Virus defends against UBCDW? CD will not complete boot
Posted 06 August 2008 - 06:28 PM
This is a total mystery to me. I hope someone has an idea. I use UBCDW often in my work to great success, until now. I made a 3.2 disk last night and tested it on my machine. Everything worked as expected so I proceeded to boot an infected machine with my new disk. Everything booted up fine but a few of the antivirus programs included in UBCDW wouldn't run. I ran some anti spyware programs and cleaned out what they found. I then attempted a cold boot from the hard drive (C:) and the system booted to the desktop. so far so good. Then I ran the onboard Norton Antivirus and a few minutes into the scan, I got a BSOD with a comment about Panic_Stack_Switch and before I could write down what was on the screen, the machine rebooted several times, each time with a different BSOD message till the last one which said Unmountable_Boot_Volume. I shut the machine down manually and tried to restart. I tapped the F8 key and turned off auto restart. Then I tried safe mode and still get the last BSOD. I shut it down again and rebooted with my UBCDW disk only now, just after the part where you see the Windows XP screen and then the screen goes blue for a moment just before the shell configuration window opens that allows you to configure screen res, RAM disk and on disk swap file for UBCDW, the boot process stops cold. The cursor moves on the screen but nothing else happens. I thought that possibly my new disk was messed up so I tried one of my older UBCDW disks which have always worked but I get the same results. I checked the BIOS and every thing appears correct for boot order. I'm at a loss as to what step to take next. Any help would be most welcome.
Posted 06 August 2008 - 06:51 PM
This is not uncommon when booting UBCD4Win on a system with a corrupted hard drive/filesystem. I usually use either ntfs4dos or the recovery console to run chkdsk on the drive (sometimes twice) then UBCD4Win will usually finish booting again. The issue I see after you get UBCD4Win booting again is that you're still infected. Have you used EzPcFix to see what's getting started when windows loads? I suggest taking your time when removing entries with EzPcFix, google anything that you're not sure of and comparing with one or more healthy systems is helpfull. I would also make a backup of your windows\system32\config folder before you start just incase you remove/change the wrong thing.
A couple of other places to check that EzPcFix doesn't look at are:
Posted 07 August 2008 - 04:53 AM
I have been operating my own modestly successful computer repair business for almost five years and have been deeply involved in computers since the 286 days, mostly in the hardware and network end of things. Most of my business, (about 70%) is virus and spyware removal and non mechanical data recovery. I have used Bart PE and now UBCDW extensively in these activities. I'm not trying to be defensive, I just want to optimize communications.
That being said, I have a few questions about the responses to my post. First, it is my understanding that UBCDW is a stand alone bootable mini OS for a lack of a better description. I have used it to boot many machines with bad drives and even no drives at all. When a drive was bad it just didn't show up on the UBCDW desktop or most of the drive explorers. This is the first time I have seen this phenomenom.
It is also my understanding that because we are not booting to the hard drive that beasties could not start, hide or defend themselves.
I was pretty sure that I still had beasties on the hard drive when I booted to the C drive after using UBCDW to dig out the worst, (so I thought) of these beasties.
When I first started with this machine, it would freeze on a red screen with a blue and yellow biohazard symbol / sign telling me I needed to get some anti spyware and scan my machine. (Rogue Antispyware) It would not boot to the desktop or do anything else for that matter.
I was able to locate and delete a "Spy Sherriff" folder on my first UBCDW boot up using the A43 Explorer. My first Spybot S&D scan revealed Smitfraud.C and a few minor beasties. I couldn't get any of the antivirus apps to work on my new UBCDW disk but I was able to run some of the antispyware apps and removed what they found. This allowed me to boot Windows XP Home SP2 to the desktop and explore the C drive. When I used the Norton Antivirus program on the C drive to continue cleaning out the rest of the beasties is when things got messy. (See first post)
I did notice one thing different when I tried to boot with UBCDW after the multiple BSODs. Just after the "starting CD...OK" and before the "setup is inspecting your system's hardware configuration" message, a similar DOS text style message flashes on the screen that says "Bootable CD Wizard v,2.0a1 Copyright © 2004 by Alex Kapylov". This message flashes by so fast that I had to video tape the UBCDW boot process just so I could read it. I do know that this is the first time I have seen this message when booting with UBCDW.
As a side note, I think some dastardly villian type has dumped a bomb of some sort on the internet. This week I observed a drastic up swing in the volume of PCs comming in infected with serious, more resiliant malware. I have discussed this with a few of my peers and they indicated that they too have seen this spike in activity. Any thoughts?
Posted 07 August 2008 - 05:27 AM
Also, i don't think anyone here assumed your a newbie just yet.....your asking for help so we are just offering suggestions on things to try that you did not mention you have done yet in your original post, nothing more.
This post has been edited by masterchi: 07 August 2008 - 05:30 AM
Posted 07 August 2008 - 05:47 AM
Try running the above.
Have you tried running any linux live CD/DVD's on the PC.
If they fail to work it's hardware.
Fear is the path to the dark side. Fear leads to anger. Anger leads to hate. Hate leads to suffering.
Posted 07 August 2008 - 10:02 AM
then check the error code here. http://aumha.org/a/stop.htm
Posted 07 August 2008 - 06:52 PM
This issue actually extends back into the MSDOS days even where a corrupted partition wouldn't even allow you to boot from a floppy disk and it is caused at the point that the corrupted partition is trying to be mounted.
The methods he already mentioned to correct it are the most used ones and the ones I'd also suggest you follow.
Posted 11 August 2008 - 12:57 AM