Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't boot up using Safe Mode - XP Antivirus 2012


  • This topic is locked This topic is locked
43 replies to this topic

#1 gobcross

gobcross

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 17 August 2011 - 11:58 PM

Hi all,

Last night my Acer Aspire One became infected with the Xp Antivirus 2012 virus. I have dealt with this once before and suspect it may be from a shared disk I used. Anyways, last time I was able to track the problem down using some tutorials, rkill, malwarebytes and a few other malware removal tools. This time though the damage was done too quickly. By the time I knew it, no programs would launch. I couldn't access the task manager either. My laptop froze and when I tried to reboot I'd get the laptop splash screen and then nothing. I attempted to boot in safe mode and no dice.

My next step was to use Hiren's Bootcd and use Mini Xp to boot up. I was able to do so successfully but once there I was not able to get much done to fix the boot up problem. I tried identifying the problematic system file in the system32/ drivers folder but found none than looked suspicious. There was no oddly named sys file with the size 0kb.

I am at a crossroads. Should I just back my files up (since I can access them with mini Xp) and restore windows to factory settings or do I have a chance to fix this thing?


Thanks!

Chris

BC AdBot (Login to Remove)

 


#2 Drovers Dog

Drovers Dog

  • Members
  • 1,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane, Australia
  • Local time:07:51 AM

Posted 18 August 2011 - 01:42 AM

You could try to repair your Boot File? This can be done by selecting r when coming into the Disk or onboard Recovery. When asked type in fixboot That should get it booting again, but please, before you do any thing further Post in the "Am I Infected" Forum http://www.bleepingcomputer.com/forums/forum103.html and include a link to this? Once there you will get expert help on Malware.

Ray.

Edited by Drovers Dog, 18 August 2011 - 01:46 AM.

What ever you give to others, you will get back doubled, Just make sure you only give Nice Things?......DD saying

There is a saying, "You just can't make a silk purse out of a sow's ear" it means "to be happy with what you have and not look for the impossible"......DD saying

The "Spirit" of the people who died, on that terrible day 9/11 will NEVER REST until such time as the "Imbeciles" that caused it, are eliminated through out the World.....DD saying

What is a Dog?

#3 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:07:51 AM

Posted 18 August 2011 - 01:56 AM

Hello and :welcome: to the BC forums.

Please sit tight and be patient.

I have requested that an experienced helper who specialises in malware-related un-bootable computers respond to your topic.

Thank you.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#4 gobcross

gobcross
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 18 August 2011 - 04:20 PM

Sorry butt should I sit tight and wait or post to the linked forum above? I can take direction I just need to know where I should follow up on this.

Thanks!

#5 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:07:51 AM

Posted 18 August 2011 - 04:24 PM

Sorry about the delay: Some expert assistance will be along to help you ... when they can manage it.

Please just sit tight and be patient, and wait for a reply to your topic: Do not make another topic.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:51 AM

Posted 19 August 2011 - 03:23 AM

Hello, first of all, we do not allow nor support the usage of Hiren's boot CD; the CD image contains copyright protected Microsoft files and the CD contains various questionable/illegal applications. See also this topic.

Does your computer just hang after the splash screen, or does it reboot?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Drovers Dog

Drovers Dog

  • Members
  • 1,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane, Australia
  • Local time:07:51 AM

Posted 19 August 2011 - 05:26 AM

Can I ask a serious question?

Was my advice to use the Recovery Console built into WIN XP permissable under the Rules?

If it is not I certainly meant no harm and certainly will apologise, if that is the case and will not recommend it again.



Ray.
What ever you give to others, you will get back doubled, Just make sure you only give Nice Things?......DD saying

There is a saying, "You just can't make a silk purse out of a sow's ear" it means "to be happy with what you have and not look for the impossible"......DD saying

The "Spirit" of the people who died, on that terrible day 9/11 will NEVER REST until such time as the "Imbeciles" that caused it, are eliminated through out the World.....DD saying

What is a Dog?

#8 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:07:51 AM

Posted 19 August 2011 - 05:45 AM

Was my advice to use the Recovery Console built into WIN XP permisable under the Rules?

@ Ray,

There is no problem at all with advice to use the XP Recovery Console ... so you have nothing to be concerned about.

There is a problem with advising to download the XP Recovery Console .ISO image file that is hosted in many locations, since the legality of doing so is questionable. However the RC can be downloaded legally from Microsoft very easily using ARCDC from Artellos.com.

