb device
  • Remove the USB drive and insert back in your working computer

    Please note - all text entries are case sensitive
Copy and paste the resultant log for my review

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 chestnut212

chestnut212
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:08:09 AM

Posted 30 January 2011 - 02:34 PM

Hi Elise - when I get to 'Select Boot', after the 'Select Advanced' step, 'Boot' is not an option. Here are the options:
Windows (Restore)
P HPFS - NTFS
P hid. HPFS/NTFS

How should I proceed?
Regards,
Barbara

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:09 PM

Posted 30 January 2011 - 02:35 PM

Are you sure you selected Advanced and not Analyze?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 chestnut212

chestnut212
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:08:09 AM

Posted 30 January 2011 - 02:38 PM

Yes, I'm positive. I went back and repeated the steps.
Regards,
Barbara

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:09 PM

Posted 30 January 2011 - 02:42 PM

See also my previous post:

Please download ransom.sh and save it to your flash drive.
In xPUD navigate to your USB drive (just as before with testdisk)

Click Tool > Open Terminal and type bash ransom.sh and press enter.

If asked "no ransomware detected on /dev/sda, dump MBR of this drive, y/n", type y and press enter.

You will see then "dumping first track to <filename>.bin". Zip that file (it will have been created on the USB drive) and attach it to your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 chestnut212

chestnut212
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:08:09 AM

Posted 30 January 2011 - 02:56 PM

Hi Elise - this seemed to work and the file was created to the flash drive, but when I removed the flash drive and inserted to my good computer, the file was not there. I inserted the flash drive back on the sick computer and I tried the command again, but nothing happened. there were no prompts and no file was created on the flash drive..
Regards,
Barbara

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:09 PM

Posted 30 January 2011 - 03:11 PM

Was ransom.sh still on the flashdrive the second time? If not, redownload it.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 chestnut212

chestnut212
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:08:09 AM

Posted 30 January 2011 - 03:16 PM

Yes, it's still on the flash drive.

Should I reboot the sick computer and try again?
Regards,
Barbara

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:09 PM

Posted 30 January 2011 - 03:31 PM

Yes, please try again. Is it possible that the Antivirus software on the computer you use to connect to the internet, detected something on the flashdrive and deleted it?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 chestnut212

chestnut212
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:08:09 AM

Posted 30 January 2011 - 04:14 PM

I tried again with no luck. I use eset anti virus and I don't think anything was removed. I do think that the usb ports on the sick computer are problematic. I've tried each (there are 3 and one is obviously damaged). When I try to follow your instructions for the ransom.sh, either nothing happens, or I see a small window in the upper right showing mnt and going through directories, and the status changes from mounted to unmounted. This eventually stops.
Regards,
Barbara




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users