The Dreaded black Screen, scareware, and unresponsive safe mode... Help please!

Discussion in 'General Technical' started by aflakyan, Feb 15, 2012.

  1. aflakyan

    aflakyan

    Joined:
    Feb 15, 2012
    Messages:
    1
    Likes Received:
    0
    Alright, here we go... A computer that I've been working on contracted the 35A.exe scareware trojan (which I successfully removed). After removing this Trojan and cleaning the file system, I then had to unhide all the files and folders and re-clean the system in safemode (after setting up a new antivirus).

    Problem was that the computer, for some reason, still couldn't connect to Google (all other web pages worked fine)... So, in my infinite fledgling IT wisdom, I decided to check the System32/Drivers/etc directory and to my surprise found that there was no "hosts" file; so, naturally I created one (commented and all) thinking this might be the problem. Restarted the computer and... Black Screen of Annoyance.

    So now I've done the following to no avail:

    1.) SafeMode (cursor will not move, nothing can be typed).
    2.) Deleted the file in recovery command prompt.
    3.) Tried to do a startup recovery (it says there are no errors).
    4.) Tried to do a System Restore (it says there is no Restore Point).
    5.) Ran sfc /scannow ("Windows Resource Protection could not start the repair service).

    6.) Ran sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

    The results of this last attempt ran the scan , but reported that Windows found corrupt files but was unable to repair them and said that details are included in CBs.log

    When I open the CBS.log in MSDOS, This seems to be repeated incessantly:

    CBS SESSION: 30207024:2370660092 initialized.
    Read out cached package applicability for package: Package_for_KB976662~31bf3856ad364e35~x86~~8.0.1.0, ApplicableState: o, CurrentState:7
    Session: 30207024:2370660092 finalized. Reboot required: no


    And that just goes on forever with slight variation... Please. Please help me.

    If none of this helps or it seems impossible, is there anyway to recover files without booting up the system? Like from the recovery command prompt?
     
    Last edited: Feb 15, 2012
    aflakyan, Feb 15, 2012
    #1
    1. Advertisements

  2. aflakyan

    d_l

    Joined:
    Mar 27, 2011
    Messages:
    41
    Likes Received:
    0
    recover files using Ubuntu Live CD

    I've been in a similar position and I used Linux (Ubuntu) to recover my windows files.

    Then I created a dual boot configuration with Vista in one partition and Ubuntu in two logical partitions (root and home) in an extended partition. But that is for later.

    For now I assume that you need to recover your windows files..
    It seems that you have another working PC (which you're using to post to this thread) so download and burn to a RW CD a ubuntu Live CD.

    You will also need some other external drive or USB drive to copy your recovered files.

    https://help.ubuntu.com/community/LiveCD

    You can then bootup from Ubuntu Live CD (you may have to press F12 to choose the boot options) and after initial startup of Live CD (it takes some time so be patient) click on "Try Ubuntu" button to reach a desktop. Do not click on "Install Ubuntu" since this would overwrite your windows installation you are trying to recover.

    There is a learning curve .. read http://ubuntuforums.org

    To inspect your disks open a terminal

    and type the command sudo fdisk -l

    that's a letter l ("ell") lowercase.

    this will echo back the disk partitions.layout ...


    Then you will have to recover your data from windows partition (it might be called /dev/sda2 or similar title.

    There may be another partition for windows RECOVERY.

    You may need to subscribe to the ubuntu forum to be talked through the file recovery process.

    You might even decide to stay with ubuntu and not be pestered with viruses any more.

    I have to use both Vista and Ubuntu so I opted for dual boot (not running ubuntu inside windows but actually in a separate partition - or partitions in my case).

    .....

    If this is all a bit daunting there is a Vista Recovery Disk you could try but I don't think you will get very far with it from what you have written..

    Your would need to download Vista Recovery Disk and burn into a bootable CD.

    Even if this works you should still investigate Ubuntu.

    In any recovery of files the first principle is not to run the recovery systems on the same partition which is being analysed. Which is why you are recovering from a Live Cd.

    Search the ubuntu forums for "data recovery" tips.
     
    d_l, Feb 19, 2012
    #2
    1. Advertisements

  3. aflakyan

    WAW8

    Joined:
    Jan 27, 2007
    Messages:
    3,541
    Likes Received:
    2
    Location:
    Northern Virginia, USA
    While the suggestion to use Ubuntu to recover Windows files is sometimes a good one, in this case, your files have become corrupted, not lost. So, while that is likely to be a LOT of work, it's also not likely to do any good at all.

    What you're really trying to do is REPAIR your Vista install, not recover lost files -- and in that case, you can not do that from Ubuntu (or any other Linux distro).

    Also, in my experience, the "sfc /scannow" command nearly always fails when run from inside Windows. If you have a bootable Vista CD or DVD, you should try booting into command mode and running it from there. I've found that to work better on average.
     
    WAW8, Feb 19, 2012
    #3
  4. aflakyan

    d_l

    Joined:
    Mar 27, 2011
    Messages:
    41
    Likes Received:
    0
    With respect WAW8 .. I did read the last paragraph of OP as follows ...

    And windows files can be recovered via ubuntu ,, I've done it. Got the T shirt.

    But it may be that the OP just wants Vista programs back in play.

    I accept that it may be a lot of work to setup Ubuntu Live CD and apply it but it a worth while learning exercise.. Perhaps an hour's work?

    Another easier option might be to try testdisk running in DOS mode.

    http://www.cgsecurity.org/wiki/TestDisk

    Testdisk is also in the Ubuntu distro.


    [Later Edit]

    Pasted this search string into google ... taken from info in logs above


    http://www.google.com/search?q="Package_for_KB976662~31bf3856ad364e35~x86~~8.0.1.0"

    e.g. from this google search (with this vistaforums thread at the top of google) this user had real headaches using scannow ..

    http://www.justanswer.com/computer-networking/37fe2-no-longer-open-attachments-hotmail-account.html

    'twas due to a Facebook sourced virus.
     
    Last edited: Feb 20, 2012
    d_l, Feb 19, 2012
    #4
  5. aflakyan

    WAW8

    Joined:
    Jan 27, 2007
    Messages:
    3,541
    Likes Received:
    2
    Location:
    Northern Virginia, USA
    d_l: Not saying you approach can not work; just saying that Linux will not repair damaged files by itself. And, I know you can copy files -- as I have done this myself using Ubuntu LiveCD mode.

    If the OP knows exactly which files to replace, and has an original of those files, of course they could use any number of Linux distros to copy the working file over the damaged one -- but this is not the same as using Windows commands to REPAIR the damaged OS.

    I don't want folks here thinking that Linux is some kind of "miracle cure" solution, when basically, all it is doing here is serving as a File Manager utility.
     
    WAW8, Feb 20, 2012
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.