Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows cannot start/.exe files cannot run


  • This topic is locked This topic is locked
29 replies to this topic

#1 sayre5

sayre5

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 15 December 2011 - 04:18 PM

Hi, I appear to have run into a problem that's stumped me. After recently running an antivirus scan and deleting a virus, I've run into all sorts of problems:

Windows 7 cannot start (not even in safe mode). It runs "startup repair", but does not find any errors. Computer shuts down.

Looked a little into solutions to this problem, and I found that Windows 7 CAN start in "Disable Driver Signature Enforcement" mode.

However, when in this mode, I can't run any programs (.exe files), including antivirus programs such as Malwarebytes. The program pops up for a split second in task manager, then goes away.

I've tried to fix .exe associations in the registry, and but this doesn't solve the problem. Help!

Thanks a lot!

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:49 PM

Posted 16 December 2011 - 02:47 AM

Hello,

Please start your computer and tap F10 until the Edit Boot Options screen comes up.

Look what is listed between the brackets. If you see /MININT listed, please use backspace to remove that. Leave everything else the same.

Press enter to continue booting and let me know if you can get in Windows this way.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 sayre5

sayre5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 December 2011 - 09:40 AM

It says:
[ /NOEXECUTE=OPTIN IN/MINT

Then proceeds into startup repair.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:49 PM

Posted 16 December 2011 - 10:03 AM

Yes, thats the newer variant apparently. Please remove this part: IN/MINT

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 sayre5

sayre5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 December 2011 - 06:53 PM

Deleted, but it still goes into an eventually failing startup repair.

Problem details:
Problem Event Name: StartupRepairOffline
Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.7600.16385
Problem Signature 03: unknown
Problem Signature 04: 21200695
Problem Signature 05: AutoFailover
Problem Signature 06: 4
Problem Signature 07: CorruptFile
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

Diagnosis and repair details:

Session details
System Disk = \Device\Harddisk0
Windows directory = D:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed
[many successful tests here]

Root cause found:
Boot critical file D:\CI.dll is corrupt.

Repair action: File repair
Result: Failed. Error code = 0x2
Time taken = 4821 ms

Repair action: System Restore
Result: Failed. Error code = 0x1f
Time taken = 278415 ms

Repair action: System files integrity check and repair
Result: failed. Error code = 0x490
Time taken = 802219 ms

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:49 PM

Posted 17 December 2011 - 04:53 AM

In that case, lets have a closer look at the master boot record of the drive.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 sayre5

sayre5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 17 December 2011 - 10:09 AM

If it is possible, can you detail for me a way to burn and run the program from a (250 GB) external hard drive? Otherwise, I'll have to pester some friends as my clean computer is a netbook with no CD drive. Thanks.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:49 PM

Posted 17 December 2011 - 10:18 AM

No problem, we can use an USB drive as well. :)

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 sayre5

sayre5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 19 December 2011 - 09:03 PM

When running:
(EE) No devices detected.
Fatal error:
no screens found

Please consult the The X.org Foundation support at http://wiki.x.org for help. Please also check the log file at "/var/log/Xorg.log" for additional information. (Not quite sure how to do this?)

ddxSigGiveUp: Closing log
[ 7.280176] sd 6:0:0:0: [sdb] Assuming drive cache: write through
[ 7.283421] sd 7:0:0:0: [sdb] Assuming drive cache: write through
[ 7.518548] sd 7:0:0:0: [sdc] Assuming drive cache: write through
[ 7.520418] sd 7:0:0:0: [sdc] Assuming drive cache: write through
[ 7.523291] sd 7:0:0:0: [sdc] Assuming drive cache: write through
[ 11.067294] sd 6:0:0:0: [sdb] Assuming drive cache: write through
giving up.
xinit: No such file or directory (errno 2): unable to connect to X server
xinit: No such process (errno 3): Server error.
xauth: (argv):1: bad display name "(none):0" in "remove" command
sh: no job control in this shell
sh-4.0# [334.824088] hub 2-0:1.0: unable to enumerate USB device on port 6
[340.362438] sd 8:0:0:0: [sdc] Assuming drive cache: write through
[340.386434] sd 8:0:0:0: [sdc] Assuming drive cache: write through
[340.423454] sd 8:0:0:0: [sdc] Assuming drive cache: write through

---
Subsequent attempts yielded the same results.

