Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stop Error 0x7b - HD unbootable


  • This topic is locked This topic is locked
23 replies to this topic

#1 chrissypie

chrissypie

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:37 AM

Posted 11 June 2011 - 10:38 AM

OS - Windows XP Home Edition

This PC was infected with multiple viruses. I pulled the HD and scanned it externally with Malwarebytes, SuperAntiSpyware, and Avast. It is now clean. However, now it won't boot. I get the BSOD with Stop Error 0x7b indicating the HD may have viruses, or there is a problem with the HD controller or the HD itself. I thought it might be a boot sector virus so I pulled the HD again and put it in another PC that is currently operating without any problems to see if it would boot. It did not.

Steps taken by me thus far:
Malwarebytes Scan
SuperAntiSpyware Scan
Avast Scan
CHKDSK /R (no bad sectors were found)
FIXMBR
FIXBOOT

Nothing is working. I'm hoping someone else has had this problem and may be able to provide a fix.

TIA.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,874 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:37 AM

Posted 11 June 2011 - 11:11 AM

FWIW: Any scan of a hard drive...where Windows is not booted into...I believe that results in all registry items being left exactly as they were.

Soooo...any infected registry items (quite common) are (probably) still on that drive, IMO.

Does the system boot properly, using the original hard drive installed? How about in safe mode...again, with the original drive?

Louis

#3 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:37 AM

Posted 11 June 2011 - 11:23 AM

The system will not boot at all - not even in safe mode. I continue to get the BSOD with the same stop error. The system does boot with a different HD, thus eliminating the controller.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,874 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:37 AM

Posted 11 June 2011 - 01:32 PM

I will add this to the list which we maintain for computers unbootable due to malware. Someone should be able to guide on what can be done :).

Louis

#5 imNooB

imNooB

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 11 June 2011 - 05:57 PM

What make is your HDD?

You should probably test it with something like Seatools (seagate or maxtor drives) or Western Digital Data LifeGuard Tools ( Western Digital drives, possibly some Hitachi drives).
Go grab yourself a copy of Hiren's Boot CD, it should have everything needed to do this. I see 7B errors alot, and most of the time they are signs that your HDD is failing. If you have a spare drive, I would back up immediately.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,874 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:37 AM

Posted 11 June 2011 - 07:24 PM

Please read, Recommending ISOs of Windows Recovery Discs or pre-made ISOs of WinPE-BartPE - http://www.bleepingcomputer.com/forums/topic382841.html

7B errors are quite common and are not necessarily an indication of a failing hard drive.

1) The 0x0000007b is "inaccessible boot device" but it actually means "something prevented the protected mode to connect to the device that the real mode (please read as BIOS) passed on to "protected mode".

The cause can be at least:
•a missing driver (typical of SATA devices NOT set in BIOS as "IDE compatibility" if no SATA driver slipstreamed to source or installed for "full XP")
•a wrong driver
•a non-started driver (typical missing Dietmar's mods of the registry and marv's Usbootwatcher for "full XP")
•NTDETECT.COM failing to detect appropriately the device (possibly bacause of "wrong" BIOS enumeration)

Per http://www.aumha.org/a/stop.htm

[b]0x0000007B: INACCESSIBLE_BOOT_DEVICE[/b
Windows lost access to the system partition or boot volume during the startup process. Typical causes: Installing incorrect device drivers when installing or upgrading storage adapter hardware, or a virus.


Another discussion at http://social.msdn.microsoft.com/Forums/en-US/embeddedwindowscomponents/thread/09aae527-ff6d-4003-9e59-962d73d409ed .

I suggest that the original poster...follow my advice and wait for assistance from the Malware Response Team here at BC.

Louis

Edited by hamluis, 11 June 2011 - 07:25 PM.


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 PM

Posted 12 June 2011 - 05:22 AM

Hi chrissypie, Do you remember what the programs you used to scan the HD detected?

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert it back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:37 AM

Posted 12 June 2011 - 10:03 AM

The following files were found via Malwarebytes
Files Infected:
17620772.exe (Trojan.Agent.GD) -> Quarantined and deleted successfully.
vitsieadnwjmbd.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
f:\documents and settings\DustyB\local settings\temp\att-sst_installer\Setup\motiveclient\AXB.exe (Adware.BHO) -> Quarantined and deleted successfully.


Also, when booting, the list of options is
1
Windows XP Recovery Console
Windows XP Home Edition

The "1" clearly needs to be removed. Weird.

I'm going to burn the cd and will be back with log information.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 PM

Posted 12 June 2011 - 10:21 AM

Thank you for the additional information. I'll wait for your log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:37 AM

Posted 12 June 2011 - 10:32 AM

The reports are all attached. The text file you wanted, report.txt, is blank. I attached everything hoping something may be of use to you.

Chrissy

Attached Files



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 PM

Posted 12 June 2011 - 10:49 AM

This means the scan had not yet finished (the other logs will disappear once done). Please try again and wait until the scan is done.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:37 AM

Posted 12 June 2011 - 10:58 AM

I posted the log after the window said that the scan was done and took me to a prompt.

I will try again.

#13 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:37 AM

Posted 12 June 2011 - 11:13 AM

Success!!

Attached Files



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 PM

Posted 12 June 2011 - 11:41 AM

Please repeat the steps and open the Terminal. Now type bash driver.sh -f and press enter.
Type volsnap.sys and press enter.

Post me the resulting filefind.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:37 AM

Posted 12 June 2011 - 11:56 AM

You are awesome for working on a Sunday. :-)

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users