Author Topic: Reboot loop after boot scan (can't get into safe mode)  (Read 40417 times)

0 Members and 1 Guest are viewing this topic.

Offline billkwando

  • Jr. Member
  • **
  • Posts: 45
Reboot loop after boot scan (can't get into safe mode)
« on: March 08, 2010, 06:51:05 PM »
Hello!

I'm hoping some of you kind folk will be able to assist me with my problem. I had a really nasty trojan/virus/malware infection that I fixed, using the Avira Recovery disk, Malwarebytes, and Avast! Free.

Avast is the only antivirus installed on my system.

I got everything almost back to normal, but I had a browser hijacker that I couldn't get rid of. I decided just to be safe, I'd run a boot scan. When it found the first bad file, I chose "3" which I believed was the option to "move to the chest" for this one item. It appeared to continue to apply that choice to later infected files. This was first thing in the morning, and I needed to get to work. I left the boot scan running, thinking it would take most of the day.

When I get home, my computer is in a reboot loop (with a brief bluescreen after the windows XP logo screen....too fast to read).

Clearly some vital system files were infected, but I didn't realize that when I started the scan. Over the weekend, I tried doing Recovery Console (have an HP with a recovery drive, a m7690n Media Center PC http://reviews.cnet.com/desktops/hp-pavilion-media-center/1707-3118_7-32165927.html) and "bootcfg /Rebuild", but that seems to have messed it up worse, perhaps because I didn't type the OS name correct? I typed XP instead of "Microsoft Windows XP Media Center Edition". Now when I choose (windows) Recovery Console, that causes it to bluescreen too, with a STOP error.

I definitely want to save this installation of windows, not reformat or do a destructive recovery. I've read about using a XP disk to do a repair install, but my PC did not come with a disc, plus I'm updated through SP3. I've also read about BartPE, but again, unfortunately the only XP disk I own is a vanilla "no SP" copy, which you cannot slipstream SP3 with (or so I've read).

Is there some kind of boot disc or other way to get into Avast's "chest" and restore these files that were removed? I was so close to getting my PC exactly how I wanted it and I totally jacked myself by using a tool I didn't fully understand. I could bootscan myself in the buttocks!


Edit: I should point out that I already couldn't get into Safe Mode, because it hangs at "Mup.sys"........ and that System Restore was turned off, because (they say) trojans can hide in there and not be removed.
« Last Edit: March 08, 2010, 07:52:51 PM by billkwando »
"...breaking computers in brand new ways....every day"

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #1 on: March 08, 2010, 09:26:27 PM »
http://www.aitechsolutions.net/mupdotsysXPhang.html gives some information on Mup.sys.  It also seems to blame overclocking or power supply, etc. for sometimes being the problem.  I don't know exactly what validity to place on the article.  Perhaps others can comment.  Please wait for responses from others.

AFAIK, Avast must be running to access it's chest, which means running Windows in Safe Mode won't help you there.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

Offline billkwando

  • Jr. Member
  • **
  • Posts: 45
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #2 on: March 08, 2010, 11:26:29 PM »
http://www.aitechsolutions.net/mupdotsysXPhang.html gives some information on Mup.sys.  It also seems to blame overclocking or power supply, etc. for sometimes being the problem.  I don't know exactly what validity to place on the article.  Perhaps others can comment.  Please wait for responses from others.

AFAIK, Avast must be running to access it's chest, which means running Windows in Safe Mode won't help you there.

Well Safe Mode is one less thing to worry about then. Mup.sys is like the loch ness monster.....everybody has a different version of the story. That was the least of my concerns, I just wanted to mention it in case somebody told me to go there. :)
"...breaking computers in brand new ways....every day"

Offline bobo1

  • Poster
  • *
  • Posts: 471
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #3 on: March 09, 2010, 01:20:28 AM »
You will need a XP CD Rom to repair windows if you cannot access safe mode on your computer. Best to get hold of a XP CD rom disk to reformat as you are in a constant reboot loop as you are having a parity stop error due to your virus attack ruined critical system files within windows sys folder.
IBM T41 INTEL CENTRINO 1.6GHZ  3. XP SP3. 1000 MB RAM. 80GB HARD DRIVE. AVAST 9. MALWAREBYTES FREE.
NEW TEST RIG FUJITSU (SCALEO) 2.8GHZ 3000MB RAM DVI HD OUT SVGA PENT 4 AVAST 9. GAMING RIG

Offline billkwando

  • Jr. Member
  • **
  • Posts: 45
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #4 on: March 09, 2010, 01:44:15 AM »
You will need a XP CD Rom to repair windows if you cannot access safe mode on your computer. Best to get hold of a XP CD rom disk to reformat as you are in a constant reboot loop as you are having a parity stop error due to your virus attack ruined critical system files within windows sys folder.

