I have deleted the original C:\Windows\ntbtlog.txt file and repeated your instructions several times but no new ntbtlog has been created in the Windows file
Heur Exploit Script virus looping to blue screen on start up
#16
Posted 31 December 2010 - 07:32 PM
I have deleted the original C:\Windows\ntbtlog.txt file and repeated your instructions several times but no new ntbtlog has been created in the Windows file
#17
Posted 01 January 2011 - 01:20 AM
While in the Reatogo environment, browse to the C:\ folder. Copy the Boot.ini to the USB drive, open it in Notepad and post its contents in your next reply.
Also, browse to the C:\WINDOWS\system32 folder and copy the ntoskrnl.exe to the USB drive. Scan this file at Jotti and post the address of the report for my viewing.
Is there a chance you can get a Windows Installation CD? I would like to run an application to check the drive for errors.
#18
Posted 01 January 2011 - 01:24 AM
#19
Posted 01 January 2011 - 01:35 AM
If prompted, select any options required to boot from the CD. You will be prompted with the following options:
A. To setup Windows XP, press Enter.
B. To repair Windows XP installation using recovery console, press R.
Choose the option, "To repair the Windows XP installation using recovery console", press R. If an Administrator Password have been established, you will be prompted to type it in. If no Administrator Password exists, just press ENTER.
You will be presented with the following:
Microsoft Windows® Recovery Console
The Recovery Console provides system repair and recovery functionality.
Type EXIT to quit the Recovery Console and restart the computer.
1: C:\WINDOWS
Which Windows Installation would you like to log onto
(To cancel, press ENTER)?
Press the number assigned to the installation you need access to on your keyboard and hit Enter.
In this case and if only the above is displayed is 1.
At the C:\Windows> command prompt, type the following command and press Enter:
CHKDSK /R
It will take a considerable amount of time to finish. Do not interrupt the process.
Once finished, type Exit and press Enter to restart the computer. Let me know if able to boot into Normal Mode.
#20
Posted 01 January 2011 - 02:11 AM
Here is the Boot.ini
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /safeboot:minimal
I am also having trouble copying the ntoskrnl.exe folder as I get the message "the Windows\system32\ntoskrnl.exe application cannot be run in Win32 mode". I tried just copying it without opening it but it appears in the documents file as NTUSER.DAT and it wants me to use the web service to find the appropriate program to open it.
I will try the Windows XP disk now.
I have tried the Windows XP disk but it is saying that Setup cannot find any hard disk drives installed on my computer and it cannot continue.
Edited by Jan1959, 01 January 2011 - 06:32 AM.
#21
Posted 01 January 2011 - 11:34 AM
The Boot.ini seems to have been modified to boot in Safe Mode, perhaps throughout MSconfig (Configuration Manager).
Download the enclosed folder. Extract its contents to the Flash drive. Throughout the Reatogo environment, rename the C:\Boot.ini to Boot.old, and copy the file extracted to the C:\ folder. That should replace the file with a boot.ini that wont be calling Safe Mode upon startup.
Attempt to boot the computer in Normal Mode and let me know the outcome.
#22
Posted 01 January 2011 - 12:31 PM
#23
Posted 01 January 2011 - 01:24 PM
Make sure the new boot.ini is in the flash drive
- Copy the entire contents of the Quote Box below to Notepad.
- Name the file as fix.bat
- Change the Save as Type to All Files
- and Save it in the Flash drive next to the new boot.ini file
- In the Reatogo environment browse to the USB drive and double click on the fix.bat file. If successful, the fix.bat will disappear, the C:\boot.ini with have been renamed and replaced by the new file, and a copy the ntoskrnl.exe should appear in the Flash dive. Have that file scanned
cd /d %~dp0
Attrib -s -h -r C:\Boot.ini
Ren c:\Boot.ini Boot.old
Copy Boot.ini c:\
Attrib +s +h +r C:\Boot.ini
Copy C:\WINDOWS\system32\ntoskrnl.exe
Del %0
If successful, attempt to boot in Normal Mode.
#24
Posted 01 January 2011 - 01:51 PM
#25
Posted 01 January 2011 - 01:53 PM
#26
Posted 01 January 2011 - 02:19 PM
would you explain how to do this please? Again many apologies
#27
Posted 01 January 2011 - 02:42 PM
Download the enclosed folder. Extract its contents to the Flash drive. It is a folder, boofix, containing the Boot.ini and Runme, a batch file.
In the Reatogo environment, browse to the Flash drive, open the boofix folder and doubleclick on the RunMe.bat file. That may expedite the replacement of the boot.ini and the copying ntoskrnl.exe within the boofix folder.
#28
Posted 01 January 2011 - 03:01 PM
#29
Posted 01 January 2011 - 04:06 PM
If present in the USB drive, have the ntoskrml.exe file scanned at Jotti and post its report or report address..I think that this might have worked as the ntoskrml.exe file has increased in size. What would you like me to do now?
Have you tried booting in Normal Mode after the Boot.ini was replaced?
#30
Posted 01 January 2011 - 04:30 PM
Scanners
2010-12-04 Found nothing
2010-12-04 Found nothing
2010-12-03 Found nothing
2010-12-04 Found nothing
2010-12-03 Found nothing
2010-12-03 Found nothing
2010-12-03 Found nothing
2010-12-03 Found nothing
2010-12-04 Found nothing
2010-12-03 Found nothing
2010-12-04 Found nothing
2010-12-03 Found nothing
2010-12-04 Found nothing
2010-12-04 Found nothing
2010-12-04 Found nothing
2010-12-03 Found nothing
2010-12-03 Found nothing
2010-12-03 Found nothing
2010-12-04 Found nothing
I have rebooted my laptop and the blue screen has finally gone and Windows has loaded but there is a message on the screen called Rundll saying that there was an error loading c:\Windows\iclx40.dll. I am also changing the system configuration to normal set up as it is on diagnostic if you agree?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users