Solved

Broken Windows XP after virus removal

Posted on 2009-04-03
24
372 Views
Last Modified: 2012-05-06
Hi!

I have a Dell laptop that had no AV software installed. I could see right away that it was infected with various types of viruses/spyware and used AVG and AdAware in safe mode to remove them. After the scans I am able to boot to normal and safe mode but Windows does not load after login. The screen just remains blank - in safe mode it's just a black screen XP version at the top, and in normal mode, it just shows a blank screen with the desktop background.

All I seem to be able to do is ALT+CRTL+DEL to shutdown, restart or logoff.

XP Repair Install doesn't seem to be an option. I am able to get into the recovery console though and have already tried chkdsk.

Is there anything else I can try before a clean re-install ?
0
Comment
Question by:Julian Matz
  • 10
  • 6
  • 4
  • +3
24 Comments
 
LVL 6

Expert Comment

by:Lunda_Construction
ID: 24062782
Are you able to get to System Restore?  
Right Click My Computer go to properties, then System Restore tab.??
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 24062883
No, it's just a blank screen. No start-menu or desktop icons. Unless there's a keyboard shortcut I could try. Or maybe a keyboard shortcut for cmd.exe?
0
 
LVL 6

Expert Comment

by:Lunda_Construction
ID: 24062885
If you are able to boot in safe mode, go to the Start menu, all programs, Accessories, then System tools, then System restore.  Try restoring to an earlier date.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 21

Author Comment

by:Julian Matz
ID: 24062903
I am in safe mode now but there's no start menu. Literally just a blank screen. Kb shortcut for start menu or help and all that doesn't do anything either.
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 24062918
It's not forzen either. Applications and processes are running - I can see them with the Task Manager. I just amn't able to do anything.
0
 
LVL 6

Accepted Solution

by:
Lunda_Construction earned 300 total points
ID: 24062933
Do you have any support through Dell?  There is a keyboard shortcut on some Dell products that will restore your computer to purchase date if you have not reformatted your drive yet.  

Other than that, I would try and slave out your drive and copy any files that might be important then reformat.  
0
 
LVL 30

Assisted Solution

by:flubbster
flubbster earned 100 total points
ID: 24062957
In safe mode, go to task manager
click on "new task"
type the following:

explorer.exe
hit return

Did your desktop come back??

btw.. I would not suggest trying to do a system restore, even if you are able, unless you are absolutely certain that any restore point you pick will be virus free. remember, restore makes backlups of yiour system... if you are/were infected, so will the be the backups.
0
 
LVL 6

Expert Comment

by:Lunda_Construction
ID: 24062968
When you ran Chkdsk, did you use the /R switch?  If not, try booting to the CD then use the console to run chkdsk /R on the C drive.
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 24062977
It says Windows cannot find explorer.exe. I can use it though to open cmd.exe
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 24062989
Yes, I used the /R switch and apparently it did repair some files/sectors.
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 24063021
It looks like explorer.exe is missing from the WINDOWS directory... I guess if that's the case then a lot of other files may be missing also and it's probably best to do a clean re-install......
0
 
LVL 22

Expert Comment

by:orangutang
ID: 24063030
0
 
LVL 6

Assisted Solution

by:Lunda_Construction
Lunda_Construction earned 300 total points
ID: 24063069
Before reinstalling, if you have important files, pictures, etc. pull out the drive and see if you can slave it to a known working computer to grab your files.  If not able to slave it, they do sell USB external casings for your current drive so you can try that way.  Cost is approx. $30.   This is a very handy tool in cases like these.

0
 
LVL 21

Author Comment

by:Julian Matz
ID: 24063071
Regedit.exe also seems to be missing.
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 24063079
I should be able to backup the files alright. I have a USB adapter that connects 2.5" IDE drives to USB.
0
 
LVL 6

Assisted Solution

by:Lunda_Construction
Lunda_Construction earned 300 total points
ID: 24063114
just make sure if you do copy files from the old to the new reformatted drive you scan for viruses right away.   Preferabbly before you copy the files back.
0
 

Expert Comment

by:CompdrTroy
ID: 24063666
Provided you have the OS disk try running sfc.exe (System File Checker) from the task manager.  If that fails attempt a windows repair.  Either of those options should replace those missing system files.
0
 

Expert Comment

by:CompdrTroy
ID: 24063740
My apologies but I forgot to mention you need to enter a descriptor to tell it when to scan.
To do in right in windows use /scannow, but I prefer to do it on reboot /scanboot.  If you open command prompt, and then enter sfc.exe it will display the options for you, as another option.
0
 

Assisted Solution

by:CompdrTroy
CompdrTroy earned 100 total points
ID: 24063774
Ok. Last post, and again I apologize for the multiple posts I should have had it correct the first time.  /SCANBOOT will scan the files at every boot, (It takes a long time!) /SCANONCE is the command you want. It will execute on reboot only once.
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 24063912
Thanks CompdrTroy. In normal mode I cannot use CMD.exe because of:

cmd.exe - Application Error

The instruction at "0x00960664" referenced memory at "0x00960664". The memory could not be "written". (Click on OK to terminate the program, CANCEL to debug).

SFC.exe won't work in safe mode because the RPC service is unavailable.
0
 

Expert Comment

by:CompdrTroy
ID: 24064031
Ok, I should have seen that comming considering all thats missing.  If you can get your hands on an UBCD4WIN cd you can use the registry tool "registry restore" to restore to a system restore point. It's a free tool but it takes a bit of work to create one, so the easiest would be to find an iso.
0
 
LVL 30

Expert Comment

by:flubbster
ID: 24065321
If you really want to od a system restore, the easiest way at this point is to download erd commander. It will boot to a windows environment and give you access to the system restore function. Get it here:

http://www.fullandfree.info/software/erd-commander-2005/

It will ask for a password when you unrar it. The password is the name of the website, like so:

www.fullandfree.info

Make sure your cd is set as first boot device. Burn the iso image to a cd and boot it. DO NOT just copy the iso to the cd. Select system restore.
0
 
LVL 3

Expert Comment

by:techmaza
ID: 24067053
my suggestion is recover ur data in ur system drive by using liveCD like Slax or Linspire or by using Hiren Boot Cd and reinstall xp again.

0
 
LVL 21

Author Comment

by:Julian Matz
ID: 24180170
Thanks. I used an IDE->USB adapter to backup the important files and used an XP-disk to format and do a full re-install. Thanks again for all the help!
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disclosure: Use this tutorial only when no other options helps to get Windows XP running without any problems and you don't want to format the drive. The back up of the data is the responsible of the user, however there is a description of how t…
Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question