Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows cannot boot due to some really weird message that i haven't seen before////

Posted on 2007-07-19
7
Medium Priority
?
2,461 Views
Last Modified: 2011-08-18
Computer boots to the black windows screen with green bars going from left to right.

Then a blue screen (not the regular dreaded bsod) comes up and displays "regrun partizan.   greatis software
\??\C: blah blah blah  .......

   then it goes to a regular bsod that says the registry cannot load the hive file and it is corrupt absent or not writable.

I tried a safe recovery and windows would not finish it. It displayed  "Setup cannot set the required Windows XP configuration information. This indicates an internal setup error."

PLEASE HELP ME!!! I have offered alot of points for a good answer and help here.

It is a dell laptop and i have all the cds.
0
Comment
Question by:mrjday
7 Comments
 
LVL 6

Accepted Solution

by:
bgbeer earned 750 total points
ID: 19528713
sounds like u had a trojan (root kit) on your computer that played havoc.

the only thin that u can do at this point is to reinstall windows.

the hal is a vital part of windows. when it's removed or damaged the only hin u can do is reinstall.

meaning everything else is gone.
0
 
LVL 1

Assisted Solution

by:Megadoodie
Megadoodie earned 750 total points
ID: 19528773
Partizan starts using the BootExecute registry key on the early stage of the Windows boot process. It can get the access to any file or registry keys. Using another words, Partizan is a king on your computer at the moment.
 Partizan executes 2 main tasks:

Getting file/registry information.
Delete Files/Registry Keys.
The kernel rootkits can cause the trouble with detecting hidden registry keys/files etc.
But rootkits are not invulnerable!

The simple way to kill a rootkit is to shutdown your computer.

A rootkit can revive after reboot using:

Rootkit service/driver with auto start setting (to be more hidden for user mode checkers).
Injection to the executable file or to the process memory. The body may be hidden in the mother file.
Using registry startup keys.
Infection from network.
The last chance is very dangerous but it can be resolved by simple cut off the network cable.
The second chance is not the simple because the user can control the file integrity using Microsoft or another software.

Third chance is more often used. But rootkit detectors easily detect it.

The fake Winlogon DLLs are not the surprise for us very long ago :-)

The hidden kernel driver is the top of the hacker skills. This is one reason why the Partizan was created.

Unfortunately Microsoft prevents Partizan for interacting with user using keyboard and it is a real problem for creating the shell like "cmd". Why they don't?

I think you need ask Microsoft.

Anyway it's not a technical problem. It's the Microsoft decision.

We need to get a workaround.

 

We use the command file (RRI). Partizan opens the command file and executes the tasks listed in it. After that the Windows boot will continue.

RegRun Platinum Secure Start will run the special copy of UnHackMe software for comparing Partizan information with current visible. It will be notify you if it found something suspicious.

To be sure that it's not false positive alert you will be prompted to reboot again. It's required because the some services drivers may be deleted at startup and this will cause the alarm.


How to uninstall Partizan?
 
Open RegRun Start Control.
Go to the Features menu.
Choose "Partizan" item.
Click on the "Remove" button.


0
 
LVL 6

Expert Comment

by:bgbeer
ID: 19528777
sorry, I meant the hive. it's 2 different things.

try this:

1. Boot up from your Windows XP CD. Pressing the F12 key right as your computer starts up will allow you to choose from a list of boot devices on most recent computer models. Otherwise, you will need to take a look at your user manual to figure out how to set the BIOS to boot from CD first.

Once you have successfully booted from the CD, you will see the Windows XP "Welcome to Setup" screen.

2. At the welcome screen press R to go into the Recovery Console. Press the number that corresponds to your Windows installation (usually 1) and press ENTER. Enter the password for the Administrator account on your computer (usually the password you put in the machine when you first bought the machine) and press ENTER. If your password is not accepted, try a blank password by just pressing ENTER.

3. Once you are able to log into the Recovery Console, run checkdisk. Sometimes this alone will fix the problem. You can use the command "chkdsk c: /r".

4. If you noticed any errors fixed, use the exit command at the prompt to restart the machine and see if it will boot. If not, log back into the Recover Console and go to the next step.

