cowsgonemadd3 Posted March 5, 2009 Report Share Posted March 5, 2009 I come home to the news that my sister was on the home pc and said it had a virus. She downloaded MS antispyware which looks like spyware itself. It was popping up things saying I had like 14 problems and if I wanted to buy it.Internet explorer was up which she said she was not using and had 6 pages up and popups saying do you want to check your computer now.I just could not get it closed and so I hit reset as the computer froze.Now it wont boot past the welcome screen in safe mode or regular mode.I have tried several options on the safe mode menu.....It brings up the name on the welcome screen which I click and it says loading settings and it immediately says saving settings and it just does a loop.It does this in both the modes.I have some data I would like to keep on the pc if at all possible.The Hard drive seems to not be making any noises and is just 1 year old. 300gb? with two partitions.XP home 512mb ram AMD 3200 64 Quote Link to post Share on other sites
shanenin Posted March 5, 2009 Report Share Posted March 5, 2009 I have had that same loop thing happen several times after removing spyware. I was not able to figure out a way to fix it. I ended up having to reload the operating system on the computer. I think you first priority would be getting the data off. You could do this with a software or a hardware method. Hardware method: buy a sata to usb adapter. This will turn the hard drive in the broken computer into a usb hard drive. This will then allow you to get the data off plugging it into another computer using usb. Quote Link to post Share on other sites
cowsgonemadd3 Posted March 5, 2009 Author Report Share Posted March 5, 2009 What about some info on how to do a repair of the windows files?Sounds bad.... Quote Link to post Share on other sites
cowsgonemadd3 Posted March 5, 2009 Author Report Share Posted March 5, 2009 I dont have a sata HD sadly. I have a IDE ata connection. Quote Link to post Share on other sites
jimras Posted March 5, 2009 Report Share Posted March 5, 2009 (edited) You could buy a second hard drive and do a reinstall on that drive and then hook up the original drive as a slaveand then pull the data off that drive and then finally reformat the drive. A small HD isn't that expensive. I've had to do that in the past. This assumes that you have a stand-alone WinXP install CD.One thing, if you do go this route.......Windows will ask you if you want to register Windows again, and also to activate again.You don't have to re-register. You do have to activate it. Edited March 5, 2009 by jimras Quote Link to post Share on other sites
cowsgonemadd3 Posted March 5, 2009 Author Report Share Posted March 5, 2009 CHKDSK says there is one or more unrecoverable problems. Selecting set up windows now does not offer the ability to repair but it shows it has something on it but only shows one out of two partitions.It does not show windows xp.Does this mean my hard drive is dead once again?I am using this hard drive to put tv recordings on and I delete them often, does that make the HD die? My last HD died too.We really are out of money. I lost my job and my dad has none extra.....Credit cards are no fun. Quote Link to post Share on other sites
darthvader Posted March 6, 2009 Report Share Posted March 6, 2009 I've personally had this problem with the many computers I've worked with and I've easily found the fix.I don't know how good you are with computers so I'll explain it in a simple technical way, If you have problems let me know and I'll walk you through it step by step.1. Change the boot order in the bios to boot from your CD first.2. Insert the XP CD and click any key to boot from it.3. Once it has loaded it will give you the options to Continue or Repair with Windows Recovery Console.4. Click R.5. Enter the command prompt and select your operating system.6. Type the command without quotations "fixmbr"7. Press enter8. Reboot and start in safe mode.9. Use a USB Drive to use a standalone scanner and remove the virus in safe mode.10. Re enter normal mode and make sure your internet is disconnected.11. Use a USB Drive and put a copy of Malwarebytes installer (link found in the most commonly recommended software thread under antivirus apps)12. Scan and remove13. Connect to internet14. Update Scanner's virus signatures15. Rescan Quote Link to post Share on other sites
darthvader Posted March 6, 2009 Report Share Posted March 6, 2009 (edited) Also in the command prompt where you entered "fixmbr" without quotations also enter "chkdsk /p" without quotations. Make sure there is a space between the "/" and the "p"Additionally Shanenin is correct in his thoughts. If you have precious data on your computer as most do, then you want to save your data. If everything fails in this forum and you absolutely 100% cannot find a fix then you should buy this adapter from newegg. It's rather cheap and will work with ANY hard drive you have. I personally have it and it's a decent utility for saving my clients data if their drives are unrecoverable. If worst comes to worst you should buy it, save your data to another computer, then reformat it via the other computer.Here's the link to the best one out and also the cheapest:http://www.newegg.com/Product/Product.aspx...N82E16812232002I own it personally, and has been a great tool to have. It's a little hard to make some things fit, but ultimately it works good and does the job it is supposed to and it's very cheap. Edited March 6, 2009 by darthvader Quote Link to post Share on other sites
