Win xp sp3 black screen and continuous reboot

[acetrout]

Running Win Xp sp3 on Dell Dimension 4700 with Malwarebytes Pro.

PC is rebooting in a continuous loop with message: Can't mount boot sector or something similar. Was able to boot to Kaspersky Rescue Disk and run scan on running objects, hidden objects and C: drive. Several malware items found. I followed the prompts to quarantine, delete, or skip and rebooted. Same problem. Booted to Rescue disk again and rescanned...everything clean and nothing detected. Rebooted to Win XP and same problem of continuous rebooting with same message. Writing this post from Kaspersky Browser...can't get to email.

[Psychotic]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Without knowing what was removed, that will be really hard to diagnose...
 
 
Create/USe Boot-Repair-Disc

1. DOWNLOAD BOOT-REPAIR-DISK
   Note: Select the right version depending on which windows is installed on your system.
2. Then burn it on CD or put it on USB key via Unetbootin
3. Insert the Boot-Repair-Disk and reboot the PC,
4. Choose your language,
5. Connect internet if possible
6. Click "Recommended repair"
7. When finished, you are provided a link to paste.ubuntu.com - write it down somewhere
8. Reboot the pc --> solves the majority of bootsector/GRUB/MBR problems
9. Post up the link you wrote down at step 6.
   

[acetrout]

Ok Marius,

Created the boot disk and ran the recommended fix.

Here's the URL http://paste.ubuntu.com/6437967

Instructions were poor, couldn't find a shutdown command so held power button on for 5 seconds to kill powersupply. Rebooted to win xp, same problem as before.

Rebooted to boot disk again, re-ran recommended fix.

Here's the URL http://paste.ubuntu.com/6438015

Finally found a Log Out command on a RIGHT CLICK menu and hit that. System ejected the CD and said hit enter to shutdown, which I did. Rebooted to Win xp and same problem as before.

Rebooted to Bios and read event log under maintenance and the error indicated was cpu[0] temperature out of range. (which we know can't be right because the pc has been running all day and night with the Kaspersky rescue disk in)

After the first run with the boot repair disk, it did indicate the repair was successfull.

Under Advanced Options on the boot repair program is a checkbox for "repair filesystem" which was not checked...should it be?

[Psychotic]

*sigh*

Try an XP repair installation following these steps:

 

http://www.wikihow.com/Do-a-Windows-XP-%22Repair-Install%22

[acetrout]

Hi Marius,

I'm happy with your help so far but the time difference between NJ,USA and Germany is killing me.

By the time I drop my kids off to school I only have 1 hour with you and you're gone for the rest of the day and night. What is the procedure to change helpers to somebody in my time zone?

I'll see if I can find some XP install/repair disks.

I've had a similar malware once before and it changed my boot partition to a small partition on an unused part of the hard drive, and made my C: partition not active. I'm guessing that the Kaspersky Resue disk eradicated the malware but didn't go in and change partitions back to make C: active again. Would there be a registry key we could check manually to see if that's the case?

[Psychotic]

Unfortunately, it isn´t that easy. The boot record was repaired and the system isn´t coming up so the boot record isn´t our problem here.

Try to obtain a Windows XP disk with SP3 and run the repair instalaltion - that should fix major problems so we can get into the system and take care about the rest of it.

 

I´ll try to get someone from the USA for you.

[acetrout]

Ok Marius,

Found the winxp sp3 setup disk. Booted to the CD following the wikihow instructions at your link above. The instructions said to hit enter first so the program would find the existing winxp installation, then hit "r" to repair. The first time when I hit enter, it showed 2 partitions: 1 is 114 gb in size (was my old c: partition, now labeled unknown) and a second small partition of 8k which I'm guessing is now the boot sector created by the malware. I highlighted the bigger partition and hit enter and the message is: "Are you sure you want to write a new boot sector to the partition c:?". I said no and quit. Then I rebooted to the winxp setup disk again and hit "r" first to repair the installation. It finished in about 1 second and printed a message: "type exit to reboot". I typed exit, the pc rebooted and I quickly pulled out the setup disk so it wouldn't boot to the cd. Windows started to load and immediately rebooted, the same problem I've had since the beginning of my post. When I rebooted to the setup disk the third time and followed the prompts to setup Winxp on the C: partition, it said that there is no boot sector on drive C: and warned that the drive needed to be formatted and all data would be lost. So I quit out of that option. I will ask the same question again, my Kaspersky rescue disk has a registry editor. Would there be a registry key we could view/change manually to change the boot partition to my 114 gb  c: drive?The Kaspersky rescue disk did a 4 hour scan on the C: drive and I could see the familiar filenames of all my programs flashing by, so I know it WAS my C: drive it was checking. At the end of the scan everything was reported clear. My original message on the blue screen was that the boot drive was "un-mountable"

[Psychotic]

The disk you booted from is not a Windows XP setup disk - otherwise the tutorial would have fitted.