So you're saying there's no way to restore/fix them? Windows WAS running, even when I couldn't get into safe mode.

Any idea how to fix the issue of the (extra) accidentally rebuilt boot? Or will an XP repair take care of that too?

If I'd chosen fix instead of quarantine, what would Avast have done if it couldn't fix those files? Lastly, can you repair an XP Pro machine with a Home disc? Dumb question, I'm sure.
"...breaking computers in brand new ways....every day"

Offline bobo1

  • Poster
  • *
  • Posts: 471
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #5 on: March 09, 2010, 09:51:37 AM »
You will need the XP Pro disk i think XP Home is built slightly differrent and the same service pack level. My original disk is sp1 & You can download the SP3 from microsoft and jump to that level without going to sp2 and so on.
Again if the virus has destroyed critical windows sys files you will need to either repair or re-format as i find that XP over time gets slow and sluggish and windows systems have WIN ROT! (google it?) Known as degradation of system performance over time. I Format once every 2 years or so & and the speed difference is amasing!
« Last Edit: March 09, 2010, 09:55:51 AM by bobo1 »
IBM T41 INTEL CENTRINO 1.6GHZ  3. XP SP3. 1000 MB RAM. 80GB HARD DRIVE. AVAST 9. MALWAREBYTES FREE.
NEW TEST RIG FUJITSU (SCALEO) 2.8GHZ 3000MB RAM DVI HD OUT SVGA PENT 4 AVAST 9. GAMING RIG

Offline billkwando

  • Jr. Member
  • **
  • Posts: 45
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #6 on: March 09, 2010, 06:32:24 PM »
Can anyone offer a logical explanation as to why Avast reported my system to be clean prior to the boot scan, but then went nuts on my OS? Does the boot scan have different virus/malware definitions?

Why wouldn't I have been informed that my vital system files were infected during the standard full scan?
"...breaking computers in brand new ways....every day"

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1620
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #7 on: March 09, 2010, 08:30:11 PM »
Have you tried to boot into Last known good configuration rather than Safe Mode?
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40610
  • Dragons by Sasha
    • Malware fixes
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #8 on: March 09, 2010, 08:31:26 PM »
Hi lets see if we can get you back up and running

OK this file is big about 276.7Mb, print these instruction out so that you know what you are doing

File details
Bytes - 290,236,416
MB - 276.7
MD5 - 3BD19DB0ADB880A39DD80C704CB907D0

Two programmes to download

First

ISOBurner this will allow you to burn OTLPE.iso to a CD and make it bootable.  Just install the programme, from there on in it is fairly automatic.  Instructions

Second

  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads  :) 
  • Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in

/md5start
iaStor.sys
nvstor.sys
atapi.sys
/md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved  in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive. 
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

Offline billkwando

  • Jr. Member
  • **
  • Posts: 45
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #9 on: March 09, 2010, 08:31:45 PM »
Have you tried to boot into Last known good configuration rather than Safe Mode?

Alas it doesn't do anything. I meant to mention that I did try that. Thanks for the suggestion! :)
"...breaking computers in brand new ways....every day"

Offline billkwando

  • Jr. Member
  • **
  • Posts: 45
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #10 on: March 09, 2010, 08:32:44 PM »
Hi lets see if we can get you back up and running

OK this file is big about 276.7Mb, print these instruction out so that you know what you are doing

File details
Bytes - 290,236,416
MB - 276.7
MD5 - 3BD19DB0ADB880A39DD80C704CB907D0

Two programmes to download

First

ISOBurner this will allow you to burn OTLPE.iso to a CD and make it bootable.  Just install the programme, from there on in it is fairly automatic.  Instructions

Second

  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads  :)  
  • Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in

/md5start
iaStor.sys
nvstor.sys
atapi.sys
/md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved  in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.  
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

Thanks so much!!! I'll try this tonight!!  ;D

If I already have a prog like ImageBurn, do I still need ISOBurner? I'll use it if that's what I need to use, just trying to avoid being redundant. ;)
« Last Edit: March 09, 2010, 08:34:47 PM by billkwando »
"...breaking computers in brand new ways....every day"

