• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1071
  • Last Modified:

Windows 7 BSOD Won't Boot After Rootkit Removal

I had an infected user computer and I ended up running the McAfee Rootkit Removal Tool before finally getting the system cleaned. It was able to detect and remove one the TDSS rootkit variants. But now the Windows 7 system won't boot and blue screens before reaching a logon prompt. Running a repair doesn't work, restoring from a restore point doesn't fix it, unable to boot into safe mode, tried most of the standard things to check and try.

At that point, I searched on several of the newsgroups and found a few postings that matched this situation pretty closely. They ran a FRST utility (or 64 bit version in my case) to list the system specific settings, and were then able to get fix option to correct the problem.

I am not a member of any of those sites, but my company is setup with Experts Exchange so I wanted to see if anyone on EE can help me out on this one. I have run the FRST utility and enclosed the scan text file.
2 Solutions
You can try this method to see if  the infection caused an issue with your MBR or Boot Sector:

There are probably other tools available if you don't have an installation disc handy.

I would also connect the drive to another computer and try to access and back up your data before trying anything.
Looks like your BCD has been hijacked.

Get into a command prompt with the System Repair function and then:

bootrec /rebuildbcd

If Windows installation is identified, Enter Y or Yes to Add installation to boot list.

If not, remove and then rebuild BCD:

bcdedit /export c:\bcdbackup
attrib c:\boot\bcd -h -r -s
ren c:\boot\bcd bcd.old
bootrec /rebuildbcd

Enter Y or Yes to add installation to boot list.

You probably want to go back to C:\boot\bcd.old and delete that if everything works.
post the minidump please for more info
find it in windows\minidumps
if you get a new video card - calculate the power you need (you may overload your PS):
Euless_TechAuthor Commented:
Pmitllc had the solution listed in one of the options to try, and ZamZ0 has the steps shown that I took and it fixed the problem for me. Thanks for your help guys, good job!!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now