14 replies to this topic

[shinobi10]

I'm using spyhunter to remove a malware but when I found out that it's not gonna work, too late already. Now I'm stuck in some boot process and I can't load my windows. I can see some grub command line , I'm not so into this so I don't know what to do. Please help me. Thanks!

[Wonko the Sane]

I'm using spyhunter to remove a malware but when I found out that it's not gonna work, too late already. Now I'm stuck in some boot process and I can't load my windows. I can see some grub command line , I'm not so into this so I don't know what to do. Please help me. Thanks!

There is a dedicated topic here:

http://reboot.pro/to...s-7-unbootable/

If you need assistance/clarifications, just ask, as well if you are running another OS (not Windows 7) there may be the need of some changes in the commands.

 

Wonko

[shinobi10]

There is a dedicated topic here:
http://reboot.pro/to...s-7-unbootable/
If you need assistance/clarifications, just ask, as well if you are running another OS (not Windows 7) there may be the need of some changes in the commands.
 

Wonko

I entered

find --set-root /windows/boot/pcat/bootmgr
chainloader --edx=0x0080 /windows/boot/pcat/bootmgr
boot

Then it led me to

Windows failed to start. A recent hardware or software change might be the cause. To fix the problem :
1. insert your windows installation disc and restart your computer.
2. choose your language settings, and then click 'next.'
3. click 'repair your computer.'

But I don’t have the installation disc.
What should I do?

[cdob]

run at grub4dos command line

find /boot/bcd

And post the output.

[shinobi10]

run at grub4dos command line

find /boot/bcd

And post the output.

The output is

(hd0,0)

[Wonko the Sane]

That seems "beyond" what the procedure can recover.

It is very possible that Spyhunter or not *something else* is involved, that message is not the "usual" one, which should be:

File: \Boot\BCD
 Status: 0xc000000f
 Info: An error occured while attempting to read the boot configuration data.

the \boot\BCD is seemingly found, though there is an issue with it (or with *something else*) in the early part of booting.

Does the "Windows failed to start ... " message come with an error/status code?

Does pressing F8 quickly when chainloading the BOOTMGR work? (maybe Safe Mode allows to boot)

 

In any case you should have an install/recovery disk (or USB stick), sometimes the issue is some kind of drive/filesystem corruption that can be fixed by running CHKDSK from a PE.

 

Wonko

[shinobi10]

That seems "beyond" what the procedure can recover.
It is very possible that Spyhunter or not *something else* is involved, that message is not the "usual" one, which should be:

File: \Boot\BCD Status: 0xc000000f Info: An error occured while attempting to read the boot configuration data.

the \boot\BCD is seemingly found, though there is an issue with it (or with *something else*) in the early part of booting.
Does the "Windows failed to start ... " message come with an error/status code?
Does pressing F8 quickly when chainloading the BOOTMGR work? (maybe Safe Mode allows to boot)

In any case you should have an install/recovery disk (or USB stick), sometimes the issue is some kind of drive/filesystem corruption that can be fixed by running CHKDSK from a PE.


Wonko

How do I know where is the error code? F8 worked, what next?
It showed a list:
Please select a boot device
P2: matshitadvd ram
P1: hitachi (some numbers)
Enter setup
Can I just download a windows installation from another computer and put it in a usb and use that to boot my computer?

Edited by shinobi10, 03 September 2016 - 03:34 AM.

[cdob]

Can I just download a windows installation from another computer and put it in a usb and use that to boot my computer?

A Windows 10 installation works.
https://www.microsof...load/windows10/

Boot Windows 10 installation. Do not continue installation, press shift F10 instead to get a command prompt.
http://www.tenforums...ndows-10-a.html

Run diskpart, bcdedit and bcdboot.
https://technet.micr...y/cc766465.aspx
https://technet.micr...y/cc709667.aspx
https://technet.micr...y/hh824874.aspx

[shinobi10]

A Windows 10 installation works.https://www.microsof...load/windows10/Boot Windows 10 installation. Do not continue installation, press shift F10 instead to get a command prompt.http://www.tenforums...ndows-10-a.htmlRun diskpart, bcdedit and bcdboot.https://technet.micr...y/cc766465.aspxhttps://technet.micr...y/cc709667.aspxhttps://technet.micr...y/hh824874.aspx

But I'm running windows 7.

[Wonko the Sane]

The point here is that we don't know what is "wrong" with the install.

 

Since you had some "malware" (that you attempted to solve through the use of Spyhunter) it is entirely possible that the malware (or something else, maybe you had some symptoms of malfunctioning that you attributed to malware) or the attempt to eliminate it created damages to actual files.

 

For some of this issues *any* Windows would do, as an example:

1) \BCD\boot inspection and repair <- Windows 7/8/8.1/10 would do

2) filesystem (NTFS) repair with CHKDSK <- Windows 7/8/8.1/10 would do (Vista also and probably also XP)

3) MBR/Bootsector repair (to avoid going through the SH4ldr)<- Windows 7/8/8.1/10 would do

4) corrupted file <- you need the appropriate Windows 7 one

 

About F8.