Bleeping Computer has a special place for reporting unbootable computers where the problem is related to malware (or suspected to involve malware), namely Edit: <link removed> This ensures that an experienced helper will attend to the issue.

Edited by AustrAlien, 19 August 2011 - 06:01 AM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#9 Drovers Dog

Drovers Dog

  • Members
  • 1,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane, Australia
  • Local time:07:51 AM

Posted 19 August 2011 - 05:56 AM

Thanks, Mate, for clarrifing this, but, unfortunately your link does not work? Like mostly all Members I certainly want to help others from this huge Family

Ray
What ever you give to others, you will get back doubled, Just make sure you only give Nice Things?......DD saying

There is a saying, "You just can't make a silk purse out of a sow's ear" it means "to be happy with what you have and not look for the impossible"......DD saying

The "Spirit" of the people who died, on that terrible day 9/11 will NEVER REST until such time as the "Imbeciles" that caused it, are eliminated through out the World.....DD saying

What is a Dog?

#10 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:07:51 AM

Posted 19 August 2011 - 05:59 AM

Thanks Ray ... looks like you don't have access to that area of the forums. I will remove the link in that case.

Edit: Best advice I can offer you Ray, is to refrain from posting advice to assist where a computer is clearly not bootable and malware is involved in the problem. I have to do exactly the same thing ... so don't feel bad about it!

Edited by AustrAlien, 19 August 2011 - 06:06 AM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#11 Drovers Dog

Drovers Dog

  • Members
  • 1,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane, Australia
  • Local time:07:51 AM

Posted 19 August 2011 - 06:13 AM

It is cool, Mate.

WINXP does have it's in built Recovery Console that I use regularly just to fix the Boot sequence, as I did suggest, above and other Threads that certainly allows access. I also did stress to gobcross, not to do a thing more until Malware Experts became involved.

Thanks for you appreciation.

Ray.
What ever you give to others, you will get back doubled, Just make sure you only give Nice Things?......DD saying

There is a saying, "You just can't make a silk purse out of a sow's ear" it means "to be happy with what you have and not look for the impossible"......DD saying

The "Spirit" of the people who died, on that terrible day 9/11 will NEVER REST until such time as the "Imbeciles" that caused it, are eliminated through out the World.....DD saying

What is a Dog?

#12 Drovers Dog

Drovers Dog

  • Members
  • 1,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane, Australia
  • Local time:07:51 AM

Posted 19 August 2011 - 06:24 AM

To access the Recovery Console is simple?

Insert the WINXP Disk or use the Recovery from the likes of HP and type in r, there it is, r for recovery, simple?

Typing in fixboot just fixes the Boot Problem. There are also heaps of commands in there to fix other problems. Just select Help.

Ray.

Edited by Drovers Dog, 19 August 2011 - 06:27 AM.

What ever you give to others, you will get back doubled, Just make sure you only give Nice Things?......DD saying

There is a saying, "You just can't make a silk purse out of a sow's ear" it means "to be happy with what you have and not look for the impossible"......DD saying

The "Spirit" of the people who died, on that terrible day 9/11 will NEVER REST until such time as the "Imbeciles" that caused it, are eliminated through out the World.....DD saying

What is a Dog?

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:51 AM

Posted 19 August 2011 - 07:05 AM

@ Drovers Dog, here's how to create the XP RC iso in a legal manner:

Please download ARCDC from Artellos.com.

  • Double click ARCDC.exe
  • Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC
Your ISO is located on your desktop.


Now lets get back to gobcross, who is the one looking for help in this topic (please see post #6).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 gobcross

gobcross
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 19 August 2011 - 09:19 AM

Hello, first of all, we do not allow nor support the usage of Hiren's boot CD; the CD image contains copyright protected Microsoft files and the CD contains various questionable/illegal applications. See also this topic.

Does your computer just hang after the splash screen, or does it reboot?

Elise,

Thanks for your reply. After powering up, the Acer splash screen appears and then it just turns black and then I am left with a blinking white cursor in the upper left hand corner. Nothing happens after that. I am unable to use Alt-F10 to access the recovery partition. The only F keys that function are F12 so I can change the boot order and the F2 where I can access there setup menu.

I have contacted Acer about obtaining a recovery disk so that I can attempt to boot and/or recover from the disk itself. If there is anything you think I can try before doing a full system restore feel free to lay it on me.


Thanks!

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:51 AM

Posted 19 August 2011 - 09:49 AM

Hello again,

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users