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40610
  • Dragons by Sasha
    • Malware fixes
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #11 on: March 09, 2010, 08:39:33 PM »
No Imgburn will do just as well - it is just that not everyone has a programme to burn ISO's

Offline billkwando

  • Jr. Member
  • **
  • Posts: 45
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #12 on: March 10, 2010, 07:01:02 PM »
Hi lets see if we can get you back up and running

OK this file is big about 276.7Mb, print these instruction out so that you know what you are doing

File details
Bytes - 290,236,416
MB - 276.7
MD5 - 3BD19DB0ADB880A39DD80C704CB907D0

Two programmes to download

First

ISOBurner this will allow you to burn OTLPE.iso to a CD and make it bootable.  Just install the programme, from there on in it is fairly automatic.  Instructions

Second

  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads  :)  
  • Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in

/md5start
iaStor.sys
nvstor.sys
atapi.sys
/md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved  in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.  
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

Apparently that bootcfg /repair REALLY jacked it up. The OTLPE prog can't access C and says it's "invalid or corrupt". None of the various tools on there could access C. It could access the other drives (which are really partitions). Anybody have any idea what happened? (taking into account my explanation of what happened above)

I was afraid to do fixmbr because it talks about how it will change the other partitions as well.

I'm gonna try a program called TestDisk: http://www.cgsecurity.org/wiki/TestDisk

Hopefully I can run it from a USB drive with the boot disc you suggested. If I can get the drive to read, I'll continue with your steps and let you know what happens. If anybody else wants to suggest any recovery/repair programs, I'm all ears.
« Last Edit: March 10, 2010, 07:11:18 PM by billkwando »
"...breaking computers in brand new ways....every day"

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40610
  • Dragons by Sasha
    • Malware fixes
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #13 on: March 10, 2010, 10:35:34 PM »
Why not run Bootcng again - but with some instructions this time - it might work

Insert the Windows XP CD-ROM into your CD-ROM or DVD-ROM drive, and then restart your computer.
  • When you receive the "Press any key to boot from CD" message, press a key to start your computer from the Windows XP CD-ROM.
  • When you receive the "Welcome to Setup" message, press R to start the Recovery Console.
  • If you have a dual-boot or multiple-boot computer, select the installation that you have to use from the Recovery Console.
  • When you are prompted, type the administrator password, and then press ENTER. (generally for XP this is blank)
  • At the command prompt, type bootcfg /list, and then press ENTER. The entries in your current Boot.ini file appear on the screen.
  • At the command prompt, type bootcfg /rebuild, and then press ENTER. This command scans the hard disks of the computer for Windows XP, Microsoft Windows 2000, or Microsoft Windows NT installations, and then displays the results.
  • Follow the instructions that appear on the screen to add the Windows installations to the Boot.ini file. For example, follow these steps to add a Windows XP installation to the Boot.ini file:
  • When you receive a message that is similar to the following message, press Y:
    Total Identified Windows Installs: 1

    [1] C:\Windows


    Add installation to boot list? (Yes/No/All)

  • You receive a message that is similar to the following message:
Enter Load Identifier
This is the name of the operating system. When you receive this message, type the name of your operating system, and then press ENTER.
This is either Microsoft Windows XP Professional or Microsoft Windows XP Home Edition.

  • You receive a message that is similar to the following:
Enter OS Load options
When you receive this message, type /fastdetect, and then press ENTER. [/i]

Note The instructions that appear on your screen may be different, depending on the configuration of your computer.
Type exit, and then press ENTER to quit Recovery Console. Your computer restarts, and the updated boot list appears when you receive the "Please select the operating system to start" message
[/list]

Offline bobo1

  • Poster
  • *
  • Posts: 471
Re: Reboot loop after boot scan (can't get into safe mode)
« Reply #14 on: March 10, 2010, 11:53:50 PM »
I am sure that Essexboys programe utilitys will work. But can you be certain that the hard drive would be clean & free of viruses afterwards?. Best thing would be is to eventually del the partition & re-format is the only way to ensure that you are free of viruses and trojans and spyware etc in the first place. This is my normal procedure when fixing persons troublesome computers, allways start afresh!
IBM T41 INTEL CENTRINO 1.6GHZ  3. XP SP3. 1000 MB RAM. 80GB HARD DRIVE. AVAST 9. MALWAREBYTES FREE.
NEW TEST RIG FUJITSU (SCALEO) 2.8GHZ 3000MB RAM DVI HD OUT SVGA PENT 4 AVAST 9. GAMING RIG