Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't boot, plus boot menu lockup 1

Status
Not open for further replies.
guitarzan

guitarzan

Programmer
Joined
Apr 22, 2003
Messages
2,236
Location
US
Got a machine from a friend who said the machine was infected, do not know by what yet (He remembered seeing "mirar", but may be more than that). Anyway, I turned the machine on, got to Windows logo, then blue background with mouse working, but no further (no logon screen, can't get to task manager, etc.).

So I rebooted and hit F8 to get the full boot menu, and selected Safe Mode; got as far as MUP.SYS, then the machine reboots itself, so can't get the machine booted at all.

I have also tried "Last Known Good Configuration", but no joy.

There's one more thing... If I turn the machine on, and hit F8 so I see the full boot menu, I have about 5 seconds to make my selection... if I'm slow, the keyboard locks up! If I select "Safe Mode", and the machine reboots as mentioned above, it comes back to an abbreviated boot menu (only a few safe mode choices, last known good config, and normal mode)... the keyboard does NOT lock up! Only when getting to the full boot menu after an F8!! I have NEVER seen that happen before. Tried two different keyboards, mice, monitors and same thing. I don't know if this behavior is related to the boot problems.

Any ideas on how to proceed? Ever heard of a virus/trojan causing a lockup on the boot menu??
 
Sort by date Sort by votes
I would suggest creating or borrowing a Bart-PE disk to start up from. Then when running, select a Command Prompt and do a chkdsk /r to recover the problems with your harddrive. After that, use Malware Bytes or SuperAntiSpyware to clean off the virus problems.

Regards,
David.
 
Upvote 0 Downvote
There is a possibility that the installed AV quarantined the LOGONUI.EXE or the WINLOGON.EXE (had this happen to me once - ergo non bootable XP)...

suggestion:

DL Avira Rescue System CD and/or Dr.Web LiveCD, let them scan the drive for Malware, delete anything found...

run a Repair Install, to replace lost System files, and before you update (hotfixes etc.) run the mentioned AntiMalwares (MBAM and SAS)...


Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
Upvote 0 Downvote
Sounds like sound advice; will pull the drive out and back up the data first, then use Avira... the boot menu freezing is weird though, wonder if it's just a bad hard drive, and the virus happening at the same time is a coincidence?? Will see...
 
Upvote 0 Downvote
A couple of other things you can look at if need be.

How to install and use the Recovery Console in Windows XP

You can run ChkDsk /r from the Recovery Console.

An easy to follow recovery console description when unable to start computer due to corrupt registry.

The above is a layman's version of KB307545 in simple language.

If they don't work you could try repairing windows by running it over itself. You will lose all your windows updates but your files will be untouched.

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP (Q315341)
 
Upvote 0 Downvote
well, the latest is that I moved the drive to an external case, scanned with AVG and MalwareBytes and removed a lot of stuff. When I put the drive back, the weird lockup on the boot menu is gone, and rather than hanging at the blue background in normal mode, I get to a logon screen. (Of course, I get logged off immediately thereafter), and attempting Safe Mode still reboots after MUP.SYS.

I'm going to continue this in the virus forum, BUT I think I am going to have an issue with a repair install... The machine is a Dell, with an XP Home sticker. However, I know the operating system installed was XP Pro (because at one point the machine was joined to a domain, and never fully de-joined). So, I have an XP Pro CD, but don't know the Product Key used on this machine. I have an XP Home CD (and I have the product key from the sticker), but obviously I can't do a repair install of XP Home onto XP Pro.

Does it sound like I'm going to end up having to reformat and install XP Home?
 
Upvote 0 Downvote
Don't panic YET and do anything rash.

Verify that the registry entries and the actual files are there for LOGONUI.EXE and the WINLOGON.EXE. Also USERINIT

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

You can do both of these via a Bart PE CD or as a slave drive and definitely do this BEFORE you do a repair install.

If you Google something like "find XP product key", you will have knowledge. Thurd search result.
 
Upvote 0 Downvote
Some things for you to look at.

Logon - Logoff loop, also caused by BlazeFind


Log in Logs straight back Out
Thread779-924408

logs you on loads personal settings then logs you off?
Thread779-919265

A second reason can be security policy settings:
Fast User Switching and Welcome Screen in Windows XP
 
Upvote 0 Downvote
goombawaho: ok, nothing rash :) Building a BartsPE right now, and will go through the suggestions. btw, I never knew you could extract license info from a slave drive, very cool.
 
