Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Does Not Boot


  • This topic is locked This topic is locked
7 replies to this topic

#1 MrMiyagi299

MrMiyagi299

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 16 January 2012 - 03:16 PM

Hello. This will probably be fairly lengthy, so I apologize in advance. A coworker's computer seemed to be running slower than normal, so he asked that I look at it. Granted, I don't know much about computers, but I know slightly more than my coworker. Here is what unfolded:

I tried to run TDSSKiller and it scanned 3 files and reported no detections. That seemed odd, so I ran it again and it scanned 5 files and reported no detections. From here I went into Safe Mode with Networking and gave TDSSKiller one more try, and again it was 3 files, no detection. From here I decided I'd try RKill. It seemed to finish abruptly as well, my desktop washed away (as if explorer had restarted) and came back reporting it had terminated Firefox. After this I tried SuperAntiSpyware. It told me I needed to update, one update completed and it prompted me for another, which I proceeded with, and was then asked to restart the computer (I was still in Safe Mode with Networking at this point). Once I restarted it never got back to Windows.

I noticed that the restart process was hanging in safe mode on AVG files (last was AVGIDSEH.sys, then it would auto restart), so, using AVG's utility I renamed/moved the files and tried again. This time it showed MUP.sys as the last file and clicked off to an automatic restart again.

After this I went into recovery console, did chkdsk /r, and repaired one or more files, but was still unable to restart. Then, I was going to do fixmbr, but received a message that my partition could become inaccessible, and decided to pass that up.

I am not sure if this should have gone in "Am I infected" or here. I am pretty sure the computer is infected, but I am also now unable to boot to Windows. Any help is greatly appreciated. Thank you.

Edited by hamluis, 16 January 2012 - 03:49 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 16 January 2012 - 07:16 PM

So you cannot get to the desktop in any mode?

Please have a look at How to fix an XP\Win 2000 System that freezes after loading mup.sys while booting
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 MrMiyagi299

MrMiyagi299
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 16 January 2012 - 10:24 PM

Correct, I cannot get to the desktop in any mode - it is stuck in a constant boot sequence.

I do not have access to this computer outside of work hours, so I will have to try these suggestions tomorrow, then get back. Thanks.

#4 MrMiyagi299

MrMiyagi299
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 17 January 2012 - 08:52 AM

I read over the link you provided and tried a few things. All USB and external devices were unplugged, and I moved the RAM around and tried each stick individually, but no luck. I performed a hardware scan through the HP recovery and it found no issues. Also, I don't really know how to do anything with the BIOS. Should I attempt doing the manual restore of the XP registry that is mentioned? In doing so, I will not render the hard drive inaccessible or lose data, will I? Or is there a different course of action I should take first? Thanks.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 17 January 2012 - 11:14 AM

I have asked another to look here,someone that specializes in these matters.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 MrMiyagi299

MrMiyagi299
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 17 January 2012 - 12:22 PM

Thank you for your help.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:17 AM

Posted 20 January 2012 - 02:19 AM

Hello, first lets have a look at the MBR.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:17 AM

Posted 26 January 2012 - 05:07 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users