Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Status 0xC0000098 from WBM on \Boot\BCD


  • This topic is locked This topic is locked
40 replies to this topic

#1 whatisavailable

whatisavailable

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:14 AM

Posted 24 February 2013 - 09:21 AM

Hi

I'm helping out a friend.  He had ransomware and other nasties on his computer.  Long story short, he toasted it and now only the following error comes up when attempting to boot the hard drive.  When I tried to boot into Windows XP to repair the computer, it comes up with errors saying the files cannot be read. This doesn't make sense since I recently used the same CD to install XP on several computers (old Dells pulled from the State)..

 

I do have a raw data image of the hard drive before doing anything to it since my friend is concerned about data on the hard drive.

 

Would appreciate some help on getting this computer restored.  MBR issues are a new area for me so I'm flying blind.

Thanks!

Jim

 

 

Windows Boot Manager:

 

Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

 

1. Insert your windows installation disc and restart your computer.

2. Choose your language settings, and then click "Next".

3. Click "Repair your computer"

 

If you do not have this disc, contact your system administrator or computer manufacturer for assistance.

 

File: \Boot\BCD

Status: 0xc0000098

Info: This Windows Boot Configuration Data file does not contact a valid OS entry.

 

 



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:14 AM

Posted 25 February 2013 - 09:45 AM

Let me ask a malware response team member to help you

 

good luck



#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:14 PM

Posted 25 February 2013 - 02:12 PM

Could you please clarify what version of Windows is in fact present; the error you describes points to Vista/7, but you mention you wanted to boot XP. If you tried to boot with an XP disk to fix a Vista/7 computer, note that this is not possible usually and it is quite likely that the CD couldn't load due to (SATA) driver problems.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:14 AM

Posted 25 February 2013 - 02:18 PM

Nice catch! I assumed it was XP but it is infact Windows 7. I've asked him to bring me the Win7 boot disk since I don't have one.
Anything I can do until I get it?
Thanks
Jim

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:14 PM

Posted 25 February 2013 - 02:19 PM

Yes, try the following: restart the computer and tap F8 until the Advanced Boot Options come up. Select Repair Windows and see if the recovery environment loads.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:14 AM

Posted 25 February 2013 - 02:30 PM

Sadly, it comes up with just the Windows Boot Manager screen with the 98 error code.

Jim



#7 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:14 AM

Posted 25 February 2013 - 02:33 PM

FWIW, I was concerned that the harddrive was failing so I ran Spinrite (old school!) on it and for the first time ever, it had a problem reading a harddrive when it was starting up.  The error was "InitDiskError reading partition table drive 01 sector 0".

Jim



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:14 PM

Posted 25 February 2013 - 02:38 PM

That may still be an issue with the partition table and not the actual HD.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.
  • This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:14 AM

Posted 25 February 2013 - 03:36 PM

It won't let me attach a file. Should this be moved to another forum that allows that?

 



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:14 PM

Posted 25 February 2013 - 04:21 PM

Try it now. smile.png

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:14 AM

Posted 25 February 2013 - 04:23 PM

Now it works :-)

Thanks!

Jim

 

PS - Reminds me of my friend's take on a more popular saying.....

      Power corrupts and absolute power......is kind of fun. :-)

 



#12 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:14 AM

Posted 25 February 2013 - 04:54 PM

Not sure if it makes a difference, but I have his old harddrive on one of my Dell desktops. He screwed up the original desktop so I'm working on getting the data restored first.
Jim

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:14 PM

Posted 25 February 2013 - 04:56 PM

That looks good. Do you have a Win7 DVD or alternatively a Windows 7 (same version 32/64 bit)?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:14 AM

Posted 25 February 2013 - 05:02 PM

Sadly, I do not. Not until he brings his DVD tomorrow. Can you give me the steps now so I can do them when I get it?
Jim

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:14 PM

Posted 25 February 2013 - 05:14 PM

Yes, please follow this tutorial to enter the Recovery Environment and do a Startup Repair. If that doesn't fix the issue we'll do a manual BCD rebuild. (basically the same steps as Windows is telling you to do, see your first post :)).


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users