PDA

View Full Version : PC Wont boot



nedkelly
24-08-2011, 12:36 PM
I had a pc given to me to look at, owner said that it was saying that the hard drive was failing, pc is not very old at all so I had an idea of what might be the issue.
Oh and what do you know it was a False Anti-Virus saying that the pc was infected and also had a failing hard drive.
The pc was setup so the ethernet is disabled because the owner only has dial-up.
Oh and the internal dvd drive would not boot my boot cd properly so had to use my external dvd drive.
So I booted into UBCD4Win and ran a freshly updated portable spybot off of a USB stick, found 150 infections on the hard drive :eek::eek::eek:

Cleaned the infections off, restarted did another scan, came up clean.
Restarted took the UBCD4Win cd out, unplugged the external dvd drive and restarted.
The pc then would not boot from the hard drive, so I loaded an xp cd and did a repair install. Same issue would not boot.
Is there something that I could have missed?
Oh the hdd is first boot option.

Driftwood
24-08-2011, 12:56 PM
Can you remove the Hard Drive & scan it on another system.

nedkelly
24-08-2011, 12:59 PM
I can but spybot says that it is clean.
I really want to get it booting again without reinstalling it from scratch.

1101
24-08-2011, 01:01 PM
"I can but spybot says that it is clean."
that means nothing - spybot wouldnt be my 1st (or even 4th ) choice. Ive run 5 different scanners across some infections & still not had it clean .

Does it start to load Win & fail, or not even try to boot to WIn ??

unfortunately, Some malware infection leave a trashed system after cleaning
- its rare, but happens

Also, you allways should run more than one scanner across it.
Try downloading the Kaspersky live CD (be sure to run the update after its booted to KAV) . it will take a loooong time to scan.
-not sure what spyware scanners will run from a boot cd/usb

- use the Win install CD - repair (Dos prompt)
fixboot
fixmbr

If there is a recovery partition (the 1st partition) , then that can sometimes screw the repair install.


Also, dont assume the HD wasnt actually failing . :-)

nedkelly
24-08-2011, 01:24 PM
It does not boot windows at all.
I used spybot because MBAM can not run on a flash drive.
I have already done a fixboot, forgot about mbr I will do that soon.
There is no recovery partition, it is a pc built by a shop called Taylor Made Computers.

1101
24-08-2011, 01:51 PM
perhaps you also have a MBR rootkit ??

http://www.hiren.info/pages/bootcd
Hirens boot CD has Kav's tdsskiller & malwarebytes, + some other usefull utils
havnt tried Hirens for quite a while , and download links seem to be hidden away (but a google will find em). Its a fairly big download though.

you could try loading tdsskiller etc onto a bootable Win CD (BartPE etc )
Unfortunately, you might be fast getting to the point where a wipe & reload will be quicker than trying to hunt down a working fix. ??
good luck

Speedy Gonzales
24-08-2011, 01:55 PM
Try a AVG rescue CD ? (http://www.avg.com/ww-en/avg-rescue-cd)

Run rkill on it (http://www.bleepingcomputer.com/download/anti-virus/rkill)

dugimodo
24-08-2011, 02:09 PM
Ask them what's on it they want to keep and then try to back that up and start again. I agree that starting over is often a lot less work than trying to fix, and can have much better results.

As for the 150 infections, were they actual infections or just tracking cookies and the like, spybot etc always find 100's of cookies when run for the first time on an unprotected sysytem, but they are more of a privacy concern than actual malicious software.

The fake antivirus usually gets onto your system by clicking on a button on a bogus website, might be a good Idea to give them a bit of education on what not to do or you'll just be doing this again in a few weeks.

For example NEVER believe some random website that tells you you have a virus and never click yes to anything it suggests, instead immediately close the window, or browser, or ctrl alt del and kill the browser, or restart the PC. Anything but clicking on the popup telling you you have virus's (Virii ?)

Incidentally if it's the same fake antivirus I've come across spybot can't handle it, MBAM can but you needed to run it from safe mode in windows before you killed the thing with spybot :P Even then it took me a bit of effort with MBAM, RKill (or w/e it was called) and a registry edit to get windows working, and then I couldn't get MSE to work again afterwards.

wainuitech
24-08-2011, 02:22 PM
Please correct if this is wrong,, you power it up after doing a repair install, all you get is a blank /black screen ???

If so, was IE8 installed on this, before you did the repair install ??

If so theres a good chance its IE8 causing the problem. (catches many people out) me included a while back.

Try this -- boot from the XP CD, press R to load up the recovery console prompt, and are at C:\Windows>

Type in

CD ie8\spuninst <press enter>
batch spuninst.txt <press enter>

( you'll see a whole lot of files saying access denied & "1 Files copied"

Close off the command prompt when it finishes, type exit

Reboot, if it boots carry on - you will have to reinstall IE8 from a download because the command makes toast of IE.

The reason it happened --- nothing to do with infections, when doing a repair install, XP will have put in a earlier version of IE - BUT when the computer is loading windows its looking for IE8 which isn't there now, so it simply stops.

headshot
24-08-2011, 02:25 PM
how bout try boot from linux cd and save all the user files to a external hdd etc then do a clean reinstall?

wainuitech
24-08-2011, 02:32 PM
Blimey some of you people give up easy here.

Could be one little file like I mentioned above in post #9 could be IE causing the problem, and every one wants to reinstall :groan:

If its not IE, then there are still a few options.

dugimodo
24-08-2011, 02:42 PM
All true Wainui, but it could also still have the Fake antivirus and take the next few days trying various fixes to remove it and still not be sure it was really gone.....

I'd suggest trying Wainui's little IE8 tip, seems like a likely suspect, then if it works booting up and running MBAM etc as previously suggested. But given that I can do an attended windows install and fully update it in a couple of hours how much time is it worth putting in to fixing the infected machine?

nedkelly
24-08-2011, 08:58 PM
Ok I am going to try Wainui's suggestion tomorrow.
Will let you know how it goes.

bk T
24-08-2011, 09:10 PM
.. But given that I can do an attended windows install and fully update it in a couple of hours how much time is it worth putting in to fixing the infected machine?

And you are sure of a 100% clean, working system. :)

wainuitech
24-08-2011, 10:38 PM
If it is IE that's stopping it from booting, and it does now boot OK, download and Run Super antispyware in full scan mode - They have done a few upgrades lately, (version 5) and the newer version is damn good at removing some of the previous "hard to remove" malware.

There are plenty of reason why XP wont boot, several options to fix as well, obviously going by a previous post # 3 a complete reinstall is not really a preferred option.

nedkelly
25-08-2011, 08:21 PM
Ok I did 1101 and Wainui's suggestions and I am now able to get to the desktop.
Am now running MBAM from my flash drive to scan it

wainuitech
25-08-2011, 09:06 PM
Sweet :clap -- good it worked and you are back in business as the saying goes.

A suggestion, run the following scanners in full scan modes (no particular order), also disable system restore:

Malware bytes
Super antispyware
Spybot S & D
Trojan Remover


Super antispyware has vastly improved in Version 5 both in detection and speed, doing a customers PC today, 1200 was the count (some were cookies etc)

Malware bytes and TR were clean after super had run, still got Spybot to go, and then Nod32 ----Will be interesting to see what that finds, just a few hours of scanning ---- oh the joys of watching paint dry :D

nedkelly
25-08-2011, 09:40 PM
Ok I ran MBAM twice but I need to move the hdd to another box that has network.
I will be doing this tomorrow.