Solved Boot fails post-restart after Malwarebytes

October 11, 2011 at 12:35:48
Specs: Windows 10.03.2010
I have a problem restarting after Malwarebytes found 2 Trojan horses; restart was prompted after the removal, with the result of the restart blue screening, then restarting ad infinitum. The Dr. Web Live CD procedure did not help. I then tried the OTLP CD solution after mounting that .ISO image and burning, etc., but I could not get to the "Remote registry" screen which was the suggested route. Double clicking the OTLP icon after loading from the OTLP CD gave a prompt for which drive to scan, and then "No Windows Components" indicated after C drive is indicated. I am using Windows Vista OS, on a Toshiba Satellite notebook. The problem now is that after exiting from and removing the OTLP disc, the booting-up after the Windows screen gives a black screen with message "A disk read error occurred Press Ctrl+Alt+Del to restart". I re-attempted Dr. Web (Default), scan finished, but this still results in the same black screen with message as just indicated. Pressing Ctrl/Alt/Del just results in the Windows screen followed by the aforementioned message. I had someone fix this issue for me in the past (i.e. the restart after a scan, ostensibly to "completely" remove malware, resulting in this loop), wanted to DIY-it but stuck...

edited by moderator: remove personal information


See More: Boot fails post-restart after Malwarebytes

Report •

✔ Best Answer
October 14, 2011 at 12:37:28

Updated the instructions in Post #4 above after testing them on a Vista machine on14Oct2011, 14:32PM.

You should be able to follow the steps below:


Download NTBR to a clean computer:
http://noahdfear.net/downloads/boot...

Save to the Desktop.

Open the 'NTBR_CD' folder created, and double-click on the BurnCDCC application.

In the prompt that appears, click: Browse

Browse to the newly created NTBR folder and select the NTBR_CD (Disc Image File)
Name it: NTBR
Click: Open
(The file path of the Disc Image File appears to the left of the 'Browse' button
Click: Start

Insert a blank CD when prompted, and click: OK
The ISO is copied to the CD.
When the CD is ejected, it is ready.
Close the prompt and remove the CD from the drive.

In the infected computer, set the CDROM as first boot device, if it isn't already.
Info:
http://www.hiren.info/pages/bios-bo...

If you enter the BIOS and are unsure if you have carried out the step correctly, there is an option to exit without keeping changes, so you won't do any harm.


Insert the CD created in the tray.
Boot the infected computer with the CD.

At the language options, press: ENTER if you want the default English.

Now, at the screen with six options:
1. MBRWORK
2. TESTDISK
3. EDITINI
4. NTFS4DOS
5. COMMAND PROMPT
6. QUIT

Type 1 to select the MBRWORK tool, and press Enter

At MBRWORK:
Type 5 to Install standard MBR code, then press Enter
Type 1 to select Standard, then hit Enter
Type Y, then press Enter to confirm
Type E, then press Enter to exit

Back at the menu, type 6 to Quit

Now, press Ctrl Alt Del (All 3 keys simultaneously!) to restart the machine.
Eject the CD upon restart, and boot.

Are you able to boot normally?

If not, are you able to borrow a Vista installation CD from someone. (It cannot be a Vista "Restore CD")

If so, we can attempt another approach.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals



#1
October 11, 2011 at 20:32:42
jdavidwik,

My first reaction is that perhaps the virus damaged your Master Boot Record. However, there could be other factors causing this error...

Do you have the Windows Vista installation DVD?

(Presume you are running Vista.)

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#2
October 12, 2011 at 06:22:38
Yes, running Vista and No, don't have the disc anymore.

Report •

#3
October 12, 2011 at 20:53:28
Is this a 32-bit system, hopefully?

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

Related Solutions

#4
October 13, 2011 at 09:02:19
jdavidwik ,

Carefully follow the steps below...

You may want to make a copy of this first, and read it through.

Download NTBR to a clean computer: http://noahdfear.net/downloads/boot...

Extract its contents to the Desktop.

Once extracted, open the NTBR_CD folder and double-click on the BurnItCD application.

Insert a blank CD when prompted.
Follow the prompts to burn the .ISO image to the CD.

Note: Set the CDROM as first boot device in the infected computer, if it isn't already.
Info:
http://www.hiren.info/pages/bios-bo...

If you enter the BIOS and are unsure if you have carried out the step correctly, there is an option to exit without keeping changes, so you won't do any harm.


Boot the infected computer with the CD, and follow the prompts.

