Windows XP unable to run anything

[amenditman]

I am trying to find the missing or altered registry entries to fix this computer.The owner had a ransomware type virus (something like anti-virus 2011), she removed it with Malwarebyte's anti-malware program.Current issue is that it will boot to the desktop and I can open the menu and get to Control Panel, but Windows does not know how to run any .exe or shortcut files.I can get to the Recovery Console with the original disc, but I don't know exactly what she removed and can't get to the log file created by Malwarebyte's, if the info there is even of any use. It could be that the virus removed or edited registry entries to prevent bypass. I was able to get the Task Manager to run, it only shows 14 processes on Windows XP Home, I'm used to seeing at least 40+ on a fairly clean machine.I have access to another computer and internet connection, am familiar with Linux LiveCD's, just don't know quite where to start with this.Thanks

Edited January 4, 2011 by amenditman

[kkehoe]

Try this:http://support.microsoft.com/kb/555067Kevin

[Tushman]

I was able to get the Task Manager to run, it only shows 14 processes on Windows XP Home, I'm used to seeing at least 40+ on a fairly clean machine.

Go to Black Viper's website and download the default configuration services. The last time I checked it's available as a registry import file. Be sure to download the correct version for that system- XP SP 2; XP SP 3. You can download it to a directory of your choice, double click to merge the information into the registry.Additionally, you might want to run HiJack This! and Spybot S & D.Edit: Here's the link for it. Edited January 4, 2011 by Tushman

[Frank Golden]

I am trying to find the missing or altered registry entries to fix this computer.The owner had a ransomware type virus (something like anti-virus 2011), she removed it with Malwarebyte's anti-malware program.Current issue is that it will boot to the desktop and I can open the menu and get to Control Panel, but Windows does not know how to run any .exe or shortcut files.I can get to the Recovery Console with the original disc, but I don't know exactly what she removed and can't get to the log file created by Malwarebyte's, if the info there is even of any use. It could be that the virus removed or edited registry entries to prevent bypass. I was able to get the Task Manager to run, it only shows 14 processes on Windows XP Home, I'm used to seeing at least 40+ on a fairly clean machine.I have access to another computer and internet connection, am familiar with Linux LiveCD's, just don't know quite where to start with this.Thanks

Amenditman, this machine is severely hosed and maybe not repairable without a reinstall of XP. You could spend hours\days trying to fix and still not be sure everything is OK or that there are no hidden nasties.Or spend hours backing up data and reformat and reinstall Windows and be sure everything is OK.You're choice or rather her choice. Edited January 4, 2011 by Frank Golden

[amenditman]

I had a bright idea (better known as, I've seen this before, now how did I fix it the last time).With Windows XP, and as far as I know, only Windows XP, if you have an original Windows disc of the same version and SP # you can do a re-install in place without disturbing the users files or settings.I inserted the disc, restarted, ran from CD.Once Windows Setup screen came up after loading drivers, I chose Install option.It scanned for pre-existing installs of Windows and found the messed up install. It asked me what I wanted to do, Install new or Repair.I selected R for Repair. It reinstalled Windows in place of the old install. Approx. 1 hour.Rebooted into Windows and all the desktop icons were back as they should be, her files were accessable, .exe worked again, clicking a shortcut worked again.Then I proceeded to go thru the spyware removal which should have been done. See here for the full details. http://www.bleepingcomputer.com/virus-remo...-antivirus-scanRan utility to shut down active malware files. Manually reset Internet Options to remove proxy. Ran Hitman Pro to remove all malware, spyware, virus, and rootkits. I run Hitman Pro because it does much better at rootkits, especially those installed to the MBR, than Malwarebyte's Anti-Malware.Reboot into Windows and check it out.ALL GOOD.Then I deleted Norton Internet Security Suite and all it's roots and installed Avast with auto-updates enabled.Then I turned on Windows Automatic Updates and got it started on the long process to get up to date.Problem solved. Thanks for all the great suggestions, I will definitely bookmark this thread for future reference.

[goretsky]

Hello,The FixEXE program can be used to repair the corrupted shell associations in the registry. Although the web site hosting it is in Italian, the program itself is in English.Regards,Aryeh Goretsky

[Tushman]

It scanned for pre-existing installs of Windows and found the messed up install. It asked me what I wanted to do, Install new or Repair.I selected R for Repair. It reinstalled Windows in place of the old install. Approx. 1 hour.

If you had just spent 1 hour doing a repair under Windows, you would have been better off doing a fresh installation. Installation time itself would have been the same! (In fact, it would have taken less).The repair function in XP is really not desireable. It leaves the system in a state of mix with new files & old files. After you did the repair - did you make sure to run Windows Updates? You may have forgotten to do so. If the user had automatic updates turned on, you still need to run it. Exactly for the reason I just mentioned about the mix or old/new files. Edited January 5, 2011 by Tushman

[amenditman]

Hello,The FixEXE program can be used to repair the corrupted shell associations in the registry. Although the web site hosting it is in Italian, the program itself is in English.Regards,Aryeh Goretsky

I had tried that, but Windows did not know what to do to run the program. When it get's confused, it gives you the option of selecting which program to use to open or run a file, it never gives you the option to use a Windows component.So, that did not work.Thanks for the reply.

[amenditman]

If you had just spent 1 hour doing a repair under Windows, you would have been better off doing a fresh installation. Installation time itself would have been the same! (In fact, it would have taken less).The repair function in XP is really not desireable. It leaves the system in a state of mix with new files & old files. After you did the repair - did you make sure to run Windows Updates? You may have forgotten to do so. If the user had automatic updates turned on, you still need to run it. Exactly for the reason I just mentioned about the mix or old/new files.

Every problem/solution in Windows has it's positive/negative aspects. In this instance, in less than 1 hour I had a bricked install up and running. All the user's personal data, settings, and other applications were there and intact. This saved me literally days of labor trying to recreate, scan, reinstall. I had never worked on this lady's computer before and did not have an image file to reload from.After the install I did run Windows Update and waited for it to complete and ran it again. Then I completely removed Norton Internet Security Suite and installed Avast Anti-Virus and set it to auto update.Thanks for the earlier suggestions.

[Frank Golden]

All the user's personal data, settings, and other applications were there and intact.

And any lingering malware, or other nasty missed by the previous virus removal attempts.The fact is that if there were an malware infection that caused the initial issues you still can't be sure that the machine is totally cleaneven if all the malware programs say it is. There could be rootkits that are almost undetectable or hidden keyloggers etc.A repair install would not fix these issues.To put it another way a infected machine does not belong to the user anymore even if attempts at removal appear to be successful.The only true fix is reformat\clean install.If it takes more work so be it. Edited January 5, 2011 by Frank Golden

[Tushman]

Every problem/solution in Windows has it's positive/negative aspects. In this instance, in less than 1 hour I had a bricked install up and running. All the user's personal data, settings, and other applications were there and intact. This saved me literally days of labor trying to recreate, scan, reinstall. I had never worked on this lady's computer before and did not have an image file to reload from.After the install I did run Windows Update and waited for it to complete and ran it again. Then I completely removed Norton Internet Security Suite and installed Avast Anti-Virus and set it to auto update.Thanks for the earlier suggestions.

I don't know about "days of labor" to install XP. It should only than 40-45 min to install Windows XP and maybe another hour to install any necessary updates. If saving the user's setting was a concern, then all you had to do was run the Files & Settings transfer wizard (built into XP) and then restore that on to the clean installation.

[burninbush]

The only true fix is reformat\clean install.If it takes more work so be it.This post has been edited by Frank Golden: Yesterday, 04:29 PM++++++++++++++++I absolutely agree with that. And I'll add my own recommendation; before you ever connect it to the net the first time, take an image of what you've done so far. Then continue building by stages, and take another image when you've put some more setup labor into it. When you must connect it to the net, do it through a NAT router. And then finally when it's all done loading and setting up, take another image. At the end of that series you can fix any problem in just the time it takes to restore the last image. For anybody who earns a buck fixing computers, seems to me taking and storing an image would be a valuable service to offer.

[amenditman]

I don't know about "days of labor" to install XP. It should only than 40-45 min to install Windows XP and maybe another hour to install any necessary updates. If saving the user's setting was a concern, then all you had to do was run the Files & Settings transfer wizard (built into XP) and then restore that on to the clean installation.

1st - It's not 'just' reinstall Windows and an hour for updates. This was a very old computer, it originally came with SP1, so updates were extensive.You have to reinstall the drivers. And you know what, a user who did not have backups of anything, also did not have a driver disc. More time to track down and install the latest drivers for the hardware.Reinstall the apps. and recover files.We're talking about a lot more time and cost than the value of the computer. The user's data is the only part of the computer with any value, you have to save it if you can, that's what you're paid, and paid well for.2nd - Saving the user's settings was not much of a concern, but if it had been, the Files and Settings Transfer Wizard was unavailable due to the damage caused by the virus. Also, here's one you only learn the hard way, if you use F & S Transfer on a computer with SP2 you have to do the restore to the new computer at the same SP level. It is not compatible across Service Packs. I've looked for documentation about that issue and found none, but, Microsoft Online Tech Support confirmed that when it happenned to me on a job.3rd - @burninbush - The virus/rootkit which did this had three files in the MBR which I had to remove. If you simply reformat and do a clean install those rootkits are still in the MBR. And the virus comes back and you waste more time, this time unpaid. There are only 2 ways I know of to remove them. 1 - A disc eraser like DBAN which destroys everything on the disc start to finish with no respect for MBR, boot sector, hidden sectors, everything. Or 2 - A virus scanner and remover which specifically targets the MBR to remove rootkits which Hitman Pro has worked very well for me. Google TDSS 3, it evades anti-virus programs a lot, I have personally removed it from more than 20 computers which had already been to Best Buy, CompUSA, etc. tech for 'professional' virus removal.I left the user a list of steps to follow to prevent the bulk of this trouble in the future. Including, burn the folder of drivers on the Desktop to a disc, use Windows built-in Backup Utility to an external drive, and set frequent Restore Points when making changes, and a price list for my imaging services.Do I think she will do anything different than before? Experience says 70% of Windows 'average' users will not. It's easier to pay me or someone else again the next time it happens. Ces la vie! and Selah!

[Guest LilBambi]

The repair/refresh install was probably about the best option you could do. Then get whatever may have been leftover.Good job amenditman!

[Guest LilBambi]

Would make sure all the Windows Updates are gotten, especially the Kernel updates, network card drivers, etc.Also, suggest running some rootkit finders such as: F-Secure BlackLight, Microsoft Malicious Software Removal Tool, gmer, Sophos Anti-Rootkit, or others from PC **** here....just to be sure.

[Frank Golden]

3rd - @burninbush - The virus/rootkit which did this had three files in the MBR which I had to remove. If you simply reformat and do a clean install those rootkits are still in the MBR. And the virus comes back and you waste more time, this time unpaid. There are only 2 ways I know of to remove them. 1 - A disc eraser like DBAN which destroys everything on the disc start to finish with no respect for MBR, boot sector, hidden sectors, everything. Or 2 - A virus scanner and remover which specifically targets the MBR to remove rootkits which Hitman Pro has worked very well for me. Google TDSS 3, it evades anti-virus programs a lot, I have personally removed it from more than 20 computers which had already been to Best Buy, CompUSA, etc. tech for 'professional' virus removal.

Doesn't running the repair console on the XP install disc and running the command "fixmbr" overwrite the MBR?DBAN is great but it takes forever on a large drive.Just running it for an hour or so however deletes the MBR and requires the drive be activated just like a new drivebefore it can be partitioned\formatted.Seems to me that should suffice to clear out any baddies in the MBR.

[Tushman]

1st - It's not 'just' reinstall Windows and an hour for updates. This was a very old computer, it originally came with SP1, so updates were extensive.You have to reinstall the drivers. And you know what, a user who did not have backups of anything, also did not have a driver disc. More time to track down and install the latest drivers for the hardware.Reinstall the apps. and recover files.We're talking about a lot more time and cost than the value of the computer. The user's data is the only part of the computer with any value, you have to save it if you can, that's what you're paid, and paid well for.2nd - Saving the user's settings was not much of a concern, but if it had been, the Files and Settings Transfer Wizard was unavailable due to the damage caused by the virus. Also, here's one you only learn the hard way, if you use F & S Transfer on a computer with SP2 you have to do the restore to the new computer at the same SP level. It is not compatible across Service Packs. I've looked for documentation about that issue and found none, but, Microsoft Online Tech Support confirmed that when it happenned to me on a job.

I would never bother installing XP without atleast SP 2 or 3. I have an OEM disc which I've slip streamed SP 3 onto. That's why when I say fresh isntall, it doesn't take me more than a couple of hours to have a box up & running with all the latest updates.As for saving the user's application/files - I never backup programs. Mostly they care about their photos/schoolwork/mp3 etc anyways - so trying to salvage installed programs is a waste of time (atleast for me). These days, when I install XP, it's always a fresh install. I don't bother doing repairs exactly for the reasons I've mentioned in this thread. It takes the same amount of time (maybe even longer) to run the "repair" option plus scanning the system for malware.As for hunting down drivers, usually if you go to the manufacturer's website and punch in the serial number (service tag number), it will show you all the downloads available for that system. It's a been a long time since I had to hunt down individual drivers.

[amenditman]

Doesn't running the repair console on the XP install disc and running the command "fixmbr" overwrite the MBR?DBAN is great but it takes forever on a large drive.Just running it for an hour or so however deletes the MBR and requires the drive be activated just like a new drivebefore it can be partitioned\formatted.Seems to me that should suffice to clear out any baddies in the MBR.

I've tried fixmbr, but TDSS 3 is still there after that.

[amenditman]

I would never bother installing XP without atleast SP 2 or 3. I have an OEM disc which I've slip streamed SP 3 onto.As for hunting down drivers, usually if you go to the manufacturer's website and punch in the serial number (service tag number), it will show you all the downloads available for that system.

You can't use a SP2 or SP3 install disc to install on a computer which has a SP1 COA, it will fail activation as potentially pirated copy. When you call Microsoft to fix it, as I'm sure they easily could, they will not. They require you to reinstall with the correct media. It's been a couple years since I made this mistake, maybe they've eased up about it but I'm not going to risk it.A manufacturer's website would be my first choice, if there was any branding or mark to give a hint as to what this particular computer was. There was nothing inside or out. I thought it kind of looked like a Gateway case, but it wasn't.

[jolphil]

Hi amenditmanWe seem to get into the non-destruct repair Vs Complete install debate each time it's mentioned..The way I see it is you got your clientspc back with all her stuff where she left it, and a Happy Customer...That's the bottom Line..I say you did what you were paid to do..Congrats...Jolphil

[amenditman]

I say you did what you were paid to do..Congrats...Jolphil

Exactly.The debate seems to be to repair or replace and I have built my clientelle by doing repairs. Occasionally that means I have a challenging one.And as Tushman said, "I don't bother doing repairs"Let the debate go on! Edited January 8, 2011 by amenditman

[amenditman]

Excellent, another tool in what is an ongoing battle.

[Guest LilBambi]

Thanks! Always good to find another great tool for the arsenal!

[FuzzButt]

I have a client with basically the same thing wrong with his Windows XP SP3 install. I build his PC 6 years ago and he has been using it ever since. I need to go and pick it up from him later this week. I'm leaning toward replacing the hard drive with a new one and starting fresh. Figure I might as well try and make sure that all my work will run for a few more years instead of worrying about the drive crashing at some point in the nearer future. There is a fine line between when to fix within Windows, when to do a repair of the installation, when to do a clean install and when to start over with new hardware. I doubt his PC would run Windows 7 very well. It's a 2.8GHz P4 with HT and a gig of RAM. Trouble is he is 67 and this was the first PC he had ever used. I have 10's of hours in "lessons" teaching him how to use XP and other programs that he needs to do the work he wants to do with this PC. He's on Dial-up too (lives way beyond DSL or Cable range) so just using the PC online is a lesson on patience.

[Guest LilBambi]

I hear ya ... sometimes even if the hardware isn't bad, you wish you could just rip out the offending hard drive and replace it and use a Linux LiveCD to get the data off the old one and then not worry about the potential issues if it were a hidden rootkit. NOTE: Not all rootkits are detected even if you run every rootkit software you can find.

[Tushman]

There is a fine line between when to fix within Windows, when to do a repair of the installation, when to do a clean install and when to start over with new hardware.

I tend to get a little paranoid when it comes to rootkits. My preferences is to do a format/clean install. In the case of this rootkit that resides in the MBR, you could always do a low level format on the drive, or you could even delete all the partitions on the drive which will in effect, erase the MBR.

I doubt his PC would run Windows 7 very well. It's a 2.8GHz P4 with HT and a gig of RAM.

Based on the articles I've read on the internet, it suggests Windows 7 will run on older hardware without much difficulty. My hunch is that the system you built for him will run fine as long as you add another 1GB RAM. Of course he wouldn't get the eye candy (Aero) but he would get the benefit of a more secure OS. On the other hand given the fact that he is an elderly client and is slow with technology - maybe you should just leave him continue using XP. Edited January 12, 2011 by Tushman

[Guest LilBambi]

Based on the articles I've read on the internet, it suggests Windows 7 will run on older hardware without much difficulty. My hunch is that the system you built for him will run fine as long as you add another 1GB RAM. Of course he wouldn't get the eye candy (Aero) but he would get the benefit of a more secure OS. On the other hand given the fact that he is an elderly client and is slow with technology - maybe you should just leave him continue using XP.

That really depends on the BIOS and available updates for the Motherboard.

[Tushman]

That really depends on the BIOS and available updates for the Motherboard.

The motherboard I can understand. i.e. chipset drivers. But what role would the BIOS updates have with upgrading the operating system?

[Guest LilBambi]

Recently had an HP Pavilion Desktop that was more than enough CPU power and RAM to run Windows 7 and there were drivers that worked fine for it and it wasn't software either that was the problem. Regardless, it was the most unstable OS I ever installed.It kept crashing and it had to do with power setting/ACPI. There was no way to turn it off in the BIOS because of the crappy limited HP BIOS, so even when you turned it off in the OS, it would still trip it up due to the BIOS.

[FuzzButt]

Well its an MSI 865PE Neo2 circa Sept 2004. The Northwood P4 2.8 with Hyperthreading should be enough for 7. Worst case scenario is I go back to newegg or microcenter and pick up the motherboard I just thru in my WHS for $50 and a $50 Socket 775 processor and ... it starts adding up fast after that. Doubt I'd be able to convince him he needs all that upgraded because of a virus. I do kmow some of his USB ports are not working on the front of the PC so there might be an issue with the hardware..His issue is he uses 2 apps for the most part. IE and Nero. He copies DVD's that he shot of his Horse for interested parties looking for stud work. If I had to teach him another burning program I think I'd pull my hair out. I can't remote in since it is 44.2kb/s dialup so I get to drive an hour each way to hold his hand. Tough thing is I have always under sold my services to him. This time it is going to be $200-$250 door to door for the repair. Figure I'll have 5 or 6 hours on the repair plus 4 hours of driving to/from. All of this is because of XPAntivirus 2010 (or what ever it was going by at the time) and his wife installing it and even paying $40 for it.

Edited January 12, 2011 by FuzzButt