If you manage to press F8 after chainloading BOOTMGR and before you get the error, you should be able to access the menu *like*:

where you could try to boot in Safe Mode, but there are a number of reasons why this may (or may not) work.

 

See if you can procure a Windows 7 install DVD, you can download an original .iso file from Microsoft (that you can burn to a DVD or prepare a USB stick with) from here:
https://www.microsof...wnload/windows7

though it depends on the exact version of the OS you have.

 

Wonko

[shinobi10]

The point here is that we don't know what is "wrong" with the install.

 

Since you had some "malware" (that you attempted to solve through the use of Spyhunter) it is entirely possible that the malware (or something else, maybe you had some symptoms of malfunctioning that you attributed to malware) or the attempt to eliminate it created damages to actual files.

 

For some of this issues *any* Windows would do, as an example:

1) \BCD\boot inspection and repair <- Windows 7/8/8.1/10 would do

2) filesystem (NTFS) repair with CHKDSK <- Windows 7/8/8.1/10 would do (Vista also and probably also XP)

3) MBR/Bootsector repair (to avoid going through the SH4ldr)<- Windows 7/8/8.1/10 would do

4) corrupted file <- you need the appropriate Windows 7 one

 

About F8.

If you manage to press F8 after chainloading BOOTMGR and before you get the error, you should be able to access the menu *like*:

where you could try to boot in Safe Mode, but there are a number of reasons why this may (or may not) work.

 

See if you can procure a Windows 7 install DVD, you can download an original .iso file from Microsoft (that you can burn to a DVD or prepare a USB stick with) from here:
https://www.microsof...wnload/windows7

though it depends on the exact version of the OS you have.

 

Wonko

Could you please give me the steps on how I should proceed before pressing F8 so as to make the advanced boot options appear? I can't seem to make it appear.

[shinobi10]

The point here is that we don't know what is "wrong" with the install.

 

Since you had some "malware" (that you attempted to solve through the use of Spyhunter) it is entirely possible that the malware (or something else, maybe you had some symptoms of malfunctioning that you attributed to malware) or the attempt to eliminate it created damages to actual files.

 

For some of this issues *any* Windows would do, as an example:

1) \BCD\boot inspection and repair <- Windows 7/8/8.1/10 would do

2) filesystem (NTFS) repair with CHKDSK <- Windows 7/8/8.1/10 would do (Vista also and probably also XP)

3) MBR/Bootsector repair (to avoid going through the SH4ldr)<- Windows 7/8/8.1/10 would do

4) corrupted file <- you need the appropriate Windows 7 one

 

About F8.

If you manage to press F8 after chainloading BOOTMGR and before you get the error, you should be able to access the menu *like*:

where you could try to boot in Safe Mode, but there are a number of reasons why this may (or may not) work.

 

See if you can procure a Windows 7 install DVD, you can download an original .iso file from Microsoft (that you can burn to a DVD or prepare a USB stick with) from here:
https://www.microsof...wnload/windows7

though it depends on the exact version of the OS you have.

 

Wonko

Hi Wonko, I have already downloaded a window 7 in a usb stick and I can use that to boot windows 7 but it lets me choose between "jetflash UEFI" and just "jetflash", which one should I choose? I tried jetflash only and something came up,

 

System Repair

System Restore

etc

 

I chose system restore and I chose the time I installed the spyhunter, after that it restarted and it still doesn't boot the right way.

 

I repeated and chose Startup Repair and it said that the Boot Manager is corrupt.

Edited by shinobi10, 03 September 2016 - 04:04 PM.

[Wonko the Sane]

Still about F8 it is just a hit and miss game.

It is entirely possible that *something* has disabled the feature.

 

Normally the booting sequence in a Windows 7 machine is:

BIOS->MBR->PBR of active partition->BOOTMGR->\boot\BCD->here the F8 may work->Winload.exe->Windows 7

Your current booting sequence is:

BIOS->MBR->PBR of active partition->sh4ldr (an obsolete grub4dos grldr)->here you have to type the chainloader /bootmgr command sequence->BOOTMGR->\boot\BCD->here the F8 may work->Winload.exe->Windows 7

On a multi-boot setup usually you have a lot of time as the \boot\BCD will prompt you for choosing the OS, but if you had just one entry in the BCD, that selection screen is not shown and the timing is very narrow.

In practice you should try typing the last command:

boot

without pressing [ENTER] then keep a finger on F8 and as soon as you press [ENTER] start tapping on the F8 key.

 

It may work or it may not , unfortunately.

