Windows Boot Failure – Newest Virus & Service Call
“Windows Boot Failure.
Press OK to Fix Boot Failure”
Another morning, another phone call — this time it’s about a virus…those are always fun.
“Hi Matt.” [again, his number showed up on my cell]
“Hey Kreg. Whatcha doing? Can you come over and take a look at my computer?”
“Ahh, yeah, I guess.”
“What is it? I know it’s early, but are you still in your pajamas?”
“No, I’m ready.”
“Well, could you come over? The screen keeps telling me that the hard drive is bad, but when I put it in safe mode and run a check on the hard drive, it says that it’s ok. Then when I reboot, this window keeps coming up that says, “windows boot failure. press ok to fix boot failure”, so I do and it wants to scan my drive for errors, but I don’t want to do that do I?”
“I’ll be over.”
Are the Stars in align or what?
What’s the deal with the phone calls lately? Anyways, if you arrived here looking for a free solution to your dilemma, here you are —
If you are getting a black screen with the words “safe mode” in all four corners, along with some message centered at the top that may read something along the lines of:
“Windows Vista (TM) Home Premium (6002 vistasp2_101014-0432 Service Pack 2)”
or perhaps…
“Windows Vista (TM) Home Basic (6001.vistasp1_ldr.101014-0432 Service Pack 1)”
…then we’re talking about the same virus.
Here’s what you do:
1) Either get on another computer and Google how to enable safe mode for your computer type/model, read the manual and/or ask someone ow to do this since not all computers/laptops are the same. My friend’s HP needed to have F8 held down in order to be in safe mode, but the neither the keyboard nor the screen indicated what key to push, so that’s why I suggest figuring it out first. 😉
2) Now that you know how to do it, we’ll restart the machine that’s got the problem by holding down the Control-Alt-Delete keys [yes, all 3 at the same time]. This should make a screen pop up where in the lower right corner you can choose to restart — do so. 🙂
3) Now that your computer is rebooting, get ready to push your mystery key. :) When appropriate [typically when the HP, Dell or whatever name pops up at first] hold down the key (F8 or whatever) and this will make yet another screen appear.
4) Here’s where it gets a little tricky, so re-read this several times before doing it. ;) Ok, you’re staring at this screen with like 10 choices, normally you’d enter “safe mode” [near the top] and/or choose the advanced mode which says something like “restart your computer at an early save” / “system restore” or something like that [which is in the bottom half of the screen], but neither of these work with this particular virus, so instead, we’re going to pick the first option: “repair your hard drive” or something similar to that. It’s actually the absolute first option and you may not see it because it will be highlighted already and for some reason my eyes scanned right over it. 😉
5) Now that you’ve found the “repair” option, select that. Of course, there’s another screen and this time it wants to know which save point do you want to use. My recommendation is to pick the most recent and work your way back into the past. This way you will have a better chance of retrieving the most amount of recent work instead of going too far back and having to redo a bunch of stuff. If the recent choice does not prove to fix anything, do the procedure again, but this time pick the next one on the list and so on until everything returns to normal.
6) Now that’s you’ve picked your first restore point, you’ll confirm and restart the computer. From here, it will procedure to reboot again and although it might take longer than normal to boot [this first time], don’t panic, for it has to put things back in order so allow it another 10 to 20 seconds before you making the decision that “This isn’t working!”
7) You should be pleasantly relieved that your computer comes back to its original condition. I would still recommend running a virus checker and then backup your important files after you’re sure that there’s no longer a threat to your machine’s stability.
So there you have it — a free guide to fixing the most recent virus attack. You could of course choose some of the other reference material on the net [answers.yahoo.com, forums.majorgeeks.com, or even forums.techguy.org] regarding this problem, but after I searched and read those same pages, I could not find an answer that really worked and that’s why I came up with this one. 🙂
Drop me a comment and let me know how this process saved your sanity or not. Until next time, or the next phone call…
Does this solution only work if you had created a System Restore point?
I only see the following options in the Advanced Boot Options menu (the one you get to by pressing F8 on reboot):
Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt
Enable Boot Logging
Enable low-resolution video
Last Known Good Configuration (advanced)
Directory Services Restore Mode
Debugging Mode
Disable automatic restart on system failure
Disable Driver Signature Enforcement
Start Windows Normally
So, the very first option I see is “Safe Mode” and there’s no Repair Hard Drive Option… Do you mean the “Last Known Good Configuration (advanced)” option? I tried that, but it took me back to the same black screen with the fake Safe Mode corners. :/
Any ideas?
This solution should work regardless of whether or not you created a restore point, because my friend Matt would have no idea how to do that anyways.
So here’s the process — as far as I can remember — with all the steps that I did. What I posted was the ‘fast’ version, or without doing things twice — not that it should make a difference, but here’s what I did.
Like you, I ‘Control-Alt-Deleted’ my way to restarting the computer, then I hit F8 to get to the the safe mode screen. I did choose the first option ‘safe mode’, rebooted and since that didn’t do it, I restarted, hit F8 again and this time picked ‘Last Known Good Configuration (advanced)’ — just like you did.
This too didn’t fix it, so I rebooted yet again, hit F8 and this time there was an option — I don’t know if it was there before or not since I didn’t see it this second time, my friend actually pointed it out to me, so I don’t know for certain, but the first option — which is actually already highlighted — was something that had the word ‘repair’, like ‘repair hard drive’. I’m sorry I can’t be more specific, but I didn’t think to write it all down until after I fixed his computer.
So perhaps look just above where the words ‘Safe Mode’ on this F8 screen and see if you notice another highlighted option with the word ‘repair’ in it. It will be *above* all these other choices that you have listed and that’s what I chose. There were a few other screens past that, but they were confirm — yes/no type screens which are pretty self-explanatory and again, the reason why I didn’t think to write it down;i.e. it was an easy choice to make.
Try this and write back. 🙂
p.s. Thanks for writing such a detailed comment. I’m sure the other readers appreciate the info you presented as well. If it wasn’t so early in the morning, I would have thought to document it better, but I didn’t. I know now that next time I go do a house call, I’ll take notes. 😉
yeah, i looked and looked and looked. also rebooted to get to that screen several different times to see if i got different options.
no repair option. :/
I’m sorry it’s not working for you.
Are you using Windows Vista by chance, or something else?
Not all laptops have the restore option. It is heavily dependent upon your laptop maker, and whether or not you have a restore point save option enabled.
Sorry to say Pink, but I think this won’t work for you.
This particular virus is pretty well-involved. If you don’t have a restore option the only way seems to change the registry options that were changed by the virus. Here is what I am currently doing so far on a client’s laptop running, yes, Windows Vista.
Boot into Safe Mode with Command Prompt. It seems the virus loads with explorer.exe.
At the command prompt type regedit and regedit should pop up. go into HKCurrent_User/Software/Microsoft/Windows/CurrentVersion/Policies/System and delete the DisableTaskMgr key that the virus has added. Then restart into Windows.
You will still have the popups, ignore them and CTRL ALT DEL and Start Task Manager. From there click File and Run New Task… type in explorer.exe and your windows desktop should come up. From this point I would recommend you load an antivirus such as Microsoft Security Essentials or Malwarebytes from another computer to the infected computer and run it. Desktop programs will not run due to permission hijacks it seems.
This is where I am at right now.
What an excellent comment! Don’t forget to drop a link of where people can get a hold of you. Good stuff Marv!
p.s. It seems ‘easier’ if you know that you’re going to have to recreate this over and over again (the steps). When I was first called over, I just thought that Matt screwed up something easy, so I wasn’t expecting that he had a virus, nor that I was going to post about it. 😉