Solved

Receiving IRQL_NOT_LESS_OR_EQUAL on restart using /SAFEBOOT after performing virus scan using Norton Systemworks 2004

Posted on 2004-08-22
8
838 Views
Last Modified: 2007-12-19
I upgraded last week from Win ME to XP Home Edition. Everything worked fine for the past 7 days until last night when Windows asked  me to install SP2. I installed it with no problem. The security screen starts up automatically and tells you that the anti virus software status is unknown.

I reinstalled Norton SystemWorks without any problems and performed a liveupdate to get the most-up-to-date protection. I then proceeded to perform a full scan to identify any potential viruses. Norton came back with 102 adware/spyware files of which I was able to delete 80 through Norton.

In order to delete the remaining 20 files, Norton suggested that I start msconfig and click on /SAFEBOOT under the BOOT.INI tab. I did this and restarted the computer. At this time I would receive the boot menu from which I can select, Safe Mode, Normal mode and previously known mode. All of these selections would simply perform a restart.

I then selected Advanced Startup by pressing F8 at during the boot cycle. I selected “Do not autostart on failure” and I receive the blue screen IRQL_NOT_LESS_OR_EQUAL. My research tells me that this probably is occurring because of the antivirus software. To be sure I have removed all the PCI cards except the monitor and Ethernet cards to be sure it wasn’t a device driver problem.

After not being successful, I booted the Win XP Home CD trying to perform a reinstall. At this time I receive the blue screen SESSION3_INITALIZATION_FAILED. My research tells me that this is probably occurring because when I originally shutdown, the boot sector was set to /SAFEBOOT.

What can I do next to save this machine? How can I turn the /SAFEBOOT off from a dos prompt?
0
Comment
Question by:dastefko
  • 4
  • 3
8 Comments
 
LVL 17

Expert Comment

by:Eagle6990
Comment Utility
You will probably need to boot from your XP CD and enter the recovery console to edit your boot.ini

http://support.microsoft.com/default.aspx?scid=kb;en-us;307654
http://support.microsoft.com/default.aspx?scid=kb;en-us;289022

0
 

Author Comment

by:dastefko
Comment Utility
I have started up the computer using the recovery console. I have explored the use of bootcfg but I don't see anything that will fix the problem. I was thinking about using fixmbr that it comes back with a warning that I may loose visability to the hard drive.

When you say edit boot.ini, where is boot.ini, what do I need to do to it and with what application?

0
 
LVL 17

Accepted Solution

by:
Eagle6990 earned 250 total points
Comment Utility
boot.ini is in the root of your c: drive.  It is hidden and read-only I believe.  When you checked that box with MSconfig, it modified that file with the /safeboot option.  I don't remember if Edit works from the recovery console or not, but I would try it to see if you can change that file to remove the safeboot option.

I would also run
chkdsk c: /r
from the recovery console to check your hard drive for errors.  It takes awhile but I've seen it fix some strange issues.
0
 
LVL 17

Expert Comment

by:Eagle6990
Comment Utility
Since you apparently have access to a working computer, would it be possible to slave your hard drive into another computer and modify the boot.ini from there?  It is set for read-only, but that can be overcome by right clicking on the file>Properties
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 3

Expert Comment

by:bmhydro420
Comment Utility
Its usually related to a hd error try bootinfg from windows cd and go to the recovery console when it prompts you to and run a chkdsk /f and or chkdsk /p
0
 

Author Comment

by:dastefko
Comment Utility
Edit does not work from the recovery console. I was able to create a DOS boot disk from www.bootdisk.com and boot the machine on the DOS prompt. From the DOS prompt, I was able to go to the root (C:\) and perform the command “attrib –r –h –s boot.ini”  to remove the read-only, hidden and system attributes.

From here, I was able to perform the DOS “EDIT” command on the file  BOOT.INI. I removed the /safeboot option and the computer was able to start again. Windows immediately started msconfig and it stated that the computer was in a troubleshooting state and I should check-off the /safeboot option so I did. I restarted and everything comes up fine.

Now that I have regained control, I am backing up everything from HDD before starting this exercise again. I still need to start the computer in safe mode and allow Norton to remove the adware/spyware. I will do this as soon as the machine is backed up.

Thanks Eagle6990, you pointed me in the right direction.
0
 
LVL 17

Expert Comment

by:Eagle6990
Comment Utility
You must have a Fat32 formatted disk then.  with NTFS you wouldn't have been able to do that.  Glad to hear you are back up and running.  Don't forget to accept an answer.
0
 

Author Comment

by:dastefko
Comment Utility
Yes, it is FAT32 upgraded from Windows ME.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now