Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Safe Mode Restart Virus


  • Please log in to reply
4 replies to this topic

#1 shahpur

shahpur

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 25 April 2011 - 10:42 PM

I have a Dell Dimension 9100 running Windows XP Media Center Edition 2005. My computer was infected with a virus. I tried to reboot in Safe Mode to run MalwareBytes, but the virus does not let me restart in Safe Mode. I then used the following Tutorial from bleepincomputer "How to start Windows in Safe Mode By Bleeping Computer on April 21, 2004 @ 04:06 PM (Views: 3,768,940)" to alter the boot.ini file using the "msconfig" settings. Now my computer always starts in Safe Mode and the virus blocks it from starting so I am in a never ending loop.

I then used a bootable cd to Repair Windows. Again as the above tutorial stated I renamed my boot.ini file to boot.ini.bak file. I was successful at doing that. But now Windows will not start and it gives me an error that says "missing or corrupt system32/hal.dll. Please reinstall a copy of the above file."

Please help.

Edited by hamluis, 26 April 2011 - 07:46 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:08:07 PM

Posted 25 April 2011 - 11:16 PM

I then used a bootable cd

What was this "bootable cd"? A Windows installation CD or some other (linux?)?

I want to know if it can be used to edit a text file (the boot.ini file) to fix the issue.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 shahpur

shahpur
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 25 April 2011 - 11:52 PM

This is the Dell Windows Restore CD. Got it with the computer.

#4 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:08:07 PM

Posted 26 April 2011 - 01:07 AM

This is the Dell Windows Restore CD. Got it with the computer.

OK, thanks, that is of no use for our purposes.

The quickest and easiest way that I can think of to overcome this problem, is to use a LIVE CD to edit the boot.ini file contents and to rename it. The Windows system should then start normally again, and we can deal with your malware and Safe Mode issues.

Using a working computer:
There are many options to use for a LIVE CD: Try Puppy Linux (download file size 128 MB)
When you have downloaded the ISO image, burn it to a CD using ImgBurn (choose "Write image file to disc"). The CD will be bootable.

Now to work on your problematic computer:
Boot from the Puppy Linux CD. You will be able to navigate to all the files on your HDD.
  • Navigate to the boot.ini file (that you previously re-named) at the following location:
    C:\boot.ini.bak
  • Rename boot.ini.bak to boot.txt
  • Open the boot.txt file with the Text Editor contained within Puppy Linux, and remove the following switch where you see it contained in the text file:
    /safeboot:minimal
    (Do not make any other alteration. If you added any other switches, they should be removed too. If you are not sure what you are doing, please tell us what you see in the boot.ini file, and we will assist.)
  • Save the file and close it.
  • Re-name boot.txt to boot.ini
You have finished using Puppy, so shut down the computer and remove the Puppy CD.

Does your Windows system start normally now?

Edited by AustrAlien, 26 April 2011 - 01:12 AM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,266 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:07 AM

Posted 26 April 2011 - 07:46 AM

Repairing Windows...won't overcome an infected system.

Moving to Am I Infected forum.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users