Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Viruses Removed but no Boot

Status
Not open for further replies.

DonP

IS-IT--Management
Jul 20, 2000
684
US
After thoroughly cleaning a drive that was badly infected by multiple viruses, I am trying to test it before sending it back the person whose drive it is. I know there are issues in booting a drive in another system but I thought it would at least boot up without high-res video and without other hardware and/or in Safe Mode but it doesn't.

It goes to a screen saying that XP was not successful in booting up due to recent software or hardware changes. It gives options to start in Safe Mode or start normally but does nothing and just hangs no matter the choice.

In-place upgrade doesn't work either and crashes with a blue screen each time. I suspect that the viruses have damaged something. Is there a way to repair its boot files or the MBR with it connected as a second drive in another system?

Don
Experienced in HTML, Perl, PHP, VBScript, PWS, IIS and Apache and MS-Access, MS-SQL, MySQL databases
 
Have you disconnected the regular drive?

Try these while the good drive is out of the way.

How to install and use the Recovery Console in Windows XP

Have a look at the FixMbr, FixBoot and BootCfg and ChkDsk /r commands.

266745 - Error Message When You Run fixmbr Command

A Discussion About the Bootcfg Command and Its Uses

HOW TO: Create a Boot Disk for an NTFS or FAT Partition in Windows XP(Q305595)

How to Use System Files to Create a Boot Disk to Guard Against Being Unable to Start Windows XP (Q314079)
 
Thanks! I tried some of the ideas but as I do not have a system with a diskette drive, I was not able to create a boot diskette. This might be a good time to create a boot CD-ROM, though.

The only way I can get to the drive right now is by connecting it externally via a USB chassis so I can do whatever needs to be done that way as long as it CAN be done that way. I cannot boot to it at all but yes, no other drives were connected when I tried to boot. I'll see what I can do about creating a boot CD-ROM.

Don
Experienced in HTML, Perl, PHP, VBScript, PWS, IIS and Apache and MS-Access, MS-SQL, MySQL databases
 
A drive that has xp installed will only boot in another system if that system is a clone of the first. It might also boot if the new system is using the same disk controller, but you are still likely to get blue screens due to further driver vs hardware discrepancies.

Sounds like you already did a repair reinstall, which would ordinarily reapply the HAL and straighten this out, but even if it were successful, the customer would have to do the same when he gets it back, for the same reasons. You might be money and time ahead to have him ship his tower to you.

Nowadays, viruses typically don't live in the boot sector/MBR. What is the stop code you are getting on the blue screen? How exactly did you clean the hard drive of viruses?
 
Thanks, that's what I suspected. The computer is in central Oregon and I am in California but I'll be going up there shortly and might have to work on it then (it's my sister's computer who has little income for shipping the tower). I couldn't run the repair reinstall because I couldn't boot to it so everything should boot up just fine for her. I think it will.

One more related question, I discovered last night that she had the notedad.exe trojan which my virus detector didn't find. Although I physically removed it along with the related files, is there some way to open the driver's registry to remove the entries it created even though I can't boot to the drive? In other words, can it be opened in, say, Notepad or some other application for editing?

Thanks again.

Don
Experienced in HTML, Perl, PHP, VBScript, PWS, IIS and Apache and MS-Access, MS-SQL, MySQL databases
 
This will introduce you to BartPE, a freeware XP that runs from CD. It has the ability to run Virus Scans and Registry Editors via Plugins and contained programs.

Cannot logon to winxp...losing lots of valuable documents
thread779-975236

You have to load the faulty Registry Hives and edit them while in BartPE, or any other Windows Operating System.

As an Administrator highlight one of the two following Keys, it will only be available for these Keys.

HKEY_LOCAL_MACHINE
HKEY_USERS

These two articles in the RegEdit Help are a good explanation of the process.

To load a hive into the registry
To unload a hive from the registry
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top