5. Navigate to the C:\Windows\System32\config folder. You can use the command cd C:\Windows\System32\config

6.  You can use the dir command to see a listing of the files in the directory.

7.  Rename your corrupted registry files.

If your error listed the SOFTWARE hive, rename the SOFTWARE registry file with the command: rename SOFTWARE SOFTWARE.bak

C:\WINDOWS\SYSTEM32>rename SOFTWARE SOFTWARE.bak

If your error listed the SYSTEM hive, you will need to rename the SYSTEM, SAM, and SECURITY registry files:

rename SYSTEM SYSTEM.bak
rename SAM SAM.bak
rename SECURITY SECURITY.bak

The SAM and SECURITY hives pertain to user accounts and logging into the machine. Since they are linked to the SYSTEM file, they need to be replaced when SYSTEM is replaced.

8.  Browse to the C:\Windows\repair directory with the command cd C:\Windows\repair. This is the directory which holds backup registry keys which were created when Windows was installed.

9.  Copy the backup files to the correct place.

If your error listed the SOFTWARE hive, copy the SOFTWARE registry file with the command: copy SOFTWARE C:\Windows\System32\config.


If your error listed the SYSTEM hive, copy the SYSTEM, SAM, and SECURITY registry files:

copy SYSTEM C:\Windows\System32\config
copy SAM C:\Windows\System32\config
copy SECURITY C:\Windows\System32\config

Note that in some cases the SYSTEM file will be named "SYSTEM.bak", in which case you will use the command: "copy SYSTEM.bak C:\Windows\System32\config\SYSTEM.bak" to copy the file instead. You can use the "dir" command to ascertain the name of the file.

10.  Navigate back to the config directory with the command "cd C:\Windows\System32\config".

Use the "dir" command to list the files in the directory. Make sure the following files exist in the directory (the names have to be exact, but it doesn't matter whether they are in upper or lower case):

DEFAULT
SAM
SECURITY
SOFTWARE
SYSTEM

11.  Type exit to reboot the machine.


12.  Hopefully you will now be able to reboot into Windows XP.

http://web.mit.edu/ist/products/winxp/advanced/registry-corruption.html

0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 7

Expert Comment

by:Jonybrv
ID: 19529122
You can do nothing much more in this situation rather trying a repair install.
Chances are less that you might be able to recover data if the partitions are damaged anyway it is worth trying.
Repair install:

http://www.michaelstevenstech.com/XPrepairinstall.htm

If you need to backup the data, you can use any of the Live CDs like Ubuntu, BartPE to boot from CD, and access the laptop's harddrive. These CDs even offer you network support so that you would be able to transfer all your important data to others machine on the network and then wipe the laptop's harddriver using any recovery CDs provided by Dell.
0
 
LVL 7

Expert Comment

by:ComputerBeast
ID: 19564256
Hi mrjday

The same situation has been faced by my friend, a major virus attack, where he was unable to install anything on his system and the system never worked properly and used to display black screen. He ran antivirus but was of no use, everytime when he re-installed the OS and tried to work, the virus used to corrupt the registry and the same situation would come again.

Here, he just changed the hdd and recovered the entire data saved on the damaged drive to new hdd. He recovered the files with the help of RecoveryFix for Windows http://www.recoveryfix.com/recover-windows-data.html

Entire inaccesible files were recovered back. In your case you are still on a safe side, you can recover back your data with the help of Windows Data Recovery software and protect your data.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 19565458
let me ad to my first post,
since it is a boot sector virus I recommend that u pull the ram and the battery on the mobo and wait 5 minutes and re set  the ram and battery and reinstall. the reason for this is that the new generation of these viruses, trojans and worms hide in the ram and bios making a formatt and reinstall either impossible or very hard to do.

if by chance u do format successfully and do'nt pull the ram and battery u run the chance of still being infected.

if after pulling the battery and ram you wait the required five minutes and it still does'nt work u may need to flash your bios.

i have posted this on this site a couple of times and have been personally attacked by other experts for it, so to provide more info to what i said here is a site:

http://www.wikihow.com/Remove-a-Boot-Sector-Virus
0
 

Author Comment

by:mrjday
ID: 19571218
I just ended up backing up and reinstalling.... takes too much time to waste tracking down this crap... thanks everyone
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question