Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dad's PC victim of malware - OS won't load - can't access


  • Please log in to reply

#1
soonerskies

soonerskies

    Member

  • Member
  • PipPip
  • 74 posts
I'm trying to help my dad with his pc. He's upper 70's and clicks on things he shouldn't. His machine's in bad shape at the moment. It's a Gateway, several years old running XP. It's been difficult extracting consistent information from him ... as this experience flustered and scared him ... but here's the best I have for what happened.

He clicked on a link he thought was for some photography software. He said "things started to happen fast", I'm assuming a bunch of screens popped up with scary things making him think his PC was under attack (which of course it was). It finally settled on a payment screen. I have told him numerous times before if something like this happens to do nothing and call me, or turn the machine off and call me and NEVER provide them payment of personal info. Unfortunately, he panicked and provided his credit card information. They charged him $75 and change. After that he got a confirmed payment screen, which he printed out. However, shortly after that, he said the screen started to fade ... and he claims the words ... "I'm growing weaker" and perhaps "I'm dying" came up. His recollection was extremely tenuous as he was very confused and overwhelmed ... so not entirely sure of these details. Anyway, he said the screen faded to black and he was unable to do anything further.

I came over to try and figure out what had happened and the condition of his machine. I powered on the PC, started tapping the F8 key, hoping to get to Safe Mode. After about 10 seconds the "Gateway" logo comes up and in the lower right has "BIOS Settings: <F2>" and "BOOT Menu: <F10>". Still tapping F8. After about another 10 seconds, a screen comes up displaying the "Physical Disks" information ... this is displayed for just a couple of seconds, then goes to black. After about 10-12 seconds a flashing white horizontal cursor appears in the upper left corner. That's all it does, as far as we can go. I tried booting multiple times ... the F8 doesn't work, can't get to Safe Mode. I was able to use F2 to access the BIOS Settings and F10 to access the Boot Menu. I asked him if he had a Windows XP CD ... the only thing he came up with was a "Gateway Operating System - Windows XP - Home Edition Version 1.2" that says "Use this CD to reinstall your operating system". So concerned this CD only for reinstalling and may not be useful for recovery.

I'm at a loss at this moment as what to do next. Is there some way to bring the system up in Safe Mode?

My dad's a retired photographer and has a massive amount of his photo images on that disk ... some are backed up ... but not all. He had recently gotten a USB external drive to back up his stuff ... but had troubles with it and never got a complete backup made. I hadn't been able to help him get that done before this happened. So ... hopefully, we can recover from this disaster and get all of his pictures backed up and safe. Any help will be extremely appreciated!
  • 0

Advertisements


#2
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi soonerskies and welcome to G2G. :)

Fixing unbootable computer is not an easy task specially in your case, F8 not working lessen our options to fix your problem. Let's see what we can do.


Please print these instruction out so that you know what you are doing

Download OTLPEStd on your desktop.

Link 1

Burn OTLPE.iso to a CD.

  • Insert a blank CD on your CD-Rom
  • Double click OTLPEStd icon to run the program.
  • When prompted "Do you want to burn the CD?", please choose yes.
  • ImgBurn will now extract and automatically load and burn OTLPE.
Note: Click the Write/Burn button if the burn process does not start automatically.


Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved  in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the C:\OTL.txt file in your reply.
  • Click Start > Shut Down to shut down OTLPE and the CD will automatically release.


  • 0

#3
soonerskies

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Hi sempai ... thanks so much for picking this up!

Ok ... I burned OTLPE.iso to a CD. Set his machine to boot from CD drive. Double clicked the OTLPE icon.

But instead of seeing "Do you wish to load the remote registry", I got a "Browse For Folder" window. (see attached pic 2011-10-02_100225.png) I had seen in a previous post, someone had had a similar problem and they were asked to look for the Windows directory. Unfortunately, the OneTouch4 (C:) directory that shows up, is not the original C: directory of the machine, I believe the OneTouch is a USB portable drive he has. The original C: drive with contents doesn't show at all in this OTLPE browse window.

I pulled up "My Computer" browser window and it sees the same things as the OTLPE browser.

Now ... on bootup, even though it doesn't get far ... it does seem to see the physical disks that his c: drive is on (at least I think it does) (see attached pic 2011-10-02_095523.png). He had one large disk, partioned in two. This screen shows the drive model as "ST3750640AS", the serial numbers and size (698.7GB each). Hopefully that's good news.

Thanks ... soonerskies

Attached Thumbnails

  • 2011-10-02_100225.png
  • 2011-10-02_095523.png

  • 0

#4
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please press the Windows key + E to launch Windows explorer, then try to access the C:\ drive... Double click on it and tell me what you see.
  • 0

#5
soonerskies

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Yes, sorry I wasn't clear ... when I said "I pulled up "My Computer" browser window" ... I did so by pressing the Windows key + E. It recognized the same drives as the OTLPE browser. It didn't see the original c: drive. :)
  • 0

#6
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
We need to use the Windows Installation CD so we can access the recovery console.