The MBR or Master Boot Record is written to track 0 of your hard disk - it cannot be accessed from windows and is not the problem of these reboots.

 

Start up your computer. Before windows loads, hit F8 several times.

Within the menu, select "Disable automatic restart on system failure" and hit enter.

Now boot into windows - when facing the BSOD, write down the error message on the top (for example INACCESSIBLE_BOOT_DEVICE) and the STOP code on the bottom left (for example STOP: 0x0000234 (0x1234...)).

Post up this information here.

[acetrout]

UNMOUNTABLE_BOOT_VOLUME

 

STOP: 0x000000ED  (0x89C29368,0xC0000006,0x00000000,0x00000000)

 

I'm not getting the BSOD more often than 1 time in 10 reboots...most of the time it reboots instantly after the BIOS finishes, before any blue screen appears.

 

Attached is a photo of my Dell windows xp sp3 setup disk.

 

Marius, just so we're strait, I don't believe there is any problem with the C: boot record. I believe windows is being redirected somewhere else since the window setup disk informed me there is no boot sector on the primary boot volume (which I don't believe is my C: drive)

 

 

[Psychotic]

OK, let´s try something completely different:

Scan with FRST (using UBCD4Win)

We need to try and boot your computer using the Ultimate Boot CD for Windows (UBCD4win)

Please print this guide for future reference!

You will need: a blank CD, a Windows XP CD, a clean computer, and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

Step 1 - creating the ISO file

1. Please select a mirror and download the Ultimate Boot CD for Windows to your Desktop

• Double-Click on the UBCD4Win.exe that you just downloaded to your desktop.
• Follow all of the instructions/prompts that come up
• Note: Do not install to a folder with spaces in it's name, it is best to use the default C:\UBCD4Win
• Note: Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read here for information regarding the files that normally trigger AV software.
• At the very end, uncheck "Run UBCD4WinBuilder.exe when installation is complete", then click Finish

2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive

• Open My Computer, navigate to: C:\ubcd4win
• Double-click on UBCD4WinBuilder.exe
• Click I Agree to the UBCD4Win PE Builder License
• Click No when prompted to Search for Windows installation files
• For Source: click on the ellipsis (...), then click on the drive with your Windows XP CD, then press Ok
• For Custom: no information is necessary, leave blank
• For Output: keep the default BartPE
• For Media output select Create ISO image: (enter filename)

  Note: you can leave the default file name and path as well (C:\UBCD4Win\UBCD4WinBuilder.iso), but if you do change it make sure it is a folder without spaces in the name

• Note: If your XP install disc is SP1 then please click the Plugins button and modify the following options:

  Click on each option, then click Enable/Disable so the correct value is displayed.

  Disabled - !Critical: DComLaunch Service [building with XP SP1-DISABLE]

  Enabled - !Critical: LargeIDE Fix (KB331958) [building with XP SP1-ENABLE]

• Note: If you have a Dell XP install disc you will need to follow the instructions here: http://www.ubcd4win.com/faq.htm#dell

3. Click on the "Build" button

• You will see the Windows EULA message. Click on I Agree
• You will now see the Build Screen. Let it run its course
• When the Build is finished you can click close, then exit

4. Burn your ISO file to CD

• Please see this information from UBCD4WIN on how to burn an ISO to CD.

==========

Step 2 - downloading Farbar's Recovery Scan Tool (FRST)

Next, from your clean computer, download Farbar Recovery Scan Tool and save it to your flash drive.

note: you will need the 32-bit version to run with UBCD4Win

Now plug your flash drive back into your sick computer and move on to the next step.

==========

Step 3 - booting to the UBCD4Win CD

Restart Your sick Computer Using the UBCD4Win Disc That You Have Created

• Insert the UBCD4Win disc in to one of your CD/DVD drives
• Restart your computer, the computer should choose to boot from the UBCD4Win CD automatically
• If it doesn't and you are asked if you want to boot from CD, then choose that option

  note: more information on booting from CD can be obtained here

• In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter
• It may take a little longer for the desktop to appear than it does when you start your computer normally, just let the process run itself until the desktop appears
• Once the desktop appears, you will receive a message asking: Do you want to start Network support?, click Yes
• You should now have a desktop that looks like this:

  

==========

Step 4 - running the FRST scan

• Single click My computer from your UBCD4Win desktop to navigate to the Farbar Recovery Scan Tool (FRST.exe) you saved to your flash drive.
• Double click on FRST.exe to begin running the tool
• When the tool opens click Yes to disclaimer

  note: if prompted to download the latest version, please do so from the link in Step 2

• Click on the Scan button
• It will make a log (FRST.txt) on the flash drive, close it and safely remove the USB drive
• Insert the USB drive into your clean computer and post the log in your next reply

[acetrout]

marius,

 

Unfortunately my Dell setup disk has an error reading 4 or 5 files out of the 5000 on the cd and apparently that's enough to prevent the iso image from even being created. Working on getting my hands on another Dell setup disk to boot from.

[Psychotic]

ok, I´m awaiting it.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!