Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot Camp, Zentom Removed, XP won't boot


  • Please log in to reply
20 replies to this topic

#1 jaeniki

jaeniki

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 04 August 2011 - 03:15 PM

Not sure how I ended up with Zentom System Guard, but I went through the step by step instructions here,

http://www.bleepingcomputer.com/virus-removal/remove-zentom-system-guard

Afterwards I was prompted to restart my computer. I did so and now Windows will not boot. It sticks on the blinking text cursor in the upper left corner of a black screen.
I have a MacBook Pro and am running XP in Boot Camp.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:55 AM

Posted 07 August 2011 - 03:02 PM

Your post has been reported in the unbootable PC's forum:

http://www.bleepingcomputer.com/forums/topic412868.html/page__pid__2359362#entry2359362

Not sure how I ended up with Zentom System Guard, but I went through the step by step instructions here,

http://www.bleepingcomputer.com/virus-removal/remove-zentom-system-guard

Afterwards I was prompted to restart my computer. I did so and now Windows will not boot. It sticks on the blinking text cursor in the upper left corner of a black screen.
I have a MacBook Pro and am running XP in Boot Camp.



#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:55 AM

Posted 08 August 2011 - 06:24 AM

Hello jaeniki, please let me know if you still need help with this issue.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 jaeniki

jaeniki
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 08 August 2011 - 05:07 PM

Yes, I do :(

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:55 AM

Posted 09 August 2011 - 02:58 PM

Do you remember after which step the problems occurred? With what OS do you dual-boot XP?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 jaeniki

jaeniki
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 09 August 2011 - 03:48 PM

I don't think it is dual booting. I'm running XP on a separate partition on the hard drive created through Boot Camp on Mac OS so it boots completely independent from Leopard. I had been following the steps from my original post to remove Zentom System Guard, when Malwarebytes prompted me to restart my computer. I did so and it wouldn't reboot.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:55 AM

Posted 10 August 2011 - 12:47 AM

Is your Leopard OS being able to start normally and can you see your Windows partition from there and access files? If so, can you look for the MBAM log and post it here?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 jaeniki

jaeniki
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 11 August 2011 - 02:29 AM

Yes, I can start the Mac OS normally and view the files on the partition. However they are Read Only.

the following is the MBAM.TXT file.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7370

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/4/2011 5:59:06 AM
mbam-log-2011-08-04 (05-59-06).txt

Scan type: Full scan (C:\|G:\|)
Objects scanned: 656399
Time elapsed: 5 hour(s), 1 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zentom System Guard (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KB7406046.exe (Trojan.FakeAlert) -> Value: KB7406046.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ikkdep70.exe (Trojan.FakeAlert) -> Value: ikkdep70.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Janicki\application data\Adobe\plugs\kb7406046.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\documents and settings\Janicki\application data\4ff8dddc492d3285dbce57a0ba319ed9\ikkdep70.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Janicki\application data\4ff8dddc492d3285dbce57a0ba319ed9\hookdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Janicki\local settings\Temp\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Janicki\local settings\Temp\err.log7367859 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Janicki\start menu\Programs\Startup\zentom system guard.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:55 AM

Posted 11 August 2011 - 07:35 AM

When attempting to boot windows, do you see anything else before the black screen with the blinking cursor?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 jaeniki

jaeniki
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 11 August 2011 - 09:02 AM

It starts as a complete black screen then the cursor appears and starts to flash. I can not apply any of the function commands, f8, f12, etc. I have been able to gain access through the recovery console via booting from the windows cd. However, all the files in Documents and Settings are Read Only. Also, I have attempted to do a BOOTCTF /Rebuild on the boot.ini file without success.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:55 AM

Posted 11 August 2011 - 09:46 AM

The problem here is that any attempt to fix this may result in serious problems for your Mac OS, which I do not want to risk. Our repair tools usually are not mac-compatible, which makes it very hard if not impossible to fix the issue. Normally I would start with the master boot record, but if you would fix that, you'd be in more trouble than you are now.

Can you post me the contents of boot.ini?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 jaeniki

jaeniki
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 11 August 2011 - 06:44 PM

Here is the contents of my boot.ini

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="windows xp professional" /fastdetect
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:55 AM

Posted 12 August 2011 - 04:27 AM

Did you edit this file yourself?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 jaeniki

jaeniki
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 12 August 2011 - 10:54 AM

I did a rebuild through the bootcfg function in the recovery console.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:55 AM

Posted 12 August 2011 - 12:12 PM

Please look for a file named boot.bak (or another extension). If there, post me its contents.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users