cowsgonemadd3 Posted March 6, 2009 Author Report Share Posted March 6, 2009 One or more unrecoverable errors.... Quote Link to post Share on other sites
darthvader Posted March 6, 2009 Report Share Posted March 6, 2009 when does it state this, and what are the exact error messages? Quote Link to post Share on other sites
cowsgonemadd3 Posted March 6, 2009 Author Report Share Posted March 6, 2009 When running Disk check in windows repair.If you type in partition and it only shows one which I have two and does not see XP on it.Probably another bad drive isn't it? Quote Link to post Share on other sites
darthvader Posted March 6, 2009 Report Share Posted March 6, 2009 (edited) So you can't even see your XP partition when you enter the XP recovery console? -Hmm I highly doubt that it is a hardware problem mainly because you can get to the splash screens and that malware caused the issue.1. Try chkdsk a couple more times and see if it sees your partition.2. If this doesn't work instead of going to the repair option, go to install option and agree then highlight your partition and tell me if there is a "repair" option.3. Do you see any partitions when you go to install?4. If the repair option isn't there then update me as much as you can about the exact error messages, what partitions you see in the recovery console and the installation spot. How far you get into the splash screens when loading in normal mode and safe mode.5. Have you tried Use Last Known Good Configuration?- This never worked for me (although I've always tried it) I was working on a computer that wouldn't load past the welcome screen and would give me a Lsass error. I used last known good configuration and I got past the welcome screen and was able to remove the malware and restore his computer to proper working order. Edited March 6, 2009 by darthvader Quote Link to post Share on other sites
martymas Posted March 6, 2009 Report Share Posted March 6, 2009 (edited) UberTechie if you think your hdd is failingopen this link scrol to maxtor and load it on to a floppy when loaded set your boot order to read from the floppy once maxtor is opened follow the screensand scan your hddthere are many options in there this will tell you if your drive isok there are several options in there for youmarty http://www.tacktech.com/display.cfm?ttid=287 Edited March 6, 2009 by martymas Quote Link to post Share on other sites
shanenin Posted March 6, 2009 Report Share Posted March 6, 2009 I am not a big fan of repair installs, but in your case this may be the easiest route. This should fix windows without damaging any of your data. How to do a repair install.Assuming this completes correctly, you should be able to easily transfer your files. After doing that, you will probably want to format(erase) and do a clean install. Quote Link to post Share on other sites
darthvader Posted March 6, 2009 Report Share Posted March 6, 2009 I agree, it sounds to me that your main problem is a corrupted master boot record. Try my steps and then follow shanenin's excellent article on a repair install. If you can view your partition, you can then do an easy fixmbr, once you write a new mbr you should be able to access your machine and then you'll be able to remove the malware rather easily with MBAM. After that you'll be good. However if you absolutely can't view your partition, then the next step will be a repair install. If you can't do a repair install, I'll do some research on a workaround. If workarounds don't work then do what shanenin recommended with the hard drive way if you want to save your data, if not then just do a clean reformat. Quote Link to post Share on other sites
shanenin Posted March 6, 2009 Report Share Posted March 6, 2009 If I understand correctly it seems to be be fully booting. The problem occurs when logging in. That to me seems to rule out the mbr as the issue. Just my opinion :-) Quote Link to post Share on other sites
darthvader Posted March 6, 2009 Report Share Posted March 6, 2009 Really? My bad then. I just experienced this with a clients PC where as soon as I entered the password to login, the machine froze on the welcome screen.I went to the recovery console and wrote a new master boot record along with a new boot sector and I was able to enter their machine and remove their malware. Maybe it was just a fluke though?fixbootfixmbr Quote Link to post Share on other sites
shanenin Posted March 6, 2009 Report Share Posted March 6, 2009 thats just my opinion, I am wrong all the time :-)if what you described worked for you. You might be on to something. It does not make sense to why that worked, but their is so much I don't know. I would definitely try your advice. Quote Link to post Share on other sites
