Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP won't start at all (in safe mode or using last configuration)


  • This topic is locked This topic is locked
113 replies to this topic

#1 GPyrenees

GPyrenees

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 20 September 2012 - 02:26 PM

Hey guys,

Yesterday I took to the task of cleaning up my parents' Compaq Presario computer, which included running a couple of AVAST virus scans and installing a few Windows updates that had been ignored for who knows how long.

AVAST found 10 infected files which I "Moved to Chest". Today I finished installing the Windows updates, but when I restarted the computer it failed to boot Windows XP. I'm shown a black screen with white text that says "We apologize for the inconvenience, but Windows did not start successfully" and given the options to start Safe Mode, Last Good Configuration, or Start Windows Normally.

Starting Windows normally leads to the loading screen with the windows logo but then it stops and restarts, leading back to the black screen.

Last Known Good Configuration does the same thing.

Safe Mode launches a bunch of lines of text and then freezes.

I'm kind of panicking now. Can anyone help me out?

Thanks,


GP

EDIT: Not sure if this is necessary, but I don't have a Windows XP CD either, and I don't think I can get my hands on one within a reasonable amount of time.

Edited by GPyrenees, 20 September 2012 - 03:21 PM.

GP

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:26 AM

Posted 20 September 2012 - 03:26 PM

If it's a Compaq...there may be a restore-to-factoryj-defaults mechanism on the system. If not, then you need to think about contacting HP for recovery disks.

Since malware appears to be a likely cause for this unbootable situation...I'll try to get someone more knowledgeable to take a look.

Please be patient.

Louis

#3 GPyrenees

GPyrenees
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 20 September 2012 - 03:51 PM

Thanks Louis.

There are a few options on the Compaq home screen that shows immediately upon start-up. I haven't tried any of them yet though. Let me know if that would be a good idea.

Preserving the hard drive files would be nice too if possible :thumbup2: .


GP
GP

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:26 AM

Posted 20 September 2012 - 04:32 PM

<<Please be patient.>>

Louis

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:26 PM

Posted 24 September 2012 - 12:23 PM

Hello,

We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 GPyrenees

GPyrenees
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 24 September 2012 - 05:57 PM

Hi Elise,

Thanks for responding.

The only information I could pull from the blue screen was the following:

Technical information:

*** STOP: 0x0000007E (0xC0000005, 0xF77E5756, 0xF79E0430, 0xF79E012C)


GP
GP

#7 ranchhand1

ranchhand1

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 24 September 2012 - 06:41 PM

Hello GPyrenees.... if you cannot get into Windows, before you wipe your disk and reinstall or restore Windows post back, there are ways of accessing your hard drive to pull your valuable data off. I will follow this thread so if you want help let me know. I don't want to interfere with Elise' workflow at this point.

#8 GPyrenees

GPyrenees
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 24 September 2012 - 11:39 PM

Mod Edit: Removed comment that is not appplicable - Hamluis.

I trust that Elise will provide the appropriate instructions to repair whatever the problem is, or if that's not possible, to preserve as many of the files as possible.

My past two experiences with this forum have been enormously helpful, at any rate. I'm counting on it again here!

Feel free to follow along - I'm not sure what the rules are about contributing advice or stopping off with your own problems though. I'll be taking moderator advice first and foremost and if we encounter an unsolvable problem tips from others will then be considered.


GP

Edited by hamluis, 25 September 2012 - 05:57 AM.

GP

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:26 PM

Posted 25 September 2012 - 02:23 AM

That is a pretty generic code, so lets just start having a look at the MBR and work our way up from there. :)

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 GPyrenees

GPyrenees
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 27 September 2012 - 04:22 PM

Hi Elise!

Sorry for the delay, I'm home for good now so I'll be able to respond more promptly from now on.

I followed the instructions in your last post, but in the mnt folder of xPUD I don't seem to have an sdb folder. All I have is sda1 and sda2, and both seem to correspond to the HDD. I might be wrong about this - are there any files that would indicate for sure which is which?

EDIT: Never mind, I removed and reinserted the USB drive and the folder sdb1 appeared.

mbr file is attached!


GP

Attached Files

  • Attached File  mbr.zip   563bytes   9 downloads

GP

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:26 PM

Posted 28 September 2012 - 02:57 AM

Hi again,

Right click the following download link and select "save link/target as": xPUD_MBRfix
Save the file to your USB drive.
  • Boot the ailing computer to xPUD
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Double click on xPUD_MBRfix to execute the script
  • When asked "what boot code do you want to write?" type m for XP boot code and press enter.
  • When asked "to which one do you want to write a new mbr?" type sda and press enter.
  • Type y and press enter to confirm your choices.
  • Press enter to close the window.
  • Upon finishing, its actions will produce a report (mlog.txt)
  • Post that report in your next reply

After this, reboot normally and see if that works.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 GPyrenees

GPyrenees
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 28 September 2012 - 11:16 AM

Hello,

The text file contains the following:

Fri Sep 28 12:01:52 UTC 2012

User has chosen Windows XP boot code
User has chosen drive sda



Normal reboot brought to me to the same place as before, no changes.



GP
GP

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:26 PM

Posted 28 September 2012 - 11:31 AM

Has the BSOD code changed at all?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 GPyrenees

GPyrenees
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 28 September 2012 - 11:47 AM

No it hasn't, it's the same as what I posted before.


GP
GP

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:26 PM

Posted 28 September 2012 - 12:16 PM

Please try to boot in safe mode, what is the last driver file you see on screen?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users