Gerbz
asked on
How can I stop my pc from rebooting after removing smart hdd virus and doing system restore on a xp pro machine.
HDD VIrus made everything dissapear. I followed instruction on how to remove it.
http://www.bleepingcomputer.com/virus-removal/remove-smart-hdd
After i regained control, i did the unhide.exe also. I got programs back
but they all said empty.
So i tried the easy system restore.OOPS
NOw pc keeps rebooting.
I have a XP home disc.
OS im working with is XP PRO
Also tried a repair utility booting from cd and entering in certain commands in command line but that did not work either
I could not get past the first line. I could only enter in one letter.
I extracted all files from all user onto a external hard drive but I want the machine running again. I took the hard drive out and used a Ultradock v4 for sata and ide drives.
I dont have any OEM's for the xp home that I want to give away any away. the OEM code is not on the side of box for XP PRO.
I can also scan the Hard drive with ESET antivirus too.
WHat NEXT anybody???
I will be putting the hdd back in tomorrow but its kinda hard to troubleshoot anything when the pc keeps rebooting!
ANY HELP would be greatly appreciated
http://www.bleepingcomputer.com/virus-removal/remove-smart-hdd
After i regained control, i did the unhide.exe also. I got programs back
but they all said empty.
So i tried the easy system restore.OOPS
NOw pc keeps rebooting.
I have a XP home disc.
OS im working with is XP PRO
Also tried a repair utility booting from cd and entering in certain commands in command line but that did not work either
I could not get past the first line. I could only enter in one letter.
I extracted all files from all user onto a external hard drive but I want the machine running again. I took the hard drive out and used a Ultradock v4 for sata and ide drives.
I dont have any OEM's for the xp home that I want to give away any away. the OEM code is not on the side of box for XP PRO.
I can also scan the Hard drive with ESET antivirus too.
WHat NEXT anybody???
I will be putting the hdd back in tomorrow but its kinda hard to troubleshoot anything when the pc keeps rebooting!
ANY HELP would be greatly appreciated
If you do have to purchase another HDD, then you can later use it for an external backup drive, or turn your system into a dual-drive RAID1 config, which will protect against data loss in event of a drive failure. It won't help you with data loss in event of a virus.
I guess the way to go is to do a clean reinstall.Even u manage to get it working u will have a lot of issues due to severity of the damage.
i agree a fresh install maybe the best, but if you want, you can try this method for a system restore (and pick an older one)
http://support.microsoft.com/kb/307545
--------------------------
An easier way is to boot from a Bart PE CD (or UBCD4Win CD) and use the file manager for manipulating files. Here the procedure :
1. rename c:\windows\system32\config
2. Navigate to the System Volume Information folder.
it contains some restore {GUID} folders such as "_restore{87BD3667-3246-47
The restore points are in folders starting with "RPx under this folder.
3. In such a folder, locate a Snapshot subfolder. This is an example of a folder path to the Snapshot folder: C:\System Volume Information\_restore{D8648
4. From the Snapshot folder, copy the following file to the c:\windows\system32\config
_REGISTRY_MACHINE_SYSTEM
5. Rename _REGISTRY_MACHINE_SYSTEM to SYSTEM
6. Exit Bart PE, reboot and test
Use a fairly recent restore point from at least a day or two prior to problem occurring .
** you can add the other hives also with this procedure
http://www.nu2.nu/pebuilder/ BARTPE
http://www.ubcd4win.com/ UBCD4WIN
http://support.microsoft.com/kb/307545
--------------------------
An easier way is to boot from a Bart PE CD (or UBCD4Win CD) and use the file manager for manipulating files. Here the procedure :
1. rename c:\windows\system32\config
2. Navigate to the System Volume Information folder.
it contains some restore {GUID} folders such as "_restore{87BD3667-3246-47
The restore points are in folders starting with "RPx under this folder.
3. In such a folder, locate a Snapshot subfolder. This is an example of a folder path to the Snapshot folder: C:\System Volume Information\_restore{D8648
4. From the Snapshot folder, copy the following file to the c:\windows\system32\config
_REGISTRY_MACHINE_SYSTEM
5. Rename _REGISTRY_MACHINE_SYSTEM to SYSTEM
6. Exit Bart PE, reboot and test
Use a fairly recent restore point from at least a day or two prior to problem occurring .
** you can add the other hives also with this procedure
http://www.nu2.nu/pebuilder/ BARTPE
http://www.ubcd4win.com/ UBCD4WIN
What you can do as well is try and get a Windows XP SP3 disc from someone and try a windows repair it is the second repair option that comes up before you can delete the partition, as the XP home edition will not work so i think everything you have tried with the XP home disc was a wast of time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I suggested the windows repair to see if he can get into his desktop to retrieve that licence key as he stated that he does not have a OEM Sticker on the box and the PC keeps rebooting so there is no way he can get into his desktop at the moment.
Knowing why it is rebooting would help. Using F8 to get to the boot options screen, disable automatic restart. This should result in a blue screen with an error message. We can then go from there. I would tend to agree with nobus that it is a corrupt registry hive, but know ing for certain, and knowing which one, would really help.
ASKER
I have not had time to use these solution yet but thanks for the input. I think magic jellybean will do the trick though if I can extract the OEM
Then you can assess the damage. If you don't have another computer you can transfer the files to for safe keeping over the network, then you're just going to have to purchase another HDD.
THere really is no other way to know exactly what is going on if you are booted to the infected system.