Pete_C Posted March 6, 2009 Report Share Posted March 6, 2009 This is a common result with this family of rogue applications / malware.If you do not give them your credit card info to steal they prevent explorer.exe (the windows graphical user interface) from loading.The solution here is after you login and get a black screen do a ctrl+alt+del to bring up task managerIf you see any applications running kill them.Next go file => new tasktype in explorer.exehit enter.see if it loads your desktop now.If not again task manager and kill all running processes before you try to launch explorer.exe.If you get to your desktop, download and run malwarebytes antimalware.If you could not launch explorer.exe in normal mode The next thing to try is to try to boot to safe mode (with networking) and login with username Administrator (not your regular account). If this works download malwarebytes antimalware and run it.(again try launching explorer.exe if needed)If you definitely cannot log into safe mode; try safe mode command prompt only.This will boot you to a C:_> prompt.At that point typec:\windows\system32\restore\rstrui.exepress the enter keyFollow the instructions that appear on the screen to restore your computer to a functional state.Again once you boot download Malwarebytes antimalware and run the quick scan .Finish by posting on the malware board for final review. Quote Link to post Share on other sites
shanenin Posted March 6, 2009 Report Share Posted March 6, 2009 Safe mode, command prompt only. That may come in handy :-) Thanks Quote Link to post Share on other sites
darthvader Posted March 7, 2009 Report Share Posted March 7, 2009 Pete, I may be mistaken, but I don't think he can get past the blue welcome screen on regular mode or safe mode. At least that's what I got from his first post, I could be wrong though. That's why I thought it could possibly be a boot sector corruption? I dunno I'm just throwing ideas out there. Quote Link to post Share on other sites
martymas Posted March 7, 2009 Report Share Posted March 7, 2009 yes i agree if your boot order is corruptthen iyou may have to change to do a repair and change theyou will need your windows disk mbrmarty Quote Link to post Share on other sites
Pete_C Posted March 8, 2009 Report Share Posted March 8, 2009 Pete, I may be mistaken, but I don't think he can get past the blue welcome screen on regular mode or safe mode. At least that's what I got from his first post, I could be wrong though. That's why I thought it could possibly be a boot sector corruption? I dunno I'm just throwing ideas out there.Possible; but I have encountered this in real life with this malware / rogue infection (antispyware 360, MS antispyware etc; the current variants of the old Smitfraud (spysherrif , spyaxe, Winanativirus....) You get your welcome screen and then all goes black . By using task manager to kill it if it has already loaded and then to launch explorer.exe you can get to a desktop environment and run mbam to remove it (or at least most of it).Probably ninety percent plus of those who get this infection either catch it and do not shut down until it is removed or do not have an issue with restarting. But if it is not removed then after a few boots the chances increase that you will get to this stage and probably about 5% of those who get it get the black screen at boot where it hangs before explorer can load. Quote Link to post Share on other sites
darthvader Posted March 8, 2009 Report Share Posted March 8, 2009 No I definetly agree with what you are saying, and it's happened to me before too with some of the computers I've worked on. Your solution is completely accurate. But from this guy's description of his problem he just is stuck on the blue screen and doesn't see the black one. That's why I'm almost certain it's a corrupted boot sector, because he isn't getting past the blue welcome screen. Quote Link to post Share on other sites
cowsgonemadd3 Posted March 9, 2009 Author Report Share Posted March 9, 2009 (edited) Sorry for the long delay since my last post."Do you see any partitions when you go to install?"Yes but it is not labeled XP home just shows 130gb of space which is probably the partition size."Have you tried Use Last Known Good Configuration?"Yes and it failed."Try chkdsk a couple more times and see if it sees your partition."It says your hard drive has one or more unrecoverable errors on it or something."4. If the repair option isn't there then update me as much as you can about the exact error messages, what partitions you see in the recovery console and the installation spot. How far you get into the splash screens when loading in normal mode and safe mode."When I go to "setup xp" it brings up a screen and shows the partition(unknown) with 131 gb of space. I have 2 partitions on this 300gb HD.When I turn on the computer normally it goes to the welcome screen where I click the name and it just starts to load and then automatically says it is saving my data and does a loop. It does the same thing in safe mode.open this linkscrol to maxtor and load it on to a floppyI do not have a floppy drive that works. What about a CD or USB drive?4. When it finishes, you should be given a screen asking which XP installation you want to repair. In most cases, there will only be one choice. Select the one you would like to repair. Repair the selected installation by pressing RÂ. If you do not see a repair option, you will need to do a clean install. Your version of Windows could have been damaged beyond repair.That is from the Repair install page. When I hit set up windows now and hit f8 it lists the partition and says I can set up XP on that partition now and does not have a option to repair. Do I hit set up now and it won't format right away?you can then do an easy fixmbrI went into the recovery console and hit "fixmbr" and it still did not boot. Edited March 9, 2009 by cowsgonemadd3 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.