Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Rootkit Win32.Tdss.Mbr causing XP Pro to blue screen after splash logo

  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 1 posts
Ok, so this is what's happening:
After a pretty routine restart, XP now refuses to load. At bios screen - fine. At os select/bootscreen choice - fine. The Xp logo comes up - fine. Just as it should be showing the logon screen, everything halts to a Blue Screen. The strange thing is, if i were to put this drive in an external enclosure and connect it via USB to the laptop I also have, I can view and access any and all files on it! I used this process to scan for viruses (MalwareBytes AND Sophos) and found a few(3 total, among them the one mentioned in topic title), quarantined, deleted them and rescanned it until clean. When I put it back in the pc it came from and try to boot-up like normal, it gives me a black screen with the "Sorry for the inconvenience..." message 1st, then after choosing any of the options listed, the XP logo splash loads, then comes the blue screen. This is the master for that pc as well. How is it when in my enclosure I can view the files but get a blue screen when it's in the original box? What is happening??? Someone help this makes no sense. I don't want to lose my stuff...so what else can I do???
  • 0




    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi SteezyG,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

Ok lets investigate this mystery. :D

Restart your computer with Automatic Restart on System Failure disabled
  • You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight "Disable Automatic Restart on System Failure" then hit enter

  • If windows failed to boot, windows will not restart and will show a blue screen indicating the source of the error as shown in the example below

    Posted Image
  • Copy the technical information (as shown in the above example enclosed in red boxes) and post it on your next response.


On the clean computer.

  • Download the attached Scan.txt and save it to your USB stick.
    Attached File  scan.txt   423bytes   163 downloads
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD

On the infected computer.

  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads ;)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click Custom scans and fixes box, a dialogue box will appear. Choose the scan.txt saved previously on your USB drive.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

Edited by Salagubang, 09 January 2011 - 08:07 PM.

  • 0



    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP