Redhatcc Posted April 6, 2009 Share Posted April 6, 2009 I had a customer come in today with a ton of viruses on her computer. She asked "Please i dont want to loose any information" so i told her that was no problem etc. etc. So i took the hard drive out, hooked it up to another machine as a secondary hard drive and ran a few virus scanners such as Malwarebytes and Spybot. It removed around 500+ viruses and spyware. So i put the hard drive back in the machine and it blue screens each time i power the computer on. I though wow this isnt good lol.... so i poped in the XP Home cd and attempted a windows repair (pressing R on the last screen instead of esc to install from fresh) and it loaded the files up and right before it hit the part where it restarts to the Windows GUI 39mins part, it blue screens again with this error.REGISTRY_ERROR0x00000051 (0x000000004,0x00000001,0xE11187E8,0x003D8CE0)And now im stuck lol... how to i get this machine back up and running without loosing any information? Link to comment Share on other sites More sharing options...
cluberti Posted April 6, 2009 Share Posted April 6, 2009 From the debugger:Bug Check 0x51: REGISTRY_ERRORThe REGISTRY_ERROR bug check has a value of 0x00000051. This indicates that a severe registry error has occurred.ParametersThe following parameters are displayed on the blue screen.Parameter Description 1 Reserved2 Reserved3 The pointer to the hive (if available)4 If the hive is corrupt, the return code of HvCheckHive (if available)CauseSomething has gone wrong with the registry. If a kernel debugger is available, get a stack trace.This error may indicate that the registry encountered an I/O error while trying to read one of its files. This can be caused by hardware problems or file system corruption. It may also occur due to a failure in a refresh operation, which is used only in by the security system, and then only when resource limits are encountered.I'm assuming you cannot boot in safe mode at all, or last-known good?It's at least very likely that removal of a virus from the system has messed up her registry hives, and if you can't get a dump file or boot in any safe mode you're probably SOL. A repair install *might* work, but she will lose some installed programs potentially and have to reinstall. Link to comment Share on other sites More sharing options...
Redhatcc Posted April 7, 2009 Author Share Posted April 7, 2009 im currently running a hard drive scan to see if i can find any bad sectors that needs to be repaired >.< lol i think i might be SOL like u said.... Link to comment Share on other sites More sharing options...
GrofLuigi Posted April 7, 2009 Share Posted April 7, 2009 (edited) so i poped in the XP Home cdI remember reading (and experiencing) that XP prior to SP1 (or 2?) was very prone to registry errors. Gave up too soon just like Win 2000, and in the SP they improved the resillience to registry errors.What I want to say is, make sure it's SP2 or 3. But with that many microbes... GL Edited April 7, 2009 by GrofLuigi Link to comment Share on other sites More sharing options...
submix8c Posted April 7, 2009 Share Posted April 7, 2009 "Not losing any information" is a little generic. Worst case is, try to grab the Key (you probably already did that?), blow away the main folders (mainly Windows?), and just reinstall giving a new UserID and they can browse around and collect their "information". Of course, as stated, will probably have to reinstall Programs. Might want to back up Outlook/Outlook Express + Address Book (if they used it).OEM install with Recovery Partition? Sometimes they provide a Reinstall without "loss" (not sure if that would help).I seem to recall copying certain Recovery Hives into the normal places and getting back up (still, losing any post-installed software).Virii/Trojans can really screw ya up... Hope the HDD is still good (and large enough)... Link to comment Share on other sites More sharing options...
Redhatcc Posted April 7, 2009 Author Share Posted April 7, 2009 contacted the customer and told them the situation and we were able to get the My Documents folder (which that was basically what they were most concerned about), then we formatted and reloaded and copied over the My Documents folder for a sorta fast fix. cluberti, submix8c, GrofLuigi, thank you for the help on this topic Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now