Researching error yielded:


You get an error message like:

(EE) No devices detected.
Fatal server error:
no screens found

It is very likely that your xorg.conf file doesn't contain the correct driver(s) for the chipset(s) in your system or that your chipset isn't supported by any of the drivers.

You can check for the detected devices in the log file (in most cases /var/log/Xorg.0.log) by looking for lines like:
(--) PCI:*(1:0:0) Neomagic Corporation NM2200 [MagicGraph 256AV] rev 32, Mem @ 0xfd000000/24, 0xfe800000/22, 0xfec00000/20

In this example the active video device (the one with the *) is a Neomagic NM2200 video chip. In order to get this chipset to work you'd have to use the neomagic driver.

If you are using a distribution you should rerun its configuration tool. If there is no such tool, or if it keeps configuring your Xserver wrong you may want to try xorgcfg, the graphical tool shipped with Xorg. You can also let the server generate a config file: as root just run X -configure.

Please note: If you appear to use the correct driver and you still keep getting this message it is very likely that your chipset isn't supported (yet). In this case you may try the vesa driver or - if this doesn't work - the vga driver. However both are entirely unaccellerated.

Help!

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:49 PM

Posted 20 December 2011 - 03:08 AM

That means your video card drivers are not included. Please try it like this.

Try to boot from a ubuntu live CD (follow step 3: Try It!)

Once the Ubuntu desktop is loaded, click the top icon in the left panel. A search box will open. Type terminal and click on the first Terminal icon that will be displayed. This will open a command prompt window.

Type the following line and press enter.

sudo dd if=/dev/sda of=mbr.bin bs=512 count=1

Close the terminal window.
Now click the third icon from the top in the left panel (Home Folder). You will see some folders there, as well as the mbr.bin file we just created. Right click this file and select Copy.
Now in the Home window look under Devices in the top/left corner.
You should see there System Reserved and one indicating your Windows partition (<size of windows partition> File System). Click on the latter and you'll see in the right part the contents of your windows partition.

Right click in an empty space in that window and select Paste. This will copy mbr.bin to c:\ (in Windows).

Restart in Windows and right click c:\mbr.bin > Send to > Zipped (compressed) file. This will create mbr.zip in the same location. Attach this file to your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 sayre5

sayre5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 21 December 2011 - 02:38 AM

File attached:Attached File  mbr.bin.zip   639bytes   3 downloads

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:49 PM

Posted 21 December 2011 - 03:55 PM

That is indeed infected.

Try this please. You will need a USB drive.

Download xPUDtd and save it to an USB drive.
  • Remove the USB & ubuntu CD and insert it in the sick computer
  • Boot the Sick computer with the ubuntu CD
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts and select Try It.
  • navigate to your USB drive.
  • right click on xPUDtd and select Properties. See image below, place a checkmark in front of Allow Executing File as Program and click OK.
    Posted Image
  • Doubleclick on xPUDtd to extract and run it.
The first screen will present log options - press Enter to continue.

Posted Image

TestDisk will scan the system and show drive information.
If more than 1 drive, select the correct drive, make sure [Proceed] is selected then press Enter to continue.

Posted Image

Select [Intel] partiton and press Enter to continue.

Posted Image

Select [MBR Code] and press Enter to continue.

Posted Image

Type Y when prompted to write a new mbr code to the first sector, then confirm at the next screen by typing Y again.

Posted Image

Press Q repeatedly until TestDisk exits then reboot.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 sayre5

sayre5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 21 December 2011 - 08:44 PM

For some reason, I am not being allowed to check the "Allow executing file as a program" box, nor change anything below the Owner Access dropdown menu.

#14 sayre5

sayre5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 21 December 2011 - 10:23 PM

Solved this by pasting file into desktop.
After running xpudtd, "create", then

No harddisk found
You need to be root to use TestDisk.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:49 PM

Posted 22 December 2011 - 08:17 AM

Can you copy/paste the xpudtd file into the Home directory (the same one where you copied mbr.bin from).

Next, open a terminal by clicking the top-left button on screen, type in terminal and click the first search result.

Type sudo xPUDtd and press enter. See if it runs like that.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users