Virus followed by boot error

Big Chris

Big Chris

Big Chris

Soldato
Joined
5 Apr 2004
Posts
5,461
Location
Bloxham
A friend of mine brought me his poorly laptop to attend to, I'm pretty sure it has a virus of some sort - once Windows 7 Home Premium has started a Windows Recovery window appears and runs a scan, reporting that the HDD has failed, has bad clusters on it, has run out of space, the RAM has failed, is overheating and needs defragging (?). Once this scan has completed it advises that additional modules are required to fix these issues so please click here to purchase.

I booted the laptop into safe mode to try and run an HDD test and it said the main HDD was not an 'Active' drive, so I changed it to active and since then it won't even boot now saying 'BOOTMGR IS MISSING'.

The directions on the MS website suggest repairing from a Win7 CD but having tried my Ultimate CD and another friend's Home Premium, neither work as it says the versions are not compatible.

The laptop in question is a Sony Vaio and the Win7 product key lists it as Windows 7 Home Premium OA Sony Corporation. Does this mean I can only fix/reinstall using a Sony specific CD?
 
Do you have access to something like GParted?

Sounds like a non boot partition has been set active? (perhaps a recovery partition?)

I'd try using GParted to check partitions and set the boot drive to the main drive to let you get back into Windows (hopefully!) and remove the malware manually.

As for which CD's can be used - the current install may somehow repaired by a Sony recovery disk, but your license key will work with any Home Premium disk if you are doing a fresh install.
 
Both CD's we've tried are 32bit, how can you tell if the version installed on the laptop is 64bit? It doesn't mention it on the label.

Will try those recovery CD's, cheers.

Arknor - what's combofix?

Six6six - not got any partition tools such as that I'm afraid. I'm pretty sure it was the C: that I set to be Active which is where Windows is install though.
 
Yeah I tried fixmbr and fixboot, but with no bootmgr I'm not having any joy.

Apparently the Windows disc will fix it, I just need to find one that works!
 
you cant repair using a windows disk as they dont use windows disks in sony laptops..

they use a custom windows image thats hidden on a seperate partion probably the one you made as the active partion.

sony also dont provide any recovery DVD's you have to make your own using a program they provide preinstalled.

combofix would have removed that fake virus scanner thing :P

btw just because C: is the drive with windows on doesnt mean it contains a bootpartion :P it would have bene on the hidden drive because you can skiploading windows by holding a keydown and instead boot into sonys recovery suite.

you shouldnt mess with laptops unless you know what your doing tbh, unless you can change the bootpartion back to what it should be everything sony is lost and you need to just install a fresh copy of windows and hope you can find the drivers you need
 
Last edited:
Big Chris said:
Six6six - not got any partition tools such as that I'm afraid. I'm pretty sure it was the C: that I set to be Active which is where Windows is install though.
Click to expand...

If you can download and burn GParted to CD to check the partition layout, that'd give you a better idea of what is going on and change active partitions.

As arknor said, the boot loader may not have been on that partition you set - each manufacturer seems to use a more convoluted method of setting up a recovery environment - Sony are particularly bad for this!

I recall a certain range of Sonys that used BCD for the OS but then had an XP based recovery console for the recovery partition which you could not set active manually - it had to be done via BCD menu option or within Windows for some reason..
 
Have I gone too far to rescue it then?

I'm downloading GParted at the mo which is a bootable .iso, do you think I'll be able to un-fiddle what I've fiddled and get it booting again, then try and kill the virus?
 
I've had a couple of sonys like that to fix, the problem is the Hard drive has failed, pretty normal for the less that very careful users !

I would try spinrite on it
then image the disk (if Your lucky)
I have used linux boot loaders to boot the recovery partition also

Good luck, Your gonna need it ;)
 
I ran a hard drive test utility on it today which took about an hour and it came back with no errors. Also ran chkdsk via the command prompt once the Windows CD fails to repair and that came back clean too, so it doesn't look like a failed drive.

The fact this Windows Recovery thing loads as soon as Windows logs in, then asks you to pay for the fix suggests it's pretty much definitely a nasty of some kind.
 
it is you need to get the laptop to boot and then run combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

i can almost garuntee combofix will remove the fake antivirus thing you have and undo any changes it has performed.

the latest one going around disables taskmanager etc constantly pops up warnings about all sorts of crap my stepson had one a few months ago and it was under the guise of "windows fixdisk" or something like that.

combofix had it sorted out within a few minutes and since then his laptop has been running perfectly since, his laptop happens to be a sony vaio to btw.

he got the spyware/virus thing from clicking a video link on facebook
 
Big Chris said:
I ran a hard drive test utility on it today which took about an hour and it came back with no errors. Also ran chkdsk via the command prompt once the Windows CD fails to repair and that came back clean too, so it doesn't look like a failed drive.

The fact this Windows Recovery thing loads as soon as Windows logs in, then asks you to pay for the fix suggests it's pretty much definitely a nasty of some kind.
Click to expand...

Ok, Make a full disk image with ghost or acronis, if it can do that the drive is OK.

Yes, You are correct that is not a real windows recovery !

I thought the original problem was "missing bootloader " ?

Can You "F8" at startup and get to safe mode ? if so get the latest malwarebytes on a flash stick and run in safe mode.
Also "Hirens" Boot CD should be a great help
 
Jakus - the original problem was this virus once Windows 7 loaded, I then bulldozed my way into the mix and knackered BOOTMGR by fiddling around safemode like a great big buffoon :rolleyes:

So the first thing I need to do is ge the thing booting again (can't even hit Safe Mode) then I can tackle the virus.

I've downloaded combofix so will give that a bash once I get back into Windows.
 
Big Chris said:
Jakus - the original problem was this virus once Windows 7 loaded, I then bulldozed my way into the mix and knackered BOOTMGR by fiddling around safemode like a great big buffoon :rolleyes:

So the first thing I need to do is ge the thing booting again (can't even hit Safe Mode) then I can tackle the virus.

I've downloaded combofix so will give that a bash once I get back into Windows.
Click to expand...

Ok, You just have to swap the active partition until You find where windows bootloader is. then check boot ini is pointing to the correct partition, simple 5 min job....do you know how to do that ?

sorry I got the wrong end of the stick, not come across this virus yet !
 
JAKUS said:
Ok, You just have to swap the active partition until You find where windows bootloader is. then check boot ini is pointing to the correct partition, simple 5 min job....do you know how to do that ?
Click to expand...
Any advice appreciated, I've not done too well so far!
 
download this http://www.hirensbootcd.org/download/

run Partition Wizard Home Edition and see what partitions are on the HD.
I can't remember what sony use

Run mini win XP and look at boot.ini (C:\) it should be something like
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Windows XP Professional x64 Edition" /noexecute=optin /fastdetect
obviously this is an XP one but it's important the partition number is correct edit if required.

the main bootloader generally gets put on the system track (mbr) of the first partition which must be an active partition to read at boot. vista and win 7 does not need to be actually installed on an active partition

When You use "fixboot" fixboot/mbr etc all sorts of nasty things can happen if the harddrive has custom unix partitions etc

Then back to partition wizzard and change the active partition

***************************************
If Your still screwed I have used "Grub" a linux boot loader to boot the recovery partition , but as I say all the sony laptops I've fixed had HD problems so I don't know whether you can do a non destructive repair
 
You must log in or register to reply here.
Back
Top Bottom