Blue Screen - Won't boot

Discussion in 'Software' started by IMAOZI, Mar 10, 2004.

  1. IMAOZI

    IMAOZI Private E-2

    It started out with one PC - now I have 3 that are DOA. It started yesterday as the Netsky virus went around the office - My Norton Corporate did catch them all but after the user signed back on today and . . . . . . . . nothing but blue as far as the eye can see! Have already tried the following: 1. Disabled the USB in CMos. 2. Run Windows 2000 Repair 3. Run chkdsk. 4. switched out the RAM ans relocated in other slots. 5. Disabled MUP. I am getting ready to disassemble the PC's next - any thoughts before i get up to my elbows in parts??? :cool:
     
  2. Adrynalyne

    Adrynalyne Guest

    Yeah, try Safe Mode :D
     
  3. IMAOZI

    IMAOZI Private E-2

    Been there - Done that!
     
  4. Adrynalyne

    Adrynalyne Guest

    So define a blue screen.

    Are we talking no explorer shell?


    Or are we talking about a Stop error?
     
  5. IMAOZI

    IMAOZI Private E-2

    No screen whatsoever. Just blue!



     
  6. Adrynalyne

    Adrynalyne Guest

  7. IMAOZI

    IMAOZI Private E-2

    Not posting - when started in Safe mode with command prompt it was stopping at Mup.sys. Was able to diable that - rebooted and still got BLANK blue screen. Restarted in safe mode - now stopping at NDIS.sys.
     
  8. Adrynalyne

    Adrynalyne Guest

    Ok...yes, you are POSTing...

    Did you try the article I posted?

    Did you try ctrl-alt-del to see if anything came up?


    I've seen plenty of issues that keep you from booting to Safe Mode, yet you can boot to normal mode, or at least partially boot (we still haven't determined if you are simply missing a shell).

    To clarify, SafeMode isn't stopping at ndisy.sys, it simply can't load the next device.

    So to disable mup.sys or ndis.sys is pointless.

    Have you tried enabling bootlogging to see what it is hanging on?


    http://support.microsoft.com/default.aspx?scid=kb;IT;202485
     
  9. IMAOZI

    IMAOZI Private E-2

    Ok - read article. Tried the other versions of Safe Mode . . nothing. Tried again and tried the clrt-atl-del - again nothing. What do you mean missing a shell? It gets to the display of "Windows 2000 Pro loading" and then goes blue. Does this help?

     
  10. Adrynalyne

    Adrynalyne Guest

    Every OS has a shell--a user interface.

    If it doesn't load in Windows, you get a blank wallpaper.

    Did you try bootlogging? You have to read the entire article. Bootloogging doesn't get you into Windows. It makes a log file for you to read, so you can see where it is hanging or has a problem.
     
  11. General_Lee_Stoned

    General_Lee_Stoned BuZZed Lightyear

    Just to add something here are you sure that the netsky virus didnt get through because i thought part of that virus deletes the explorer value from the registry amongst other things
    Hence the infected machines not having any explorer shell

    Ill have to look it up but thought i might just throw it in :)
     
  12. IMAOZI

    IMAOZI Private E-2

    Could be a blank wallpaper. Tried enabling bootlogging - it the goes to the blue screen(wallpaper?). Am I missing a step?

     
  13. IMAOZI

    IMAOZI Private E-2

    I could have gotten through. Norton caught the virus but the worm deploys anyway. This happed before I got the new updates on Monday. Several people here opened the emails because they were coming from someone they knew and trusted! I have been able to combat all this with Stinger & Adaware6. 2 machines did not survive. Is there a way to repair the registry - I tried last known good configuration and got nothing. :D

     
  14. General_Lee_Stoned

    General_Lee_Stoned BuZZed Lightyear

  15. General_Lee_Stoned

    General_Lee_Stoned BuZZed Lightyear

  16. snakefoot

    snakefoot Sergeant Major

    Don't should put much into what driver(sys-file) that was loaded last before the initialisation of Windows starts.

    Think you should check for hardware conflicts (Anything from BIOS, RAM, Hyperthreading, USB-Devices, PowerSupply supplying enough power, etc.)

    Also you say you get the BSOD, but does it write any errors or is it just blank ?
     
  17. IMAOZI

    IMAOZI Private E-2

    Just blank. Have disconnted the DVD, changed memory, changed location of memory, remove NIC, disconected the floppy.

     
  18. IMAOZI

    IMAOZI Private E-2

    Am trying this now. Will keep everyone posted. Wish me luck! don't want to go to the last resort - reinstalling everything.:rolleyes:



     
  19. IMAOZI

    IMAOZI Private E-2

    I got as far as disk #2 and got the following error message:

    File \ntkrnlwp.exe could not be loaded.
    The error cose is 7

    Setup cannot continue
     
  20. General_Lee_Stoned

    General_Lee_Stoned BuZZed Lightyear

  21. Bobstar

    Bobstar Private E-2



    This sounds just like what is happening with me. My machine posts, but as soon as it gets to the xp pro screen, it restarts. No safe mode, no anything. I have started it with my set of six floppies, yes it is a pain, and have re written the boot sector and ran mbr.
    still nothing
    is it the netsky virus?
    how can I run the repair tool without starting ?
     
  22. realone

    realone Private E-2

    Little late reply, but after some Googling for my same problem I saw this topic and thought...let's try to help. ;-)

    My sollution to the problem was this:

    Start > Run > regedit

    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\Winlogon\

    There a key there named Shell. I should be directed to C:\Windows\explorer.exe.

    My problem was that it was directed to a file named WSMRESTP.EXE somewhere on my PC. After redirecting it then problem was solved after a LogOff / Reboot.
     
  23. IMAOZI

    IMAOZI Private E-2

    The problem was - Netsky!

    After lots of research and trying. I thank everyone that had a suggestion and I tried them all! It turned out to be the Netsky virus had deleted the winlogon.exe file & the reg key!

    I had to piggyback another drive on the systems and run the removal tool from Norton and stinger to get them all cleared. There was at least 5 different versions of the same virus on each machine. Norton did catch the virus but this particular attack had a worm hidden in the background and it deployed.

    I sent the versions to Norton for examination - they only had this listed and a low threat and deployment! They replied that they will reasses the threat.
     
  24. goldfish

    goldfish Lt. Sushi.DC

    Define blue... is it like default wallpaper colour or are we talking the 100% blue you get on a stop screen?
     
  25. snakefoot

    snakefoot Sergeant Major

    Glad you got your problems worked out. Strange that the original Windows\System32\Winlogon.exe disappeared, since the Netsky places itself at Windows\Winlogon.exe, and without the original Winlogon.exe then the virus/worm is not able to spread itself.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds