Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unmountable Boot Volume after running Kaspersky Rescue Disk 10


  • Please log in to reply
11 replies to this topic

#1 Artegal

Artegal

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:05:21 AM

Posted 19 May 2013 - 03:07 PM

My system is 32B XP Pro, with 2 Seagate Barracuda 7200s running in RAID 1 (mirrored).  Windows is regularly updated.

 

I recently ran a routine Windows Security Essentials scan and it caught and removed Trojan Win32/Urausy.  The  Microsoft info site recommended running Windows Defender Offline for this one, so I tried running it from a USB flash drive, but the program hangs and won't run.  I had trouble burning an iso image to CD and gave up on Defender after some online research suggested that it no longer works with XP, for some reason.

 

So (sigh), I decided to try running Kaspersky Rescue Disk 10 from a flash drive. It loaded up just fine and appeared to recognize all my drives and partitions.  I ran it on the default setting first (which scans the boot sector and hidden startup objects).  It picked up Sinowal and cleaned it.

 

I ran it again--this time including most of the partitions on both drives in the scan. It picked up KillAV in an old Sunbelt Security Counterspy.msi file and cleaned it.  I haven't used Counterspy in a year or more.

 

Next, I shutdown the system and removed the flash drive.  When I started it back up, I got the Unmountable Boot Volume blue screen.  Rebooting gave the same result.

 

I tried to boot into safe mode and Recovery console and still got the blue screen.  Last known good configuration yielded the same.

 

I ran chkdsk /r from my XP install disc and it made a few repairs, but still the blue screen.  Chkdsk reports that the C volume is good.

 

Chkdsk D:  /R reports that the volume appears to contain one or more unrecoverable problems.

 

I've tried to run Seagate SeaTools from my flash drive from within the Kaspersky Rescue Disk boot, but the .exe file won't open.  I don't have another computer that can burn an iso disk.

 

So, is this a sudden and coincidental D drive failure, or did Kaspersky's actions corrupt it?  If the latter, can I fix it?

 

I do have Partition Magic Rescue floppies from a year ago (when I last re-partitioned).  Think they're worth a try?

 

If the D drive is hosed, is there a way to disable the RAID and just boot into the C drive so that I can use it until I get a new PC?  I'm guessing that it might be time to take the leap ;)



BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:21 AM

Posted 19 May 2013 - 03:25 PM

If the D drive is hosed, is there a way to disable the RAID and just boot into the C drive so that I can use it until I get a new PC?

 

 

Each hdd contains a complete copy of the data and can be addressed independently, so yes.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Artegal

Artegal
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:05:21 AM

Posted 19 May 2013 - 05:10 PM

Re:  addressing the C drive independently, I'm not sure how best to do that.  I've tried disabling each of the drives individually in the boot settings, to no avail.  After a bit of poking around online, I figured out how to enable the Intel RAID controller and enter the configuration utility, but I'm hesitant to exercise any of the options there,for fear of doing permanent damage.

 

I've also tried using the Partition Magic Rescue Disks I mentioned in my initial post.  I get the error message:  Bad or missing command interpreter.  Please enter a valid filename (e.g. C:\command.com).  Also, prior to that, is the following:  HIMEM.SYS:  Warning:  Address line A20 already enabled.  HIMEM.SYS 2.36


Edited by Artegal, 19 May 2013 - 05:39 PM.


#4 Artegal

Artegal
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:05:21 AM

Posted 22 May 2013 - 03:01 PM

Still dead in the water, here.

Can't (or don't know how to) boot into C: drive only. Don't know whether this is the result of malware or just a dead D: drive. Or something screwed up by the Kaspersky Rescue Disc.

Any ideas?

#5 Anshad Edavana

Anshad Edavana

  • Members
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:51 PM

Posted 23 May 2013 - 02:48 AM

Hi

 

Did you verified the physical condition of the HDD by running Seatool for DOS ?. I recommend running a "Long Test" with Seatool on each HDD.

 

http://www.seagate.com/support/downloads/item/seatools-dos-master/

 

You may need to disable RAID and use IDE emulation if Seatool can't detect the HDD.



#6 Artegal

Artegal
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:05:21 AM

Posted 23 May 2013 - 06:26 AM

Yes, both disks were detected by and passed the SeaTools long test.

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 56,554 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:21 AM

Posted 23 May 2013 - 07:29 AM

If it's a mirror,..you should be able to boot from each drive, once the RAID is eliminated.

 

I would disconnect one drive...try booting to the other.

 

Turn system off, then reverse drives used.

 

<<I recently ran a routine Windows Security Essentials scan and it caught and removed Trojan Win32/Urausy. >>

 

Moving topic to Am I Infected forum.

 

Louis



#8 Artegal

Artegal
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:05:21 AM

Posted 23 May 2013 - 10:49 AM

I should mention that the only sign of trouble that I'd had prior to running Kaspersky was notice from an MMO of some attempts to get into my account. I was concerned that there might be a key logger resident on my machine. Everything had been running smoothly otherwise.

I did have trouble with Sinowal in 2010. That was successfully removed with BC's assistance.

#9 Anshad Edavana

Anshad Edavana

  • Members
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:51 PM

Posted 24 May 2013 - 08:56 AM

Hi

 

I agree to Hamluis . If the RAID configuration is set to mirroring, connecting only one HDD should work. But make sure to set SATA option to AHCI mode.  



#10 Artegal

Artegal
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:05:21 AM

Posted 24 May 2013 - 05:05 PM

Had no idea what AHCI mode was, so I did some trolling online.  It can be changed in BIOS, I take it?  Other forums seem to indicate that it makes little difference in XP (which is what I'm  using); some posters state that to switch to it on an existing OS requires a re-install.

 

Any problem just unplugging one of the drives at a time? Should I break the RAID array, first, or just power down, pull the drive cables and try to reboot?



#11 Artegal

Artegal
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:05:21 AM

Posted 28 May 2013 - 11:28 PM

I disconnected what I think is the D drive first, and got a message to mount a boot drive or insert bootable media.  Loaded up the XP install disc and attempted to enter the recovery module, but it failed to recognize the drive that was still connected.

 

I then powered down, connected the D drive again and disconnected the C drive. I attempted to boot to the D drive (XP disc out) and got through the XP splash screen to a BSOD stating that a problem has been detected and windows has been shut down....Stop code:  0x0000007B (0XF78A6524,0XC0000034,0X00000000,0X00000000).

 

Attempting XP install disc recovery module with this configuration failed to recognize this drive, too.

 

I powered down again and connected both drives and attempted to boot to disc (XP disc out) and got the same BSOD noted above.



#12 Artegal

Artegal
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:05:21 AM

Posted 24 March 2018 - 03:46 PM

Well, time does fly.

 

Five years have passed and I'm back to trying to resuscitate this old PC and recover files.

 

Can't get anywhere, it seems, until I restore the RAID 1 configuration it originally had (Windows recovery disc fails to recognize any drives).

How do I do this safely?

 

Should I do this?  Would be fun to get the system up and running again, but I'd be happy just to recover its files.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users