Upvote 0 Downvote
Yes - it has saved my bacon when a person doesn't have their key and I can get whatever one they were using from their drive even if it won't boot.

I will probably get an e-mail from "the man" about giving you that information. Copy it down now because my post might disappear.
 
Upvote 0 Downvote
I would think there was nothing wrong with your post, as there are many legitimate reasons why one would need extract their key from a dead drive.

Well, I built a Barts PE, and verified that it works by booting my machine off this CD. When I boot the dead machine with it (or an Avira Rescue disk I created), the machine will not boot from the CD. But the dead machine WILL boot off a Windows XP CD. Huhhh?? Bad CD drive ??? Later I will swap CD drives.
 
Upvote 0 Downvote
Discussing key codes is frowned upon (legitimate or not) - copy and paste while you can.

Does it even try to boot off the 2 CDs and not get anywhere or does it do something??



If the hard drive on the dead machine is SATA, you will need to include the driver pack (SATA) plug-in in the Bart PE build.

 
Upvote 0 Downvote
I set the boot options in BIOS to boot off CD only. With the BartPE disk in, it says "No boot device available|Strike F1 to retry boot, F2 for setup utility". With a Windows CD, I get the usual "Press any key to boot from CD".

Good catch about the SATA... yes, the hard drive is SATA, so I will need to include the driver pack as you mention... but wouldn't the machine boot off the BartPE CD anyway?
 
Upvote 0 Downvote
If it didn't try to boot off the Bart PE, the disc didn't get burned correctly to be "bootable" though I've never had a problem with that.

Yes - it WOULD boot off the Bart PE, but then you just wouldn't be able to SEE/Browse the hard drive within Bart PE.

So, you have to get it booting - that's the main issue. I can't think of why the Bart PE creator is not making a CD that can be booted.

You aren't using some strange CD-RW or DVD by chance. I do use CD-RW discs, so as long as the target computer can READ a CD-RW, it should work.

Verify that the Bart PE builder created a "pebuilder.iso" file. That can be burned with any burning program if you want to try it "manually" and not rely on the Bart PE burner.
 
Upvote 0 Downvote
The BartPE disc got burned properly, because it boots fine on two machines, just not this one. Discs are CD-R, drive is a DVD-ROM. Same behavior with an Avira disc, works everywhere but this box. But, Windows CD boots fine on this box. I will just put a different CD drive in later. Meanwhile, making a new BartPE with the driver pack.
 
Upvote 0 Downvote
Wow - crazy. And it really stinks to have these hurdles when you're trying to solve a problem. You have to solve a different problem en route to solving the real problem.
 
Upvote 0 Downvote
Got BartPE working... this box had 2 disc drives, I unplugged the dvd rom and used the cd burner only, and BartPE boots. I will go through the suggestions today and tomorrow, will post back results.
 
Upvote 0 Downvote
goombawaho, all I can say is WOW. You were 100% right, the "Userinit" key was pointing WinLogon32.exe, which was malware that was cleaned in the scans I ran earlier. I changed it to "userinit.exe," and I can log in now.

There's a lot more to be done, but this was a VERY cool set of tricks to learn... thanks!
 
Upvote 0 Downvote
I be the man - sometimes. Glad it worked for you. Now that you've got the Bart PE idea, you should look into these plugins and others that might be of interest:
Mcafee VirusScan
Mcafee Stinger
Firefox
Nero Burning Rom (if you own a Nero license)
Spybot
GetDataBack (for data recovery analysis - you must own the product key to actually recover the data)
Produkey (note - it won't launch from the Bart menu for some reason, but you can run it manually by browsing to the \\\Produkey\Produkey.exe file and double-clicking it using the A43 File Management Utility.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question Question
File Explorer New File Menu (Windows 8)
Replies
1
Views
375
pjw001
pjw001
Rosciano
  • Locked
  • Question Question
Blue screen during the boot.
Replies
1
Views
328
gbaughma
gbaughma
VicM
  • Locked
  • Question Question
How do I remove an 'Open With' app from context menu for a file type?
Replies
5
Views
561
VicM
VicM
Randy_F
  • Locked
  • Question Question
Windows 10 Will only boot with a USB drive inserted???
Replies
4
Views
615
Ferdinand Schultz
Ferdinand Schultz
Keyboy
  • Locked
  • Question Question
Boot software
Replies
3
Views
433
Keyboy
Keyboy

Part and Inventory Search

Sponsor

Back
Top