Windows booting into startup repair - virus

NotAGolf · 25 Aug 2011 at 10:40

I somehow managed to get a virus today. It looked like one of those applications that mimicked a spyware removal tool, can't remember what it was called I'm afraid. I knew it was a virus so went to run malware antibytes but it blocked that, it also closed down MSE and blocked cltr+alt+del.

I rebooted the computer and put it into safe mode, but as soon as I selected safe mode, it shows the 'windows is loading files' bar along the bottom and the runs windows startup repair. It will search and then say its found an error but can't fix it.

I then booted from the windows 7 disk and tried running the startup repair. That completed and found no errors. I also tried system restore, but as soon as I select a boot option (safe mode, normal, last known good configuration etc) it runs the startup repair again.

I'm thinking that the startup repair tool it runs is immediately after selecting a boot mode is part of the virus and not the genuine tool considering I get a different result when running it form the disk.

Is there anything I can do apart from a full format to get round this? If I could get into windows then I might be able to start running scans etc.

I imagine the only other thing I could do is run from the disk and run the command prompt and perhaps disable something from running???

Thanks for any help.

Duke · 25 Aug 2011 at 10:45

Have you got another PC you can slave the disk into? You can virus scan it from there then.

NotAGolf · 25 Aug 2011 at 11:53

I don't have one handy but could possibly get hold of one tomorrow though. How do you go about connecting the drive? Obviously with a SATA cable, but how does it know which HD to boot off if both have windows installs on?

I've not paid attention when running scans normally, do you get a choice in MSE, Malware antibytes, spybot etc as to which drive to run it on?

I'm also worried about infecting the computer I attach it to as its not mine so don't want to break that one as well and have 2 formats to do!

Duke · 25 Aug 2011 at 21:11

Na it will be fine. Just plug in and double check in the BIOS that the HD order hasn't changed - i.e. the original HD is still the first one in the list on that computer and it will boot like normal. You can then just point it to the correct HD (need to select 'full scan' in MBAM to do that). Run NOD32 trial through it as well.

NotAGolf · 27 Aug 2011 at 09:27

Managed to get it fixed in the end with no need for a format/re-install/slaving. Not sure exactly what fixed it, probably just the last item in this list, but it may have needed one of the prior items in the list. Posting below incase anyone ever finds themself in a similar situation.

- Run startup repair from win 7 disk
- Use Fedora LiveCD to backup any data on the C: (just in case it all goes wrong)
- Run Avira bootdisc antivirus
- Run chhdsk -r from command prompt on win7 disk (didn't show any errors)
- Run bootrec /fixmbr and bootrec /fixboot from command prompt on win7 disk

Now I've booted it up happily and am running an abundance of disk cleanups and virus/malware/spyware scanners. When that's done I'll create a system image so hopefully this doesn't happen again!