Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 will NOT boot no matter what options I try


  • This topic is locked This topic is locked
35 replies to this topic

#1 almsdonna

almsdonna

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 21 January 2012 - 04:51 PM

I will try to explain as detailed as possible. I was trying to remove system fix/check on a friends computer as a few of them had recently gotten the virus upon which i was able to remove successfully. When I received this computer I correctly removed system fix/check from the computer but there were several other viruses hanging about. Not being familiar with them, after running SuperAntiSpyware (i believe was the name) I then installed Avast which ran a complete scan and found 7 viruses considered to be a serious threat. I opted to delete them as they did not appear to be system files and avast promptly asked me if i would like to run a boot time scan or boot scan to which i replied "yes". at 5% it found, or claimed to have found a virus in C:/hp/bin/endprocess.exe and listed several options. next to deleted it said (recommended) so I chose that option. I don't know why the name and location stuck out to me as it was 2am and I was really not paying attention giving complete control to avast...well the scan continued after these finding several files and by its own choice, deleting them. it reached around 67% and the screen went black.

since then i am stuck in a loop and the computer will NOT reboot...i have tried restore to a previously known stable state, safe mode, repair, recovery, even the windows advanced recovery option for processors or something like that and it will appear to be starting but nothing ever does...i either get the "starting windows" black screen and then goes to black or reboots to launch system repair. then i try to power down and f8 for yet another option and i have tried everything...nothing seems to work..this is a compaq presario and the recovery disc is located on the d drive and the owner bought from best buy without recovery disc or software...

PLEASE HELP!!! :('''' I don't know what i have done and can't think of any other way other than dos and i don't even know if thats still an option and its been over 15 years since i had to do anything in dos mode.

Edited by hamluis, 21 January 2012 - 05:37 PM.
Moved to Am I Infected from Win 7.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:02 AM

Posted 21 January 2012 - 05:47 PM

I've put in a request for assistance by placing it on the list we maintain for systems which are unbootable due to malware. Some one will assist you as quickly as possible :).

Louis

#3 almsdonna

almsdonna
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 21 January 2012 - 10:24 PM

thank u so much!

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 AM

Posted 26 January 2012 - 04:51 AM

Hello, please start your computer and tap F10 until the Edit Boot Menu comes up. Let me know what is listed between the brackets [... ]

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 almsdonna

almsdonna
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 26 January 2012 - 02:23 PM

when i hit f10 the insydeh20 setup utility menu appears. in brackets is the time then date. if i go to system configuration from there i can get to boot options? is that where you want me to go? I have gone there and it just has options that are enabled and disabled but nothing in brackets. thank you for answering!!!

#6 almsdonna

almsdonna
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 26 January 2012 - 02:28 PM

now when i hit f9 it takes me to the boot manager and there are two things listed on the screen under the heading boot options menu

HP DVD RW AD-7581S
WDC WD2500BEKT-60V5T1

is that what you were looking for?

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 AM

Posted 26 January 2012 - 02:30 PM

No, you need to wait a bit longer before hitting F10 (after the POST screen disappears and the screen goes black).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 almsdonna

almsdonna
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 30 January 2012 - 07:19 PM

sorry it took so long...i was down with the flu...okay so i hit f10 it says the following

Launch start up repair and Start Windows Normally

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 AM

Posted 31 January 2012 - 02:24 AM

In that case, tap the F8 key when the computer starts until the Advanced Boot Options menu comes up. Select Repair Windows and wait until the recovery environment is loaded.

Once loaded, select Command Prompt and type the following lines and press enter after each of them.

c:

bcdedit /set {default} winpe no


Restart and let me know if it reboots normally now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 almsdonna

almsdonna
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 02 February 2012 - 02:11 PM

ok the only option is to "repair your computer" three safe mode options, directory services repair and start windows normal. so i tried the repair option and it starts beeping on and off for aboutt 15 seconds then the screen goes black and nothing again

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 AM

Posted 02 February 2012 - 02:40 PM

Please try the following:

You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 almsdonna

almsdonna
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 05 February 2012 - 07:06 PM

sorry it took so long...i had to get a disc to burn to...here it is attached and thank you SO much again for your help!!

oops here it isAttached File  mbr.zip   532bytes   11 downloads

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 AM

Posted 06 February 2012 - 03:07 AM

No problem! The MBR dump shows indeed a hidden, malicious partition.

  • Download tdl_fix.sh and save it to the USB flash drive.
  • Insert USB drive into sick machine
  • Boot into xPUD from the CD as beforethen click the File tab.
  • Press File
  • Expand mnt
  • Click on the folder under mnt that represents your USB drive (sdb1 ?)
  • You should see the tdl_fix.sh file in the main window.
  • Select Tool from the Menu
  • Choose Open Terminal
  • Type bash tdl_fix.sh -delete then press Enter.
  • ** Make sure to leave a space to either side of tdl_fix.sh in the command.
  • Type y at the warning you'll receive.
  • You should be notified of a hidden partition found and prompted to delete it.
  • Type y then press Enter.
  • The script will complete and prompt you to reboot the computer.
  • Close the Terminal window and restart back into Windows.
  • Post the contents of the tdl_delete.txt file that was created on your flash drive.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 almsdonna

almsdonna
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 08 February 2012 - 08:19 PM

ok i got the following error after typing y and giving it permission to delete the hidden partition it found:

Fatal Error! The hidden partition is marked active.
run this script with no switch and mark the correct partition active
aborting procedure

#15 almsdonna

almsdonna
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 08 February 2012 - 08:22 PM

just a note, because i have NO clue what I am talking about, but there is a recovery partition...hp and compaq's have them instead of having a recovery cd...would that be the hidden one? although i know it does show up in the list so that doesn't seem "hidden" to me but just thought i should mention JIC it was something important...i am sure the hidden one is malicious and has nothing to do with the recovery but again just to be safe...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users