Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"BOOTMGR" missing while diagnosing malware


  • Please log in to reply
14 replies to this topic

#1 Hunting.Targ

Hunting.Targ

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California, USA
  • Local time:09:49 AM

Posted 15 July 2013 - 10:36 PM

M0le started helping me in diagnosing a malware-infected notebook, and we discovered that I cannot access the recovery boot environment, evidently because "BOOTMGR is missing".  This thread is to specifically address that issue.

 

After reading the checklist you linked to, I entered the BIOS, went to Boot Order settings, and moved 'Notebook Hard Drive' to the top of the list; exited saving changes. (EDIT: I had previously changed the boot order so that 'USB flash drive' and 'USB Removable CD-ROM' were above it, when I was initially trying to diagnose the machine.)

After an additional restart from the HP Boot Options menu, I pressed F8 at the POST screen and arrived at the following screen:

"

Choose Advanced Options for: Windows Setup

(Use the arrow keys to highlight your choice.)

 

Safe Mode

Safe Mode with Networking

Safe Mode with Command Prompt

 

Enable Boot Logging

Enable low-resolution video (640X480)

Last Known Good Configuration (advanced)

Directory Services Restore Mode

Debugging Mode

Disable automatic restart on system failure

Disable Driver Signature Enforcement

 

Start Windows Normally

 

Description: [varies based on selection]

"

 

I'm not sure that this is the options menu you were expecting when you provided your earlier instructions on running the Farbar Recovery Scan Tool; I do not remember if Safe Mode with Command Prompt will go directly to the command prompt, or load the GUI desktop with a command prompt window.  In any case, I will leave the machine in its current state (the above screen) until I hear back from you.


Edited by Hunting.Targ, 15 July 2013 - 10:42 PM.

Furious activity is no substitute for understanding.

-H.H. Williams

 

In a networked world, trust is the most important currency.
    -Eric Schmidt, University of Pennsylvania Commencement Address, 2009

 


BC AdBot (Login to Remove)

 


#2 bludgard

bludgard

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:11:49 AM

Posted 16 July 2013 - 12:31 AM

Press F-8 at boot and select Last known good configuration.

#3 Hunting.Targ

Hunting.Targ
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California, USA
  • Local time:09:49 AM

Posted 16 July 2013 - 01:08 AM

Unfortunately, that did not help.  HP's Recovery Manager was loaded; I am not sure that we cannot accomplish our purpose from there.

I am going to reboot and return to the Windows Setup Advanced Options menu.


Edited by Hunting.Targ, 16 July 2013 - 01:21 AM.

Furious activity is no substitute for understanding.

-H.H. Williams

 

In a networked world, trust is the most important currency.
    -Eric Schmidt, University of Pennsylvania Commencement Address, 2009

 


#4 Hunting.Targ

Hunting.Targ
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California, USA
  • Local time:09:49 AM

Posted 16 July 2013 - 01:27 AM

For some clarifying information:  M0le and I are cooperating to diagnose and disinfect and HP notebook infected with malware, most probably the ZeroAccess Rootkit.  The purpose of this thread is to resolve the "BOOTMGR is missing" error and access a command prompt without loading the full OS GUI layer.

I followed a link on the Startup Menu screen and found some information on HP's recovery software.  If anyone can enlighten me on how to reach a command prompt from this menu, I will welcome your input.


Furious activity is no substitute for understanding.

-H.H. Williams

 

In a networked world, trust is the most important currency.
    -Eric Schmidt, University of Pennsylvania Commencement Address, 2009

 


#5 Anshad Edavana

Anshad Edavana

  • BC Advisor
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:19 PM

Posted 16 July 2013 - 02:40 AM

Hi

 

Basically what you are trying to do is to run FRST from a recovery command prompt. Is that right ?

 

Please follow the below steps

 

:step1: Create a system repair disc ISO  image  from the desktop PC

 

http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

 

If the laptop didn't have a CD drive, create a bootble USB using the free tool RUFUS.

 

http://rufus.akeo.ie/

 

You just need to select the USB disk and the repair CD ISO and RUFS will do the job to make it bootable.

 

:step2: Boot the laptop from the repair medium and access the command prompt.

 

http://www.bleepingcomputer.com/tutorials/windows-7-recovery-environment-command-prompt/

 

 

Run FRST or any other tool you wanted.

.



#6 Hunting.Targ

Hunting.Targ
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California, USA
  • Local time:09:49 AM

Posted 16 July 2013 - 05:45 AM

Sounds great.  One question; will RUFUS only create a bootable USB drive if I select an ISO?  The notebook did not come with a physical OEM disk; I would have to search for the recovery disk.


Furious activity is no substitute for understanding.

