XP Pro endless reboot on starting problem

hi folks,

On Friday evening while surfing the net, actually looking for a laptop I need for work, a box appeared that warned me something couldn't write to the 'hosts' file, clicked ok and assumed some dodgy flash advert on the site was responsible. A couple of minutes later up pops 'System Defender' I knew it was malware, it even closed my AVG. and as it ran a lot of browser pop-unders appeared...

So ctrl+F4 to close all running progs, then shutdown. The intention was to boot into safe mode, run malwarebytes and remove the thing.

Reboot and it locked into the reboot cycle, the windows starting screen appears, then reboots. This happens with all modes. Got to the advanced settings in the F8 menu and stopped the reboot on error so I could read it. Turns out to be a STOP 0x00000024 error.

I dual boot linux, so rebooted to linux and mounted the windows partiton, that was fine, can read all the files no probs.

Having been here before, I went to http://support.microsoft.com/default.aspx?scid=kb;en-us;307545&sd=tech which has helped before.

This time however, it didn't work. The above link shows how to copy some files from a restore point. So I decided to follow the instructions fully and used the recovery console, if I copy the files from windows/repair folder into windows/system32/config it does actually boot, but of course that set of files were the set created when windows was first installed, so no graphics drivers or anything. Copied the restore point files over and rebooted...

yep, back into the endless reboot cycle. ARGGG!!

So, reboot into linux, check I can mount the windows partition, then ran clamav antivirus from linux, it found a couple of things all old in zip files from an old folder, nothing new.

Tried again and still can't get windows to boot in any form apart from recovery console.

It seems no matter which restore point I use to copy files from it refuses to boot.

As you kind people helped me before, I have come here as a last attempt to try and boot windows before I pull the drive, install a fresh one (sat on my desk atm) and re-install everything. Not a happy prospect as my XP has been running fine since feb 2007 so I have a lot of stuff to recover.

Thanks

Rev

 

Personally I would recommend using linux to move all of your valuable data to the linux drive/external drive, and then reloading XP. If you format the partition XP is on it should kill of any malware on there. Then just reinstall XP, install antivirus, and scan the files before recovering them to the XP partition.

However, I would recommend you wait a couple of days before doing this (if you can) in case anyone has any better suggestions.

 

If you have access to all your data through *nix then i would just back-up my data >> format and wipe the partition >> and reinstall windows.

Then get yourself a better AV than AVGfree-(it truly sucks)

Avira is a fine AV and is also free...
http://majorgeeks.com/Avira_AntiVir_Personal_-_Free_Antivirus_d955.html


Im gonna take a punt that you are running windows built in firewall???
While getting a better AV you should replace your firewall with one that is effective.

Comodo do a nice free firewall....
www.comodo.co.uk



Also, ther is many other good free firewalls and AV's to chose from if you dont like comodo or Avira.


Q

EDIT: for reference; i didn't see your post collinsl before posting.

EDIT2: dont forget if you do reinstall windows you will need to fix the bootloader for *nix.

 

Thanks Tim, I did wonder where to post tbh.

I am happily running linux, and don't 'need' windows yet... just a shame I need Autocad and Excel for work, Qcad and openoffice don't quite cut it as far as compatibility goes.

I have a brand new hard disk sat on my desk and at some point I will fit it and re-install but due the the lengthy procedure that is involved with installing windows and then all the drivers for graphics, chipset, sound, printer, scanner, webcam etc. then all the software I need a free weekend

So quite happy to wait. I might even give the PC a good clean inside, replace the thermal compound and maybe replace a noisy fan, the PC is almost 3 years old and so would be regarded as a relic

Rev

 

Please try the following steps to get your system up and running again.

Step 1
From the Recovery Console prompt, run chkdsk /p
If there are any errors found and/or repaired, repeat chkdsk /p ... and repeat again if necessary until no more errors are indicated.
Type "exit" and press <ENTER> to close the RC and restart the computer.
Does the computer start normally now? If not, continue ....

Step 2
Using the RC and the instructions already followed in the Microsoft article
How to recover from a corrupted registry that prevents Windows XP from starting
http://support.microsoft.com/default.aspx?scid=kb;en-us;307545&sd=tech
restore the necessary files from the "repair" folder again, and start your system normally.
Install and run MBAM and remove "System Defender" according to the steps in the following link
Remove System Defender (Uninstall Guide)
Posted by Grinler on November 13, 2009
http://www.bleepingcomputer.com/virus-removal/remove-system-defender

Step 3
Now, remove MBAM ...
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. http://www.malwarebytes.org/mbam-clean.exe
4. It will ask to restart your computer (please allow it to).

Step 4
I do not know what restore point you currently have restored to at this time. I would like you to ensure that your system is currently using the restore point files with a date immediately preceeding the installation of "System Defender" (Right-click on one of the relevant files > Properties and check the date). If this is not currently the case, then please perform the steps necessary to make it so.
Use the RC and the instructions already followed in the Microsoft article ....
OR ... the following (which is simpler and easier)
System Restore from Recovery Console
http://2pure.net/index.php?session=0&action=read&click=open&article=1150238652
(There are a few mistakes in the the instructions text, but simply ignore those. The only mistake of importance that I have noticed is using the command to change the prompt back one directory level: This is given as cd..
In fact you must enter a space between cd and the two dots, so that it looks like this cd ..)

Step 5
Now attempt to boot the system normally. Does it start? If so, continue ...

Step 6
Download and run MBAM again according to Grinler's instructions.

Step 7
If you are still experiencing malware issues, you may wish to post in the MG Malware Removal Forum again.

Good luck.

 

Nice post 'Alien

Rev you would do well to follow australiens post :yesyes:

Q

Edit: hope you dont mind, but that post has been copy + pasted for future reference

 

.... the sincerest form of flattery ? Of course I do not mind at all! That is what this whole forum-thing is about.

Whoops ... (Right-click on one of the relevant files > Properties and check the date)
This is not appropriate when in the Recovery Console, sorry.
Instead, do the following ....
Pick a likely RPxxx folder, and at the command prompt that looks like this ..
C:\system~1\_resto~1\RPxx\snapshot>
type "dir" and press <ENTER> to see the date of the contained files.

Note: Do NOT use the highest RPxxx number. It is likely that you will want to use the second-highest or third-highest number (perhaps even the fourth ... ?)