If you have *any* bootable OS (a Linux live cd, an older or newer MS install disk as cdob suggested) capable of writing on the boot volume (I presume NTFS) you could add a BOOT.INI file (that would create a multiboot choice and thus allow more time to press F8) still if th efeature is disabled in the \boot\BCD it won't work:

https://www.raymond....dows-startup/2/

 

Now that you have a bootable Windows 7 environment however it doesn't matter.

 

Boot from the USB stick (let's say "jetflash"), then follow cdob's instructions, by pressing Shift + F10 you should get to a command prompt.

In it you need to find the drive letter and path assigned to your Windows 7 installed drive (very likely it is C:\Windows\), then you try running the command:

bcdboot c:\windows /s c

 

The above command should "fix" the \boot\BCD (provided that the issue is in it).

 

Then copy the file C:\windows\boot\pcat\bootmgr to C:\bootmgr

COPY /B C:\windows\boot\pcat\bootmgr C:\bootmgr

 

 

Then reboot (without the USB stick), you will still need to use the grub4dos commands to chainload the bootmgr:

 

root (hd0,0)
chainloader /bootmgr
boot

 

 

If the Windows 7 boots normally, you can then boot again from the USB stick, reopen the command prompt (SHIFT+F10) and run:

bootsect /nt60 c: /mbr

 

The above command will re-write BOTH the PBR and the MBR code with the original Windows 7 ones, see also:

http://reboot.pro/to...table/?p=198524

 

Wonko

[shinobi10]

Still about F8 it is just a hit and miss game.
It is entirely possible that *something* has disabled the feature.
 
Normally the booting sequence in a Windows 7 machine is:
BIOS->MBR->PBR of active partition->BOOTMGR->\boot\BCD->here the F8 may work->Winload.exe->Windows 7
Your current booting sequence is:
BIOS->MBR->PBR of active partition->sh4ldr (an obsolete grub4dos grldr)->here you have to type the chainloader /bootmgr command sequence->BOOTMGR->\boot\BCD->here the F8 may work->Winload.exe->Windows 7
On a multi-boot setup usually you have a lot of time as the \boot\BCD will prompt you for choosing the OS, but if you had just one entry in the BCD, that selection screen is not shown and the timing is very narrow.
In practice you should try typing the last command:
boot
without pressing [ENTER] then keep a finger on F8 and as soon as you press [ENTER] start tapping on the F8 key.
 
It may work or it may not , unfortunately.
If you have *any* bootable OS (a Linux live cd, an older or newer MS install disk as cdob suggested) capable of writing on the boot volume (I presume NTFS) you could add a BOOT.INI file (that would create a multiboot choice and thus allow more time to press F8) still if th efeature is disabled in the \boot\BCD it won't work:
https://www.raymond....dows-startup/2/
 
Now that you have a bootable Windows 7 environment however it doesn't matter.
 
Boot from the USB stick (let's say "jetflash"), then follow cdob's instructions, by pressing Shift + F10 you should get to a command prompt.
In it you need to find the drive letter and path assigned to your Windows 7 installed drive (very likely it is C:\Windows\), then you try running the command:
bcdboot c:\windows /s c
 
The above command should "fix" the \boot\BCD (provided that the issue is in it).
 
Then copy the file C:\windows\boot\pcat\bootmgr to C:\bootmgr
COPY /B C:\windows\boot\pcat\bootmgr C:\bootmgr
 
 
Then reboot (without the USB stick), you will still need to use the grub4dos commands to chainload the bootmgr:
 
root (hd0,0)
chainloader /bootmgr
boot
 
 
If the Windows 7 boots normally, you can then boot again from the USB stick, reopen the command prompt (SHIFT+F10) and run:
bootsect /nt60 c: /mbr
 
The above command will re-write BOTH the PBR and the MBR code with the original Windows 7 ones, see also:
http://reboot.pro/to...table/?p=198524
 

Wonko

Wonko, I have already booted and repaired the boot, I also used system restore just before I installed spyhunter, thanks for your help. Can you suggest a good malware remover and antivirus software?

[Wonko the Sane]

Wonko, I have already booted and repaired the boot, I also used system restore just before I installed spyhunter, thanks for your help. Can you suggest a good malware remover and antivirus software?

No particular ideas.

 

I can only tell you - in the case of - not necessarily "malware" but also "OS corruption" - that often ComboFix:

http://www.bleepingc...nload/combofix/

solved issues that no other program could.

 

About "malware" (not necessarily "virus") HijackThis:

http://www.bleepingc...oad/hijackthis/

is/was often useful (it only partially works on newer than XP OS).

 

I have seen poitive reports about RogueKiller:

http://www.bleepingc...ad/roguekiller/

but never used it personally.

 

Personally I have no particular preference for antivirus programs, the only thing I recommend is "please NOT Panda" and "please NOT, NOT, NOT Symantec/Norton Antivirus" (they are not "worse" than other ones AFAICT, but they are - at least last time I happened to use them - an enormous amount of BLOAT, slowing machines to a crawl...

 

Wonko