Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

blackscreen on boot - unhide.exe


  • Please log in to reply
16 replies to this topic

#1 adminoem2111

adminoem2111

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 09 May 2011 - 03:22 PM

I received an error on one of our users aptop this morning and upon follwing the Windows Recovery in Bleeping Computer. I keep getting the pc to reboot to the blackscreen over and over. How can I get past this feature and boot into the Administrator profile?

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:04 PM

Posted 09 May 2011 - 08:36 PM

Can you boot into Safe Mode?

It would help if you were to post the make and model of this computer.

It would also help if you were to post the exact error message.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:04 AM

Posted 10 May 2011 - 04:06 AM

When do you see this black screen? Are you able to tap F8 on startup and see the Advanced Boot Options menu, do you still see the XP splash screen?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 adminoem2111

adminoem2111
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 10 May 2011 - 11:53 AM

I recently ran into a issue after running the Unhide.exe from a laptop and now can't access my safemode or local login. Comes back and says it can't find any hard disk drives installed. How can a simple Unhide.exe feature casue such trouble?

Edited by hamluis, 10 May 2011 - 04:58 PM.
Moved from XP to Am I Infected.


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:04 PM

Posted 10 May 2011 - 04:57 PM

Well...there's always the possibility...that you had problems before running the named application...and that running it just complicated the basic issues.

Since the unhide.exe is a tool designed to be used in connection with malware issues...I'd say that the possibility exists that malware is your problem.

I will move this to the Am I Infected forum, where a better assessment than mine...can be made.

Louis

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 10 May 2011 - 05:21 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.


This sounds like it may be a MBR rootkit that was partially removed. It could also be hardware failure. In addition to the questions above, I have a lot of others we need to get started:

Do you get any beeps when you boot? If so, what is the pattern (here's some examples

What virus did you have to remove that caused you to run unhide? In addition to letting me know if you have a windows CD handy, please also let me know if you have a non-infected computer you can use and a USB flash drive we can play with to gain access to the drive?

Also, is this a dual boot system or does it only have one operating system on it? Which OS is it? Windows XP? Vista? 7? Are you running any disk encryption?

Thanks!
-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:04 AM

Posted 10 May 2011 - 11:58 PM

adminoem2111, I merged both topics as they discuss the same problem. Please do not start any other topics, instead reply in this one if you still need help.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 adminoem2111

adminoem2111
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 11 May 2011 - 08:11 AM

In regards to all the forums, it's a HP Compaq nx7400, and was brought to me with a Windows Recovery error message. I went thru and found a document from bleeping computer and followed it to a tee, when installing the Unhide.exe application, this is when I noticed the pc was stalled at one particualr screen and restarted it. Probley what started the whole issue of not beign able to get back into the laptop from either the local login nor the safe mode, I was completly locked out. So that's the point I desided to look for a way to restore my registory and find a back way into the laptop. I've since restored the laptop from a recovery backup, but running into a lsass.exe error now and wont allow me to get logged on either.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:04 AM

Posted 11 May 2011 - 08:42 AM

What kind of backup did you use to restore?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 adminoem2111

adminoem2111
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 11 May 2011 - 08:59 AM

My laptop had a restored drive that was setup by HP, when booting to the safe mode, it prompt me if I want to restore from backup drive. It's a partition on the drive that's setup especially for just these kind of details.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:04 AM

Posted 11 May 2011 - 09:02 AM

What exactly is the lsass.exe error?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 adminoem2111

adminoem2111
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 11 May 2011 - 09:51 AM

It's an annoying popup message that won't allow you to gain access the system, locally or thru safemode, the following messages is what shows up if you have th time to read it before it reboots the pc/laptop. Very aggravating!!!!!!

"System error: Lsass.exe
When trying to update a password the return status indicates that the value provided as the current password is not correct."
Then my machine restarts and tries again, and again and again.....

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:04 AM

Posted 11 May 2011 - 10:38 AM

That usually happens when the LSA key is broken. Have you tried booting using the Last Known Good Configuration?

Did you do anything to the registry after restoring the backup?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 adminoem2111

adminoem2111
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 11 May 2011 - 10:58 AM

Tried the Last Known Configuration and it to didn't take off. Seems that everything I tried sent the laptop into a restarting process and repeated over and over.

I had copied all the information on the hard drive off externially by hooking up the laptop hard drive to my desktop system via a CoolGear cable and copied the files off to the local network of my desktop pc. Then proceded to put the laptop harddrive back in and downloaded the latest Windows updates and removed once again and migrated the saved files from my pc back to the hard drive completing the task late yesterday. Upon rebooting this morningis when I received the error. So I've once restored the laptop from a good backup regestry devise and hopefully with any luck I'll have it this time.

Thx.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:04 AM

Posted 11 May 2011 - 11:16 AM

So I've once restored the laptop from a good backup regestry devise and hopefully with any luck I'll have it this time.

Sorry, but I'm not sure I am following you here. You only restored the registry backup? And now still get the LSASS.exe error?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users