Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Can't boot into Windows XP

Posted on 2009-04-21
22
Medium Priority
?
2,796 Views
Last Modified: 2012-05-06
My son download  and installed Antirootkit - Greatis Software that he found on the Internet, once he rebooted the computer we can't boot into Windows XP.

When I try to boot into Windows, I get a blue screen with the following message.

regrun partizan - bootwatch antirootkit. greatis software (c) 2007-2008.

at this point the computer just freezes.

I think, we may have a virus but not sure.

I can boot into safe mode but I  I cant uninstall the Antirootkit - Greatis software because it is not on the add and remove list in the control panel.

I hope someone can help!

BIDMC
0
Comment
Question by:BIDMC
  • 12
  • 6
  • 2
  • +2
22 Comments
 
LVL 8

Expert Comment

by:Bradley Haynes
ID: 24200533
Ahhh! Been there not so long ago. First try MalwareBytes - a spyware removal tool, free just google and install / run...
Run your Anti virus program as well.
If all else fails do a repair on the OS with the installation disk...
0
 

Author Comment

by:BIDMC
ID: 24200821
Thanks for the feedback,

I did try running Norton 360 on the hard drive by installing the hard drive in another computer that had norton 360 and it didn't solve the problem. I also try doing an Windows XP repair and it didn't solve the problem either.

Any other ideas?

Thanks for your help!
BIDMC
0
 
LVL 2

Expert Comment

by:asethi19
ID: 24201676
start xp in safe mode and then right click on my computer

under startup and recovery click on setting and under default os click edit and change the file entry to

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 3

Expert Comment

by:josephms
ID: 24201754
Try system restore in Windows XP to take back the settings to an earlier date.
Start-> Programs-> Accessories->System Tools->System Restore

Hope it works.
Regards,
Joseph
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24204564
Try a System Restore from the command prompt >

"How to start the System Restore tool at a command prompt in Windows XP":
http://support.microsoft.com/?kbid=304449

Which states >>
Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt.
Use the arrow keys to select the Safe mode with a Command prompt option.
If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER.
Log on as an administrator or with an account that has administrator credentials.
At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER.
Follow the instructions that appear on the screen to restore your computer to a functional state

This should be of interest>
False Positive Alert! Symantec detects Partizan antirootkit software as a worm:
http://www.greatis.com/security/partizan_exe_antirootkit_not_a_virus.htm

Which links to this Symantec article.  See if the listed instructions help >>http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-022820-1949-99&tabid=2

0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24204708
Once you've reached your desktop i recommend downloading and updating Malwarebytes' Anti-Malware (first suggested by b_haynes), as there is no AV that can absolutely guarantee cleaning a machine, you often need to run 3 or 4 scanners:

http://www.malwarebytes.org/mbam.php
When updated, reboot into Safe Mode by selecting F8 at bootup & run a scan.
Tutorial available, if you require >
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t169669.html

and Trend Micro's, free, online virus scanner:            
http://housecall.trendmicro.com/uk/
Ideal for scanning online, using "Safe Mode with networking".

There's also a-squared Free:
http://www.emsisoft.com/en/software/free/

0
 
LVL 8

Expert Comment

by:Bradley Haynes
ID: 24206051
One note on MalwareBytes. You may have to rename the installation file. I have seen viruses block the execution of the install. I just right click on the install file and rename it to cleanMyBox and keep a copy on a USB stick.
0
 

Author Comment

by:BIDMC
ID: 24213170
Thanks Everyone for the feedback!

asethi19 - I did look at the [boot loader] and everything looks the same except for the (1)\Windows on my system I have (2)\Windows

josephms - I can't do a system restore from windows because I can't get into windows and you can't do a system restore from safe mode.

Jonvee - I did try doing a System Restore from the command prompt, due to one of my trouble shooting step before I requested help from experts-exchange, I tried doing a Windows XP reinstall so I didn't have any restore points before the reinstall.
Even after the reinstall of Windows XP , I continue to have the same problem. My only thought next is to format the hard drive and reinstall Windows XP,  but because of all the picture, save games, music, and financial information, I really didn't want to do that step.

b_haynes and Jonvee -  Once I can get into windows, I will run the Malwarebytes' software plus the other AV scanner.

Does anyone have any other ideas?

Thanks again to Everyone for their help!

BIDMC


0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24213729
Then let's hold off the reformat until we've at least attempted to recover the valuable data you have.
Can you access another computer, then remove this machine's Hard drive and reinstall it as a slave in the 2nd machine?  Hopefully you could then recover the data from it.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24213810
Did you press f8 to get the safe mode options and turn off the system restart on boot failure option so you can see what the blue screen says?  It just may help.

