Jump to content

Stuck in automatic repair loop. Mbamswissarmy.sys missing or corrupt


Recommended Posts

A few days ago I encountered a problem where I got stuck on automatic repair loop on my desktop. 

It began after I shutdown my computer, only to realise minutes after leaving that it was still turned on. I returned to find it at the page that says "Your PC did not start correctly". 

Since then I have been unable to get into my computer, repeatedly being directed to that page. Ive tried restarting, startup repair, and even system restore but none of it works.

SrtTrails.txt says that the root cause is a corrupted mbamswissarmy.sys and I found out it was something to do with malwarebytes that I have on my computer hence I came here. I found a thread with people experiencing the same problem as me and I was made aware of some farbar recovery system tool that might help solve my problem. 

My issue is that I am not very knowledgeable about it so I require a complete guide from step 1 as to how to fix my desktop. I have no backups whatsoever and my files inside the computer are extremely important to me so I appreciate any quick assistance.

Link to post
Share on other sites

This is additional information on what I attempted in the few days I couldn't get into my computer. I found these suggestions on the internet but have no clue what they actually do. It may have affected my computer.

1. I used command prompt to and typed the following commands:

bootrec.exe/rebuildbcd

bootrex.exe/fixmbr

bootrec.exe/fixboot

I also ran chkdsk d: and apparently there were certain errors found so I followed instructions and typed chkdsk d: /f which changed something but I have no idea what. It didn't help.

I ran chkdsk x: on command prompt too and it said there was an error in the uppercase file, but when I typed chkdsk x: /f I was prevented from doing so.

2. I tried booting to save mode with networking but I still got stuck in the loop. I also tried to boot with early launch malware protection disabled but to no avail.

3. I also tried "bcdedit /set {default} recoveryenabled no" and that was when I got the message that mbamswissarmy.sys was corrupted or missing and i was still unable to get into my computer. I quickly changed it back soon after

4. Using command prompt I typed "bcdedit /set {default} device partition=c:" and "bcdedit /set {default} osdevice partition=c" when the original setting was device/osdevice partition=d: I quickly changed it back to d: when it didn't work

5. Using command prompt I entered d>windows>system32>logfiles>srt then typed in "srtTrail.txt" for some reason I could not get to it in the c: drive where most websites said it should be. Originally it said that the last successful boot was 16/10/2017 (which is weird because I was using the computer fine up till 26/10/2017). They also mentioned the number of repair attempts was around 30 and according to what I remember, they could not find the root cause although there was 1 error. After I did "chkdsk d: /f" it changed and it now says that last successful boot is still 16/10 but that the no. Of attempted repairs=3 and that the root cause is due to mbamswissarmy.sys in the driver being corrupted or missing.

6. Using command prompt I typed "copy d:\windows\system32\config\regback\*  d:\windows\system\config" but it didn't work too.

7. Using command prompt I went to d:\windows\system32\config and typed

MD backup

copy *.* backup

CD regback

Copy *.* ..

Once again this didn't work.

To stress again, I am extremely clueless when it comes to these stuff and was just following instructions that I found on the internet in hopes of fixing my computer. I understand that doing what I did might have messed things up so I thought it would be better if you were aware of what I did to better assist me. Once again thank you for replying.

Sorry the order of the things I did ade as follows:

- startup repair

-system restore

-(1) without chkdsk

-(2)

-(5) first try

-(7)

-(6)

-chkdsk d: /f

-(4)

-(5) second try

I apologise for any inconveniences caused. It is quite a challenge for me to edit the above as I am using a mobile phone to type this.

 

 

 

Link to post
Share on other sites

Alright, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

Link to post
Share on other sites

Alright, download the attached fixlist.txt and move it on your USB where the FRST executable is. From there, boot back in the RE, open the command prompt and launch FRST. This time however, use the Fix button. Afterwards, restart your computer and it should boot normally.

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.