Virus followed by boot error

Big Chris

Big Chris

Big Chris

Soldato
Joined
5 Apr 2004
Posts
5,461
Location
Bloxham
A friend of mine brought me his poorly laptop to attend to, I'm pretty sure it has a virus of some sort - once Windows 7 Home Premium has started a Windows Recovery window appears and runs a scan, reporting that the HDD has failed, has bad clusters on it, has run out of space, the RAM has failed, is overheating and needs defragging (?). Once this scan has completed it advises that additional modules are required to fix these issues so please click here to purchase.

I booted the laptop into safe mode to try and run an HDD test and it said the main HDD was not an 'Active' drive, so I changed it to active and since then it won't even boot now saying 'BOOTMGR IS MISSING'.

The directions on the MS website suggest repairing from a Win7 CD but having tried my Ultimate CD and another friend's Home Premium, neither work as it says the versions are not compatible.

The laptop in question is a Sony Vaio and the Win7 product key lists it as Windows 7 Home Premium OA Sony Corporation. Does this mean I can only fix/reinstall using a Sony specific CD?
 
Both CD's we've tried are 32bit, how can you tell if the version installed on the laptop is 64bit? It doesn't mention it on the label.

Will try those recovery CD's, cheers.

Arknor - what's combofix?

Six6six - not got any partition tools such as that I'm afraid. I'm pretty sure it was the C: that I set to be Active which is where Windows is install though.
 
Yeah I tried fixmbr and fixboot, but with no bootmgr I'm not having any joy.

Apparently the Windows disc will fix it, I just need to find one that works!
 
Have I gone too far to rescue it then?

I'm downloading GParted at the mo which is a bootable .iso, do you think I'll be able to un-fiddle what I've fiddled and get it booting again, then try and kill the virus?
 
I ran a hard drive test utility on it today which took about an hour and it came back with no errors. Also ran chkdsk via the command prompt once the Windows CD fails to repair and that came back clean too, so it doesn't look like a failed drive.

The fact this Windows Recovery thing loads as soon as Windows logs in, then asks you to pay for the fix suggests it's pretty much definitely a nasty of some kind.
 
Jakus - the original problem was this virus once Windows 7 loaded, I then bulldozed my way into the mix and knackered BOOTMGR by fiddling around safemode like a great big buffoon :rolleyes:

So the first thing I need to do is ge the thing booting again (can't even hit Safe Mode) then I can tackle the virus.

I've downloaded combofix so will give that a bash once I get back into Windows.
 
JAKUS said:
Ok, You just have to swap the active partition until You find where windows bootloader is. then check boot ini is pointing to the correct partition, simple 5 min job....do you know how to do that ?
Click to expand...
Any advice appreciated, I've not done too well so far!
 
I've run a hard disk check utility and a checkdisk from command prompt on the drive and it came back ok - so it's definitely a virus. It was reporting all sorts of RAM errors too.

Got combofix so if I can sort the boot error then hopefully I can get rid of the nasties.
 
Six6siX said:
If you can download and burn GParted to CD to check the partition layout, that'd give you a better idea of what is going on and change active partitions.
Click to expand...
Legend - next time I'm in your neck of the woods I owe you a beer.

GParted allowed me to set the correct partition back and I'm now back into Windows. Next stop, the Virus...
 
The idiot let his McAfee subscription lapse so no wonder he got rumbled by this little sucker.

Proving a bit of a bitch to get rid of too, it slows down/stops pretty much everything on the laptop as soon as Windows loads.

I've tried to install Combofix as suggested earlier but it said it was a virus itself so aborted!
 
I think I've sorted it, once I un-hid protected operating system files there was a program sitting in C:\Program Data which matched the name of the .exe file that was running this apparent Windows 7 Recovery process.

I killed the process then deleted the .exe plus some other .dat files that were named the same and it hasn't come back.

I ran Combofix and it produced a report that didn't make any sense to me, so I tried Malwarebytes too which found nothing after a full scan. I'm currently removing McAfee and will install MS Security Essentials which I've used for a year or two myself without any problems.
 
Not sure where it stored the report, it opened in a text file once the scan had finished.

By this point I'd deleted the files I mentioned previous which seemed to resolve the problem though.

Thanks for all your help on this guys, very much appreciated :)
 
You must log in or register to reply here.
Back
Top Bottom