-H.H. Williams

 

In a networked world, trust is the most important currency.
    -Eric Schmidt, University of Pennsylvania Commencement Address, 2009

 


#7 Anshad Edavana

Anshad Edavana

  • BC Advisor
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:19 PM

Posted 16 July 2013 - 07:06 AM

Hi

 

Yes, you need to provide an ISO or CD as input to RUFUS. You don't need a Win7 install DVD. Just create a system repair CD or it's ISO from your working desktop by reading my first instruction. Use that CD or ISO as the input to RUFUS.


Edited by Anshad Edavana, 16 July 2013 - 07:07 AM.


#8 Hunting.Targ

Hunting.Targ
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California, USA
  • Local time:09:49 AM

Posted 17 July 2013 - 01:10 AM

Yes, you need to provide an ISO or CD as input to RUFUS. You don't need a Win7 install DVD. Just create a system repair CD or it's ISO from your working desktop by reading my first instruction. Use that CD or ISO as the input to RUFUS.

 

Will this allow me to create a stable boot environment if the disk is created by an earlier operating system?  The desktop is running Windows Vista.  I presume it can only create a repair disk for Vista.


Furious activity is no substitute for understanding.

-H.H. Williams

 

In a networked world, trust is the most important currency.
    -Eric Schmidt, University of Pennsylvania Commencement Address, 2009

 


#9 Anshad Edavana

Anshad Edavana

  • BC Advisor
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:19 PM

Posted 17 July 2013 - 01:26 AM

Hi

 

Do you have a friend with Windows 7 installed machine ?. Then you can simply create a repair CD from his/her machine.

 

Also ask the malware helper if it is possible to scan a Win7 install from Win Vista recovery command prompt. As far as i know, FRST can be used from any kind of PE disk.


Edited by Anshad Edavana, 17 July 2013 - 01:35 AM.


#10 Hunting.Targ

Hunting.Targ
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California, USA
  • Local time:09:49 AM

Posted 17 July 2013 - 02:05 AM

Hunting.Targ:
Will this allow me to create a stable boot environment if the disk is created by an earlier operating system?  The desktop is running Windows Vista.  I presume it can only create a repair disk for Vista.

 

 

 

 

Anshad Edavana:

Also ask the malware helper if it is possible to scan a Win7 install from Win Vista recovery command prompt.

 

 

M0le, I would appreciate your input on this.


Furious activity is no substitute for understanding.

-H.H. Williams

 

In a networked world, trust is the most important currency.
    -Eric Schmidt, University of Pennsylvania Commencement Address, 2009

 


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 22 July 2013 - 07:25 PM

 

Also ask the malware helper if it is possible to scan a Win7 install from Win Vista recovery command prompt.

 

 

 

Sorry, I just reread the above post and saw you wanted my input. FRST works with both these operating systems. XP is a different matter.


Posted Image
m0le is a proud member of UNITE

#12 Hunting.Targ

Hunting.Targ
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California, USA
  • Local time:09:49 AM

Posted 25 July 2013 - 04:47 AM

Okay, then I'll give it a go.  If the boot environment is created from the repair disk, and all I'm doing is executing a utility from that environment and not attempting to repair system files, I think everything will work.

BTW, sorry for the tardy response.  I had to tackle a couple deadlines.  Be back with results later.


Furious activity is no substitute for understanding.

-H.H. Williams

 

In a networked world, trust is the most important currency.
    -Eric Schmidt, University of Pennsylvania Commencement Address, 2009

 


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 18 August 2013 - 07:15 PM

Have you gone, Hunting.Targ?
Posted Image
m0le is a proud member of UNITE

#14 Hunting.Targ

Hunting.Targ
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California, USA
  • Local time:09:49 AM

Posted 19 August 2013 - 06:12 PM

No.

I am unfortunately back without results, because I cannot yet locate disks for either machine's OS installation.  Short of buying a new OS, I think the only option currently available to me is to try running the tool in safe mode; because we are likely dealing with a rootkit, however, that will not likely provide reliable data from which to work.  These machines are in the home office we inherited from a chronically unorganized person, so it may be some time before we can determine whether those disks are available or not.  Unless you good people have other suggestions, I am willing to postpone the problem for now, because there is nothing essential on the notebook, and it can just sit quietly, turned off with network card disabled, until we can address that issue.  You're the experts, you are volunteers, so it's entirely your call.


Furious activity is no substitute for understanding.

-H.H. Williams

 

In a networked world, trust is the most important currency.
    -Eric Schmidt, University of Pennsylvania Commencement Address, 2009

 


#15 Anshad Edavana

Anshad Edavana

  • BC Advisor
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:19 PM

Posted 19 August 2013 - 10:18 PM

Hi

 

You don't need a Windows install DVD to create a system repair CD. You can create a system repair disc from any working Windows Vista , 7 or 8 machine. Please read the tutorial carefully and use one of your office machine to create the disc.

 

Vista : http://www.vistax64.com/tutorials/141820-create-recovery-disc.html

 

Win 7 : http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

 

 

You can use the recovery environment command prompt from the CD to scan the offline OS. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users