  • Insert Windows Install disc to boot from CD.
  • Press any key on the keyboard when prompted.
  • Press R to load the Recovery Console.
  • Enter your password when prompted.
  • You must enter which Windows installation to log onto. Type 1 and press enter.
  • At the C:\Windows prompt, type the following bolded text, and press Enter (note the space between chkdsk and /r):

    chkdsk /r

  • Allow it to complete undisturbed.
  • When completed, type the following bolded text below and press Enter:

    exit

  • It will exit the recovery console.

  • 0

#7
soonerskies

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
I assume these instructions apply while booting up using the OTLPE.iso CD I burned ealier ... yes? I don't remember seeing that option before ... but that doesn't mean it wasn't there. Do I need to hit any function key while it's booting to get this option? ??? Thx!
  • 0

#8
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Sorry I posted an instruction where the recovery console is already available, I edited my post (while you're making your post) so please kindly read it again, thanks.
  • 0

#9
soonerskies

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Ok, thx. Hmmmm ... the only XP-related CD he's found so far was this one ...

"Gateway Operating System - Windows XP - Home Edition - Use this CD to reinstall your operating system - Version 1.2".

Instructions on the CD say ... "To begin reinstallation: 1. Insert this CD into the CD/DVD drive. 2. Restart the computer. 3. Follow the on-screen instructions."

Would you say I'm safe with trying that CD? When I saw this CD, I was concerned it could automatically start installing the OS and wipe out all his stuff ... would you have any concerns like this? Hopefully it gives me a way to opt out before doing irreverable changes. ???

I've asked him to continue searching for additional CD's ... not sure, but this could be the only OS-related CD Gateway may have supplied.

Edited by soonerskies, 03 October 2011 - 08:43 AM.

  • 0

#10
soonerskies

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Well ... this isn't encouraging.

Ok ... I disconnected the usb portable drives he had connected to his machine. I used the Gateway reinstallation disk and was able to get to the Recovery Console. It didn't ask me for a password and it didn't ask me "which Windows installation to log onto" (the "Type 1 and press enter"). it instead went straight to a c:\ prompt. I tried to change directories to Windows ... but it said "There is no floppy or CD in the drive". I then tried entering "chkdsk /r" from the c:/ prompt and it responded with "The volume appears to contain one or more unrecoverable problems". :) Anything else we can try? Thanks!
  • 0

Advertisements


#11
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

I will ask the experts here just to make sure that we're barking up the right tree, I will get back to you ASAP.
  • 0

#12
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Let's diagnose your HD.

Run hard drive diagnostics: http://www.tacktech....ay.cfm?ttid=287
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.

NOTE. If your hard drive is made by Toshiba, try the Hitachi DFT CD Image version of the software

Thanks to Broni for the instructions
  • 0

#13
soonerskies

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Based on the picture I posted on Oct 2nd, the model number indicates his drive is a Seagate Barracuda 750GB internal drive, partioned in two parts. I went to the tacktech site and selected SeaTools for Windows v1.2.0.5 (3/9/11). The download is an executable. Did I choose the right tool?

I found the tutorial to install and use SeaTools here ...
http://support.seaga...s_Warranty.html

The User doc is at ...
http://www.seagate.c..._Windows.EN.pdf

The instructions say to download the executable to a location and then click it to launch the Windows Installation Wizard (WIW). I have saved the .exe to a thumbdrive. I'm not at his machine right now, so can't try anything yet ... but was wondering what I might need or be able to do, to get this thing to install or run.

The instructions provided in the previous post said "Depending on the program, it'll create bootable floppy, or bootable CD." ... I went through the tutorial and didn't see where it suggested I could create a bootable floppy or CD. Any thoughts/suggestions?

I've currently disconnected it, but there's the USB external drive that the system had previously identified as the c: drive, if you think that's an option to install to ... but then don't know if WIW would be supported. ??? I also have the Gateway OS reinstallation CD + the OTLPE.iso CD. One other potential issue ... so far I haven't tried seeing if the system will mount a USB thumbdrive to allow me to transfer the .exe file over.

Thank you for your patience! ... soonerskies

Edited by soonerskies, 04 October 2011 - 02:20 PM.

  • 0

#14
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Download SeaTools for DOS (ISO CD-ROM Image): http://www.seagate.c...ols/seatooldreg
Burn the ISO image to a CD.
Boot the computer from CD and Accept the "End User License Agreement".
Under "Basic test" choose "Long test" and it will start scanning.
Once the test is completed, click on "View log" to open the log.
Please note the contents of the log and pay attention on the bottom part where you can see if the test is Passed or Failed.
Choose Exit to exit.
  • 0

#15
soonerskies

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Thank sempai! Just an update. I downloaded the dos version and burned the CD. Was able to start the diagnostics on my dad's machine. It recognized both partitions! I started the long test on the first partition. I wasn't able to stick around for it to complete, as it was apparent it was going to take quite a while to run. My dad called about 30minutes later saying they had lost all power to their house. :) So ... I will restart the diag's tomorrow morning. Encouraging that at least it saw the drive and partitions and started to run. Will be Thursday afternoon or evening before I can post the results. Thanks again! ... soonerskies
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP