Need help from user with Dell XPS 420

Hi,

I am helping a user whose Dell XPS 420 was infected with a serious rootkit infection (TDL4) that nuked his MBR.

If you have a Dell XPS 420 with the original Vista installed, you can help us!

What we need to get this computer working again is a copy of the MBR from your Dell XPS 420. You can save a copy of your MBR using legit tools like:
mbrcheck (http://www.kernelmode.info/MBRCheck.exe)
aswMBR (From Avast!) (http://public.avast.com/~gmerek/aswMBR.exe)

and you can attach it to your post in a zip file. That is like 3 minutes work and might save a user from a tedious format&reinstall.

Note: replacing his MBR with a standard Vista BMR ==> Blue Screen of Death. We need the original non-standard Vista MBR from the Dell.

Thanks.

 

I think you are on the wrong track looking for a 'custom' mbr . Dell does not do anything to the mbr - it uses the standard mbr.

Based on what you describe, it sounds like the BIOS is configured to run the hard disk in AHCI mode, but the AHCI driver isn't installed, so I would check the BIOS settings to see if AHCI is enabled, and disable it if it is.

If that's not the cause, we can look to other things.

 

@abekl: Dell do indeed use some very specific ways (2 different tools and methods that I'm aware of in recent years) to hide and unhide partitions on their installs, depending on whether or not it's set to boot normally or to boot to diagnostics or reinstall mode. Using the incorrect MBR/partition repair method leads to loss of access to the recovery partition or worse, which is what has already happened to the machine in question here, by the sound of it.

Inside the Dell PC Restore partition. For Vista.

 

You're talking about this statement on the webpage
How the DSR Partition Boots

Both DSR types boot by using MBR boot code customized by Dell. This Dell MBR does not affect the boot process when booting the Windows partition or the Utility partition--indeed, no special MBR is needed to boot either of those. However, the DSR partition cannot be booted without this new MBR.

I still don't see that using a standard mbr would cause a bSOD when booting the standard Windows partition. Of course, I could be wrong, but it just doesn't sound right.

 

Thanks I´ll try that.

You are sure Dell doesn´t modify the MBR? Having factory restore options during boot normally indicates mbr has been modified, or is that no longer valid for Vista?

BTW user has the Vista Disks that came with the Dell. But if he starts up with that Vista disk, it can´t find his HD.

 

I'm reconsidering my position on this. Dell must indeed use a custom boot loader to present the restore partition for use, but I still don't see the tie in to the BSOD problem.

I do know that certain XPS systems ship with the BIOS set to AHCI mode for the hard drive, which might explain why the hard drive is not being see by the Dell restore CD. That's why I suggested turning off AHCI in the BIOS if it is in fact set to on.

 

Thanks a lot everybody for your help.

Problems is solved. Solution: install linux. Muhahahahaha. Everybody should do that.