Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP home will not boot, black screen w/ blinking cursor


  • This topic is locked This topic is locked
57 replies to this topic

#1 Blaine B.

Blaine B.

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 25 June 2011 - 07:39 PM

About an hour ago, I was on my system running Windows XP Home, just browsing the web when all of the sudden I got a blue screen of death for "sfsync02.sys." I have never seen this BSOD before, this is the first time it happened, and upon my attempt to reboot, I cannot get in to Windows. It just hangs on the black screen with the blinking cursor, which would only prior momentarily display right before the Windows loading screen would appear. Multiple reboot attempts have given me the same result, just the black screen with blinking cursor. I cannot get in to safe mode or anything as I cannot even get that Window to display.

I have two 300 gb Seagate SATA harddrives, and both are displaying properly in the bios. In terms of hardware, nothing has changed in this system in years. About 2 to 3 weeks ago I had the case opened up to clean it out and remove the dust that had accumulated inside and on the fans, that is it in terms of me opening up the case.

It has 1.5 gb of RAM, 2 300 gb Seagate SATA drives as mentioned, an ASUS K8VSE Deluxe motherboard, Creative Audigy 2 ZS 7.1 sound card, ATI Sapphire X800 Pro 256 mb video card, and an AMD 3400+ processor. Also has a DVDRW, CDRW, and DVD-ROM disc drives, floppy drive, and media drive, there is nothing in any of the drives nor is there a USB stick in any of the USB ports.

Any advice on how to get back in to Windows? I currently have the system OFF and have switched off the power switch on the back of the power supply. I have not removed the CMOS battery, however. Thank you.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:00 AM

Posted 25 June 2011 - 07:44 PM

Can you boot up in safe mode, by hitting F8 just after the post screen?

#3 Blaine B.

Blaine B.
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 25 June 2011 - 08:39 PM

Negative. I believe it would need to go past the blinking cursor in order to be shown the boot modes. All it does is stay on the black screen with the white blinking cursor, never goes any further.

I have Knoppix 5.11 on CD and I booted it up and I was able to access both hard drives and all of their contents so I doubt this is a hardware issue.

I believe I read somewhere that if the cursor was blinking, that was an indication of the bios trying to find a boot device? However both harddrives are functioning properly.

#4 Blathnat

Blathnat

  • Members
  • 224 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:12:00 AM

Posted 25 June 2011 - 10:50 PM

If you can get to drive management, check the drive letters. Something similar just happened to my dual boot. There was no errors in bios, and I could access C drive, but the machine confused the non-boot external drive with the second boot drive (D). I had to reload an image to correct the drive letter.

Unplug any USB devices to see if that is causing a problem. My work machine XP Pro will not boot if there is a thumb drive plugged in. If you have an all in one USB printer with a memory, XP can also get that confused, as it may also have a drive letter.

#5 Blaine B.

Blaine B.
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 26 June 2011 - 12:43 AM

How would I get to drive management?

I do not have a dual boot. I just have programs and Windows on Drive C: and then my documents on Drive G: which is the second hard drive.

Also the only USB Devices that I have connected are my keyboard, mouse, and web cam. Nothing else.

Edited by Blaine B., 26 June 2011 - 12:43 AM.


#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:00 AM

Posted 26 June 2011 - 12:53 AM

I have reported this issue to people who deal with unbootable computers.

#7 Blaine B.

Blaine B.
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 26 June 2011 - 01:04 AM

Ok. This just came on all of a sudden, first the blue screen of death for the sfsync02.sys file and the just having the cursor blink and not being able to even see the Windows XP loading screen. Does not get past the blinking cursor.

Not sure, do you think I should attempt a "fixmbr" or "fixboot" using the Windows XP CD and recovery console? Or could that possibly do more harm than good at this early stage of experiencing this problem?

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:00 AM

Posted 26 June 2011 - 01:32 AM

Wait until someone takes over this topic before attempting any fixes.

#9 Blaine B.

Blaine B.
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 26 June 2011 - 01:39 AM

OK, I will wait, thank you and good night.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:00 AM

Posted 26 June 2011 - 03:49 AM

Hi, before fixing the MBR, lets have a look at it to see if it needs fixing. :)

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Blaine B.

Blaine B.
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 26 June 2011 - 11:28 AM

Ok, here is mbr.bin in a ZIP file. Please let me know if I did it correctly, I belive it should be OK since I followed the commands you had given me. Thank you.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:00 AM

Posted 26 June 2011 - 12:02 PM

Yes, that is what I needed to see. :) It looks like you have a rootkit infected MBR, so I will move this topic to a more appropriate forum.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter
The first screen will present log options - press Enter to continue.

Posted Image

TestDisk will scan the system and show drive information.
If more than 1 drive, select the correct drive, make sure [Proceed] is selected then press Enter to continue.

Posted Image

Select [Intel] partiton and press Enter to continue.

Posted Image

Select [MBR Code] and press Enter to continue.

Posted Image

Type Y when prompted to write a new mbr code to the first sector, then confirm at the next screen by typing Y again.

Posted Image

Press Q repeatedly until TestDisk exits then reboot.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Blaine B.

Blaine B.
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 26 June 2011 - 12:27 PM

Wow that's funny, I am really becoming more unsatisfied with Symantec Corporate. Less than a month ago I struggled with a bunch of rootkit viruses that were setting up DNS servers on a couple of my systems. It was like Symantec may have not even been there because it just lets these things waltz in with an open door.

I will try your suggestions right now with the teskdisk.

#14 Blaine B.

Blaine B.
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 26 June 2011 - 12:54 PM

Having Test Disk write a new master boot record apparently fixed the problem. I am typing to you from my "infected" system that would not boot earlier. Everything seems to be back to normal.

Is there anything I should do to ensure that this infection isn't still hanging around somewhere?

I am just angry with Symantec......it is updated to the latest version and still, in June alone, I have had so many problems with viruses and rootkits it is unbelievable.

On top of that, I run Malwarebytes, Spybot, and Super Antispyware.

Thanks for your suggestions though and helping me to get back on this system! Hopefully this may be able to help out others.

So it doesn't look like this no-boot was caused by that sfsync02.sys file? Just a coincidence that I got the BSOD right before then no-boot caused by the MBR infection?

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:00 AM

Posted 26 June 2011 - 01:05 PM

No, the BSOD was caused by the infected MBR, however it is not sure what triggered it.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users