Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A "Boot Loop" of Sorts


  • Please log in to reply
2 replies to this topic

#1 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,526 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:01:24 PM

Posted 13 June 2018 - 03:47 PM

It has been a long time since I've been dealing with Windows 7 on a regular basis.  But today I had a client call who had 2 Windows 7 machines that he had allowed "fake Microsoft support" to touch, and where he called said support himself by not being careful in vetting the results of a web search before dialing.

 

In any case, on one machine they uninstalled Microsoft Office 2013 and Project 2010, installing some seemingly tweaked version of Office 2016 in place of 2013.  You can't even get the Outlook to accept e-mail account information [which was probably a blessing].  That machine is well on its way back to normalcy.

 

The second machine, though, is more of a mystery to me.  It was set up with a single account with admin privileges and no password.  The machine would boot all the way in to the desktop and then, after about 5 seconds or so, go to black screen and begin rebooting again.  I tried creating a second account just to see if it could have been user profile corruption and, no dice, same behavior.  Then I tried a clean boot, also no dice.  Since this machine is an old Pentium box I did not want to take way more time than a replacement machine would cost trying to figure out what was at the root of this yet I remain curious, not having encountered this exact situation in the past.  I'm just curious if anyone has any ideas as to what might be going on here.  At this point I advised the client (after backing up his data) that his likely only chance at normalcy again would be wiping the HDD and reinstalling Win7, but that this is throwing good effort after bad given the age of the hardware.  

 

If there's something obvious that I missed either through abject ignorance or that whatever it is has now moved into the mists of memory I would love to know what's up with "machine number two."

 


Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 23,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 PM

Posted 13 June 2018 - 03:53 PM

Does it do a boot loop in Safe Mode? Are there any Restore Points? If not replace the Registry Hives in C:\Windows\System32\config with the ones in C:\Windows\System32\config\Regback if the hives in Regback have a date before the problem and they are not zero bytes. This needs to be done offline using a Windows boot disk and the command prompt or using a live linux disk. 

 

BC member jenae explained it well here.


Edited by JohnC_21, 13 June 2018 - 03:55 PM.


#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 14 June 2018 - 10:16 AM

You might try approaching the problem from another angle.  From watching YouTube videos of techs messing with the MS support scammers, I know the fakers change some simple settings while they have remote access in revenge for when potential victims back out of paying or just get cold feet.  Usually it is a way to lock the user out of their own computer, like setting a system password using Syskey, but maybe this time they set the computer to a boot loop.  So the question is how would someone go about doing that. 

 

So far, in researching that answer the only thing I see is a simple prank hack of creating a shutdown shortcut copied to the startup folder of the user's start menu.  I wouldn't think that is the case here if you get the same behavior logged in to another account, tho.  Unless they found a way to copy it to the All Users folder(?) But I suppose it's worth a shot to log into safe mode to see if the shortcut is there.  However it was done, it seems to be a case of more sophistication than the system password lockout.  Just saying you might research or ask around for other ways to put a system in a boot loop--anyone here know?

 

 

Just before posting this, reading the description in this video, you might try this if it is a startup shortcut. 

Youtuber ricsto also commented that holding shift after the startup tone in Windows will disable the restart trick, so you don't have to boot in safe mode!

 


The thing about people

is they change

when they walk away.--Mipso





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users