(Solved) Removed Viruse Now Blue Screens?

[Redhatcc]

I had a customer come in today with a ton of viruses on her computer. She asked "Please i dont want to loose any information" so i told her that was no problem etc. etc.

So i took the hard drive out, hooked it up to another machine as a secondary hard drive and ran a few virus scanners such as Malwarebytes and Spybot. It removed around 500+ viruses and spyware. So i put the hard drive back in the machine and it blue screens each time i power the computer on. I though wow this isnt good lol.... so i poped in the XP Home cd and attempted a windows repair (pressing R on the last screen instead of esc to install from fresh) and it loaded the files up and right before it hit the part where it restarts to the Windows GUI 39mins part, it blue screens again with this error.

REGISTRY_ERROR

0x00000051 (0x000000004,0x00000001,0xE11187E8,0x003D8CE0)

And now im stuck lol... how to i get this machine back up and running without loosing any information?

[cluberti]

From the debugger:

Bug Check 0x51: REGISTRY_ERROR

The REGISTRY_ERROR bug check has a value of 0x00000051. This indicates that a severe registry error has occurred.

Parameters

The following parameters are displayed on the blue screen.

Parameter Description

1 Reserved

2 Reserved

3 The pointer to the hive (if available)

4 If the hive is corrupt, the return code of HvCheckHive (if available)

Cause

Something has gone wrong with the registry. If a kernel debugger is available, get a stack trace.

This error may indicate that the registry encountered an I/O error while trying to read one of its files. This can be caused by hardware problems or file system corruption.

It may also occur due to a failure in a refresh operation, which is used only in by the security system, and then only when resource limits are encountered.

I'm assuming you cannot boot in safe mode at all, or last-known good?

It's at least very likely that removal of a virus from the system has messed up her registry hives, and if you can't get a dump file or boot in any safe mode you're probably SOL. A repair install *might* work, but she will lose some installed programs potentially and have to reinstall.

[Redhatcc]

im currently running a hard drive scan to see if i can find any bad sectors that needs to be repaired >.< lol i think i might be SOL like u said....

[GrofLuigi]

so i poped in the XP Home cd

I remember reading (and experiencing) that XP prior to SP1 (or 2?) was very prone to registry errors. Gave up too soon just like Win 2000, and in the SP they improved the resillience to registry errors.

What I want to say is, make sure it's SP2 or 3. But with that many microbes...

GL

Edited April 7, 2009 by GrofLuigi

[submix8c]

"Not losing any information" is a little generic. Worst case is, try to grab the Key (you probably already did that?), blow away the main folders (mainly Windows?), and just reinstall giving a new UserID and they can browse around and collect their "information". Of course, as stated, will probably have to reinstall Programs. Might want to back up Outlook/Outlook Express + Address Book (if they used it).

OEM install with Recovery Partition? Sometimes they provide a Reinstall without "loss" (not sure if that would help).

I seem to recall copying certain Recovery Hives into the normal places and getting back up (still, losing any post-installed software).

Virii/Trojans can really screw ya up... Hope the HDD is still good (and large enough)...

[Redhatcc]

contacted the customer and told them the situation and we were able to get the My Documents folder (which that was basically what they were most concerned about), then we formatted and reloaded and copied over the My Documents folder for a sorta fast fix.

cluberti, submix8c, GrofLuigi, thank you for the help on this topic