Windows 7 wont boot

Hi Experts,

I have a Windows 7 Home 64bit machine that wont boot in normal or safe mode....

I have pulled the drive out & backed up the data, run all tests on memory and harddrive (all ok) while I had it out I ran chkdsk /r /f  no issues found. I'm currently downloading a windows 7 disk so I can either attempt to repair from that or am  best of with a W & R? or is there something that may assist in repairing.

Windows repair from boot up does not fix it although I did come across a message about a driver missing?

The user was hacked by some one who called and he let them on his PC one thing I noticed is that windows 7 is installed on the D drive

cheers.
AndrewPartnerAsked:
Who is Participating?
 
☠ MASQ ☠Connect With a Mentor Commented:
As you have all the data recovered W&R is the definative solution where there's been unauthorized access to the machine.  Although it's highly unlikely in this kind of drive-by scam scenario you cannot be 100% certain that something else has been left that might emerge later.
0
 
Adam Andersoninfrastructure consultantCommented:
Check your hard drive is ok to boot sector.
Boot off windows dvd and there is a command to run
And fix your mast boot record.

Run command prompt and use the dvd drive letter

type the following commands:

bootrec /FixMbr bootrec /FixBoot bootrec /ScanOs bootrec /RebuildBcd.
0
 
rojoshoConnect With a Mentor RTCC-III Level-2 SupportCommented:
Hey,

Honestly, with so many unknown and wanting the abilty to sleep at night, I would erase the HDD and install a fresh new OS - That is going to be the ONLY way you and your "client" will know that the PC is 100% safe.
> You could use Belrac (Use CNET to get it) to get the full report of the installed sw packages and Product Keys.
> Thought, this would be a GREAT time to upgrade the HDD to an SSD - Just a suggestion.

Rojosho
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

 
R@f@r P@NC3RVirtualization SpecialistCommented:
Hello,

If your operating system does not start in normal mode and safe mode, it is most likely that the operating system is corrupt or is missing some startup file.

Similarly try to repair the operating system to see if you get good results.

Otherwise, start a new installation of the operating system.

regards..
0
 
NerdsOfTechConnect With a Mentor Technology ScientistCommented:
First thing, just to rule out an incorrect boot drive reference, check your BIOS to make sure the boot drive is the correct one. I would go as far as removing any spare drive that the system thinks is C: besides the drive, you're booting from.

If everything checks out and doesn't boot:

I would echo Rojosho's alternative recommendations: replace the drive. I would if I were you, for two reasons:

1. it's a very small cost for the piece of mind that you won't be running from a drive that might coincidentally be malfunctioning (despite the test results).

2. you can cleanly install Windows 7; it might be a good time to upgrade them to Windows 10 since Microsoft ended mainstream support for Windows 7 on January 13, 2015 (extended support won't end until January 14, 2020).

Next, I would change the boot drive of the new drive/install to C:, make sure BIOS uses the new drive as boot, load the old drive in with an external cradle and re-letter it if needed, run virus scans on the old drive files, safely pull the keys from the old drive's registry hive (using a keyfinder, like magicial jellybean: [https://www.magicaljellybean.com/keyfinder/]), migrate the files to the new drive/OS setup, install the apps, etc.
0
 
David Johnson, CD, MVPOwnerCommented:
what a lot of these 'repair' places do is run 'syskey' on the system which password protects the SAM database. Their 'fix' is to after receiving your money is to enter the sam database password and then run syskey again and remove the password.
0
 
AndrewPartnerAuthor Commented:
thanks for all the comments guys working on this today I will have a quick go at the other options mentioned but thinking that I will wack in another drive but sticking with Win7 for now...

I will upgrade him closer to end of support (if the pc can take it) or convince him to purchase a new one as it is getting on in age, but budget is the key here...

@ David can you elaborate why I would need syskey in this instance please... I might be missing something here?
1
 
R@f@r P@NC3RVirtualization SpecialistCommented:
Hello,

Syskey is a utility that encrypts the hash of the information password in a SAM database, using the Microsoft Windows system, using a 128-bit encryption with an RC4 encryption key that, by default, is stored in the registry. Windows

I remain attentive to your comments.

regards...
0
 
AndrewPartnerAuthor Commented:
Hi Jeimy,

Thanks for the info but like I said I'm not quite not sure how it can help me in this particular situation as I don't have an issue with passwords?

But maybe Im missing something here?
0
 
R@f@r P@NC3RVirtualization SpecialistCommented:
Hello,

I recommend you first perform the mentioned actions to see the results.

regards...
0
 
NerdsOfTechTechnology ScientistCommented:
I think they were mentioning syskey in the case that the attack was syskey based (common with phone scams).

Usually, this involves a lockout prompt like this:

typical syskey lockout screen
If this is what you are running into, or want to try this procedure just in case the attacker malformed the entry, follow these steps below, otherwise, you could skip this and replace the drive and reinstall the OS.

1.     Boot from a Windows 7 install cd.

2.     When the Install Windows page appears, click Repair your computer to access system recovery options.

3.     Run System Restore to last point before syskey password blocked access. (This will fail, but must be done). Click run system restore again (this will take you back to the options list)

4.     Open Command Prompt from the options list.

5.     Open Regedit (Type regedit into the command prompt). Regedit will open.

6.     Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa, and change 'SecureBoot' value to 0.

7.     HKEY_LOCAL_MACHINE \SAM\SAM\Domains\Account Change F value to 0000

8.     Reboot and Login
0
 
AndrewPartnerAuthor Commented:
Thanks anyway NerdsOfTech that wasnt the issue...

Quickest way was to swap the drive out and reinstall Win 7, thanks for all the tips and advice.
1
 
NerdsOfTechTechnology ScientistCommented:
Glad to be of assistance.
0
 
AndrewPartnerAuthor Commented:
Thanks for your assistance guys!!
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.