Press Enter for English
At the menu type 1 to select the MBRWORK tool, and press Enter

First, backup the MBR to file with MBRWork on the NTBR image:

Type 1 and hit Enter to start MBRWORK
At 'Choose Option': type C and hit Enter to Capture Sectors
At 'Enter File Name': type mbr.bin and hit Enter
At 'LBA': Leave at 0 and hit Enter
At 'Number of Sectors': Leave at 1 and hit Enter

The screen will show:
Processing ...
Save completed - Press Enter

Hit 'Enter' then at 'Choose Option': type 1 to go back to MBRWORK options

(The mbr.bin file will be saved in the X: ramdrive, which you now need to copy to disk.)

Now,
Type 4 and hit Enter to start NTFS4DOS - the hard drive should be assigned the letter G and you will be at an X:\> prompt
Type copy mbr.bin g:\ and hit Enter
You should see mbr.bin => g:\mbr.bin and return to the X:\> prompt

Type exit and hit Enter, then, type 1 and hit Enter to return to MBRWORK

Now, at MBRWORK, type 5 to Install standard MBR code, then press Enter
Type 1 to select Standard, then hit Enter
Type Y, then press Enter to confirm
Type E, then press Enter to exit

Back at the menu, type 6 to Quit

Press Ctrl Alt Del (All 3 keys simultaneously!) to restart the machine.
Eject the CD upon restart, and boot.

Are you able to boot normally?

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#5
October 13, 2011 at 11:45:57
Yes, 32-bit...will follow your instr's when I arrive home...

Report •

#6
October 13, 2011 at 18:52:02
jdavidwik,

Please note:

Edited Post #4 above to include an mbr.bin backup!!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#7
October 14, 2011 at 12:37:28
✔ Best Answer

Updated the instructions in Post #4 above after testing them on a Vista machine on14Oct2011, 14:32PM.

You should be able to follow the steps below:


Download NTBR to a clean computer:
http://noahdfear.net/downloads/boot...

Save to the Desktop.

Open the 'NTBR_CD' folder created, and double-click on the BurnCDCC application.

In the prompt that appears, click: Browse

Browse to the newly created NTBR folder and select the NTBR_CD (Disc Image File)
Name it: NTBR
Click: Open
(The file path of the Disc Image File appears to the left of the 'Browse' button
Click: Start

Insert a blank CD when prompted, and click: OK
The ISO is copied to the CD.
When the CD is ejected, it is ready.
Close the prompt and remove the CD from the drive.

In the infected computer, set the CDROM as first boot device, if it isn't already.
Info:
http://www.hiren.info/pages/bios-bo...

If you enter the BIOS and are unsure if you have carried out the step correctly, there is an option to exit without keeping changes, so you won't do any harm.


Insert the CD created in the tray.
Boot the infected computer with the CD.

At the language options, press: ENTER if you want the default English.

Now, at the screen with six options:
1. MBRWORK
2. TESTDISK
3. EDITINI
4. NTFS4DOS
5. COMMAND PROMPT
6. QUIT

Type 1 to select the MBRWORK tool, and press Enter

At MBRWORK:
Type 5 to Install standard MBR code, then press Enter
Type 1 to select Standard, then hit Enter
Type Y, then press Enter to confirm
Type E, then press Enter to exit

Back at the menu, type 6 to Quit

Now, press Ctrl Alt Del (All 3 keys simultaneously!) to restart the machine.
Eject the CD upon restart, and boot.

Are you able to boot normally?

If not, are you able to borrow a Vista installation CD from someone. (It cannot be a Vista "Restore CD")

If so, we can attempt another approach.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#8
October 31, 2011 at 16:28:26
Sorry about the long time interval...
I do have a Vista CD, but it is a "Restore CD" as I attempted a Startup Repair.

After Searching For Problems and then Repairing Problems, this resulted in a return to the original blue screening and restarting loop.
Would you now recommend the Vista installation CD (I could obtain it), or your NTBR, etc. solution?


Report •

#9
October 31, 2011 at 19:39:30
Found a Vista Installation CD, ran the same exact Startup Repair option...it found problems and repaired them, then I finished and restarted...and this time the restart was successful....all my data is still present, etc.....so thanks again aaflac44, for whatever reason the Startup Repair on the full Vista Installation CD worked...

Report •

#10
November 1, 2011 at 05:39:24
Great job, jdavidwik!!

Was ready to tackle your issue this AM, and was pleasantly greeted with your note (Post #9).

The Operating System installation CD, IMO, is the first and best choice to return the system back to what it should be. In its absence, other programs are used.

Glad everything worked out.

Have a great week!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

Ask Question