Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Automatically Reboots


  • Please log in to reply
14 replies to this topic

#1 bobspicks

bobspicks

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 25 November 2006 - 03:32 PM

I recently performed a repair install due to the dreaded blue screen (C00021a/0x80000007). Now it automatically reboots a few seconds after I see the Windows Start Up screen.

I have OEM-installed Windows XP Pro.

Any suggestions?

Bob

PS. When I did the repair install, I wasn't asked for the Product Key.

BC AdBot (Login to Remove)

 


m

#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:05:28 AM

Posted 25 November 2006 - 03:39 PM

So many things come to mind, I am not sure where to begin.

Let's start here:

What brand and model of computer is this? Exactly how did you perform the repair install? While in the process of the repair install, did you reformat? (Technically a reformat is not part of a repair install, but some folks use the term when they really mean a clean install). Do you see any error messages? Has the computer worked properly at all since your repair install?

Please give much more info.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 bobspicks

bobspicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 25 November 2006 - 03:52 PM

The brand is Dell. I'm not at home now and don't have the model number.

Specifically, I did the repair install following the instructions at this site http://www.informationweek.com/windows/sho...cleID=189400897. I did not reformat. I did not and do not now see any error messages.

After I finished the repair install, the PC automatically rebooted (as is described at the indicated site), but then kept on rebooting a few seconds after the Windows Start Up screen appeared. From the Windows Start Up screen, the screen goes grey (or blank), the monitor power light flashes briefly, the screen goes black and then the PC reboots. This cycle continues ad infinitum.

Bob

PS. When I had the C00021a error, instead of the monitor power light flashing as above, the monitor power saver would come on briefly.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:28 AM

Posted 25 November 2006 - 04:49 PM

If its not a heating problem, where the CPU is overheating and you get a freeze/reboot, my experience is that its a driver conflict that causes the reboot. You may want to try updating your video, sound, ethernet, etc drivers to their latest versions.

#5 bobspicks

bobspicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 25 November 2006 - 06:02 PM

I'll try the driver update as a last resort since I'm not very computer literate.

By the way, this all started when I got hit with the Brave Sentry malware and did a hard shutdown (i.e., turned off the power).

Bob

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:28 AM

Posted 25 November 2006 - 10:53 PM

Did you follow the bravesentry removal guide here?

#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:28 AM

Posted 26 November 2006 - 10:48 AM

The 21a error code is a problem with the security on the system - which suggests malware to me. I'd recommend additional antivirus and antispyware scans to ensure that the system is clean.

In the event that you cannot get into Windows long enough to do this, I'd suggest hooking your hard drive to another system (which has good antivirus and antispyware protection) and saving your files (you may also want to scan the disk with the antivirus and antispyware tools).

Be aware that anything that you save - and the other computer - may become infected. So treat it very carefully until you're sure that the infection is gone.

A full format and clean installation of Windows XP will probably fix this - but it's a very drastic solution.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#8 bobspicks

bobspicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 27 November 2006 - 02:37 PM

I would love to be at the point where I could remove the Brave Sentry malware. Unfortunately, and as suggested by usasma, I cannot get into Windows long enough to do anything. In fact, it doesn't get past the Windows Start Up screen before rebooting...a cycle that repeats itself over and over. (Note: The same thing happens when I boot into Safe Mode.)

It seems like my next step is to hook up my hard drive to another machine, save the files and clean it following the malware removal steps prescribed earlier. Hopefully I won't have to re-initialize the boot.ini file as described here - http://www.short-media.com/review.php?r=313.

Bob

#9 Siggyman

Siggyman

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 27 November 2006 - 04:23 PM

If the files have reared there ugly head into your hardrive then connecting your hardrive may infec tthe other PC so I would think twice before you do that
Posted Image

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:28 AM

Posted 27 November 2006 - 04:47 PM

Malware wont launch by simply hooking up a harddrive. The malware would need to be launched in some manner.

#11 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:05:28 AM

Posted 28 November 2006 - 07:39 AM

I just thought I would add this to the discussion:

PS. When I did the repair install, I wasn't asked for the Product Key.

This is because it is a Dell. If you used a Dell disk you will not be asked for the Product Key.

Your issue does not seem to be heat related as your repair install was working, and the computer reboots early in the booting process, not after it has been running for a while. Also, I would discount (but not eliminate altogether) RAM issues for the same reason. A corrupt or missing Windows file is a possibility, but a repair install should have taken care of this if that was the issue. So, what does that leave us: Malware or a driver issue.

If you are able to access your data through 'slaving' the drive, a reformat and reinstall of Windows should take care of the issue, but some malware can survive this. There is another method, and this would be to overwrite the entire drive with a special piece of software (killdisk), repartitioning the hard drive, and then reinstalling Windows with a full format. Nothing will survive that technique. If you decide to go forward with this method let us know, and we can give you the instructions for doing so.

Hopefully I won't have to re-initialize the boot.ini file

Your boot.ini file will be just fine after a reinstall of Windows.

Edited by Albert Frankenstein, 28 November 2006 - 07:49 AM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#12 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:28 AM

Posted 30 November 2006 - 08:30 AM

I'd imagine that you could clean the drive when it's slaved by using the host system's antivirus to scan the slaved drive.