When you tried the repair install did you get the "Setup cannot continue because the version of Windows on your computer is newer than the version on the CD." message?
If yes, you will need to apply the SP 2 updates after the repair install completes.     You'll see that you need to create a slipstreamed copy of your XP CD by using the software and step by steps supplied in the links given here>
http://www.michaelstevenstech.com/XPrepairinstall.htm

Failing that, you make like to peruse the following article.  It's lengthy but may be a way out without reformatting, and your pics & docs should remain safe so that they can still be recovered by slaving to that 2nd machine, if this doesn't work.  

Windows XP Crashed? Here's Help
A salvage mission into the depths of Windows XP, explained by a non-geek.    By Charlie White >>
http://webcast.broadcastnewsroom.com/articles/viewarticle.jsp?id=8658-0
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24213948

If you find that the "broadcastnewsroom.com" site above is slow, or even fails to download, this link should be fine>
http://www.digitalwebcast.com/2002/03_mar/tutorials/cw_boot_toot.htm

0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24213998
Please ignore my last post, that particular version contained a number of HTML formatting errors that made the described repair process fail due to missing slashes, etc..
The "broadcastnewsroom.com" site is now downloading ok.
0
 

Author Comment

by:BIDMC
ID: 24217427
Hi Jonvee,

I took another hard drive and reformatted and installed a copy of Windows XP Media Center on this drive, once I could boot the computer up to Windows XP Media Center with the new drive.

I then took the original Hard Drive with the Virus (if is a Virus) on it and add that drive as a secondary drive. Now when I boot the computer up, I could see both drives, I copy all folders except for the Windows directory to the newly formatted hard drive. Now I have a copy of the data.

The reason I didn't just add the original hard drive to my other computer is because I didn't want to infect my other computer.

Now I have removed the newly formatted drive with the copy data on it and just install the original drive with the Virus (If it is a Virus).

When I boot the computer up on the original hard drive, I get the the blue screen with the following message.

regrun partizan - bootwatch antirootkit. greatis software (c) 2007-2008.

at this point the computer just freezes.

The message stay there until I hold the power button in long enough to reboot the computer, Also the blue screen isn't the same as the BSOD, it has a windows logo on the screen in the top right corner.

The repair install when well except I had one issue, an error message came up stating it couldn't find something in the MSCOREE.DLL file, at this point I just said to continue and everything went well but I continue to have the same problem.

Thank you for your help!

BIDMC




0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24218143
Found this >
False Positive Alert! Symantec detects Partizan antirootkit software as a worm:
http://www.greatis.com/security/partizan_exe_antirootkit_not_a_virus.htm

In turn linking to this >
http://d-line.newdesigner.net/2008/02/25/act-like-a-trojan-horse-be-removed-like-one-by-one/
still investigating ...
0
 
LVL 27

Accepted Solution

by:
Jonvee earned 2000 total points
ID: 24218294
Information on 'How to remove mscoree error' >
mscoree.dll file information:
http://www.file.net/process/mscoree.dll.html

Ok, so it may still be an infection ..
Now that you have a copy of the data(which is good!), another option now is to try running Combofix.  You can *download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, Shields, etc. that you may have running (probably not possible in your case).

Also before using ComboFix it may be necessary to rename it before saving it to your desktop.  Try *downloading it to your other computer, then into a USB memory stick (or equivalent).  Rename it and connect to the problematic machine.

Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for me.
Please do not mouseclick Combofix's window while it is running, because it may stall.  It is absolutely normal for you to see a blue screen with flashing cursor, and this can last for up to 30 mins.  Just let it run.

Try initially to run Combofix in normal mode, although it works well in normal mode or safe mode.

If you require it>
"A guide and tutorial on using ComboFix":
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24218383
Hmm .. that last method is no good because you cannot reach your desktop!
Which returns to the idea of slaving your suspect Hard drive in another computer, and running ComboFix(renamed to something else) from there.
still investigating ..
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24218459
Of course, you can boot into Safe mode and try to run ComboFix from there.
0
 

Author Comment

by:BIDMC
ID: 24229969
Thanks Jonvee for your help!

I did install MalwareBytes and it did detect some issues, I did have the program repair these issues but it didn't solve the problem.

My wife has been on me most of the day to get the computer back up and running, so I formatted the hard drive and reinstall the OS, now my computer is up and running, I just need to reinstall all programs and restore the backup data.

I want to thank you for all your help it was a great learning lesson along the way.

I will accept you solution so you can receive the points.

Thanks Again!

BIDMC
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24231064

It's invariably more rewarding when between us all we can resurrect an infected(or otherwise) machine, but at least you are 'up and running' again after a reformat, and that's good!

Hope the restoration of backup data goes well ..
0
 

Author Closing Comment

by:BIDMC
ID: 31573082
Great person to work with, Thanks for your help Jonvee!
0
 

Author Comment

by:BIDMC
ID: 24233320
Thanks Again Jonvee,

The restore went well and the computer is back up and running, most of all my wife is happy!

BIDMC
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24233399
You're welcome, and it sounds like everything is just fine!    Thank you.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question