Or, you could just format the drive and start over fresh.

**********************************************************
As an aside I was shown a "workaround" to upgrading MCE to XPPro (a non-supported upgrade path) on Gateways and eMachines yesterday. We did it on a Gateway laptop to avoid having to download and install all of the drivers.

Just start the recovery routine and insert a recovery disk with XPHome on it (any disk will do). The restore routine will copy the i386 directory from the Home CD to the system. When the system restarts, it's Home. Then you can upgrade normally to XPPro (and still retain all the proprietary drivers).

Probably would work with just using an XPPro CD in place of the Home CD - but we didn't want to take the chance.

The reason for this working (I was told) was because the Gateway and eMachines only have a "partial" recovery partition and they rely on the i386 from the Recovery disk for the rest of the routine.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#13 bobspicks

bobspicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 03 December 2006 - 04:56 PM

Well, I finally got another disk with Windows 2000 and made it primary; the original disk was made secondary (F: drive). This allowed me to access the files on the original drive.

Before doing anything, I ran Norton Antivirus and it found the Bloodhound virus that it quarantined. After running Live Update, I ran Norton again and it found another virus that it deleted. Just for the hell of it, I also ran Norton on the primary disk and it found the W32.Welchia.Worm that it couldn't delete, but I followed a procedure from PC Hell and did it manually - Norton trapped the same virus afterwards and deleted it. Obvioulsy, the Windows 2000 drive doesn't have the updates I did to the original drive.

I copied my Favorites and My Documents folders from the original disk. While looking for other files I might want to save, I found BraveSentry folders in F:\Program Files and F:\Documents and Settings\\Start Menu\Programs. I deleted both folders and cleaned out the Recycle Bin.

Noting the date when the BraveSentry folders were created, I checked for other files created that day. In chronological order:

- Class3SoftwarePublishers[1].crl in F:\Documents and Settings\\Local Settings\Temporary Internet Files
- test[1].htm in F:\Documents and Settings\\Local Settings\Temporary Internet Files
- 1.dlb and 2.dlb in F:\Documents and Settings\\Local Settings\Temp
- dlh9jkdq1.exe in F:\WINDOWS\SYSTEM32 [Trojan.VXGame/32.Process]
- dlh9jkdq2.exe in F:\WINDOWS\SYSTEM32 [Trojan.VXGame/32.Process]
- xpudpate.exe in F:\WINDOWS [Trojan.VXGame/32.Process]

- maxd641.exe in F:\WINDOWS\SYSTEM32 [Worm.Microsotl.35]
- maxdd1.game in F:\Documents and Settings\\Local Settings\Temp [Worm.Microsotl.35]
- 9 .exe and .game files were quarantined by Norton

- install.dat in F:\Documents and Settings\\Application Data
- desktop.html in F:\WINDOWS

- 4 .exe and .game file were quarantined by Norton
- vx2.game and vx3.game in F:\Documents and Settings\\Local Settings\Temp [Malware?]
- 8 .exe and .game files were quarantined by Norton
- rpcc.dll in F:\WINDOWS\SYSTEM32 [Trojan RPCC Payload]
- count[1].htm in F:\Documents and Settings\\Local Settings\Temporary Internet Files

- 2236[1].htm in F:\Documents and Settings\\Local Settings\Temporary Internet Files
- peaddrdd.exe in F:\Documents and Settings\\Local Settings\Temp
- mtgrmr.dll in F:\WINDOWS\SYSTEM32
- fwvlknkf.exe in F:\Documents and Settings\\Local Settings\Temp
- krab03[1].exe in F:\Documents and Settings\\Local Settings\Temporary Internet Files
- runfile[1].exe in F:\Documents and Settings\\Local Settings\Temporary Internet Files
- load[1].php in F:\Documents and Settings\\Local Settings\Temporary Internet Files
- kr_done1 in F:\WINDOWS\SYSTEM32

- BraveSentry shortcut in F:\Documents and Settings\\Desktop

- h91746.exe in F:\Documents and Settings\\Local Settings\Temp [Trojan.Downloader-H91.Process]

Today I ran CHKDSK on the F: drive (had to reboot to get exclusive access). I noticed that it said it made corrections, but did not mention any filenames before continuing with the reboot.

Sorry for the long posting. I hope it provides some information that will help restore my PC. I plan to next try rebooting the original disk to see if it will come up to the desktop this time. Hopefully, none of the noted malware will prevent this.

Bob

#14 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:04:28 AM

Posted 03 December 2006 - 11:03 PM

If you take a look at Langa's No-Reformat, Nondestructive Total-Rebuild Option, it calls for the use of the Microsoft XP setup CD, not a Dell Restore cd.

Is that what you have?

And if so, did it have SP2 or did you slipstream it to include SP2?
(You cannot create a slipstreamed disk using the Dell Restore disk - you can only do it using the Microsoft XP Bootable Installation cd)

#15 bobspicks

bobspicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 05 December 2006 - 02:11 PM

I used the Reinstallation CD supplied with my PC containing Microsoft Windows XP Professional including Service Pack 1.

I hooked the original disk as primary and it still reboots when the Windows Starting Up screen is displayed. What normally happens in the background while this screen is up? The answer may help me determine what is causing it to reboot.

Bob




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users