Jump to content

Windows hangs on boot, even in safe mode

mkl

By mkl
in Windows XP

 Share

Recommended Posts

mkl

mkl

Posted
Posted

Nothing happens when I try to boot, black screen. When doing F8 > Safe Mode I get the following (XP SP3):

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\ntoskrnl.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\hal.dll
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\KDCOM.DLL
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\BOOTVID.dll

I've tried fixboot, fixmbr and chkdsk /r. No luck. Any ideas?

Link to comment
Share on other sites

Guest

Guest

Posted
Posted

Does the recovery console have the ability to edit boot.ini? I think I've tried and failed but not sure...was too long ago.

Maybe load some type of rescue disk that will let you edit it?

Link to comment
Share on other sites
mkl

mkl

Posted
  • Author
Posted
What did you do immediately before this happened? I normally see something like this when I'm loading an incorrect HAL.
I had trouble deleting a folder (the dreaded "cannot delete folder" explorer message). I suspect it had something to do with the files being in a too deep folder/file structure. SyncBack couldn't back them up either.

So I decided to install Unlocker. Even Unlocker couldn't delete them and asked to do it at the next restart of XP. I chose to do so and rebooted.

I saw the BIOS screen but then everything goes black. When trying to boot into safe mode I get the message in the code snippet of my first post in this thread.

Not sure if this guide works. Maybe worth a try if run out of solution. (How To Repair or Replace Boot.ini in Windows XP)
I have tried peeking in the boot.ini, but there's nothing weird. I ran bootcfg /rebuild just to be shure too. Still the same problem.
Link to comment
Share on other sites
Geej

Geej

Posted
Posted

Try booting into recovery console, replace the below 4 files that you deleted back to its original location (WINDOWS\system32) from your XP CD

ntoskrnl.ex_

hal.dl_

KDCOM.DL_

BOOTVID.dl_

While you are in recovery console, use expand command to restore those 4 files. Expand guide

Link to comment
Share on other sites
mkl

mkl

Posted
  • Author
Posted
Try booting into recovery console, replace the below 4 files that you deleted back to its original location (WINDOWS\system32) from your XP CD

ntoskrnl.ex_

hal.dl_

KDCOM.DL_

BOOTVID.dl_

While you are in recovery console, use expand command to restore those 4 files. Expand guide

To be honest, I didn't think that would work. But it did! Booting as usual. THANK YOU!
Link to comment
Share on other sites
  • 1 year later...
Richhs

Richhs

Posted
Posted

Try booting into recovery console, replace the below 4 files that you deleted back to its original location (WINDOWS\system32) from your XP CD

ntoskrnl.ex_

hal.dl_

KDCOM.DL_

BOOTVID.dl_

While you are in recovery console, use expand command to restore those 4 files. Expand guide

Thanks for this tip !

I wasn't able to get past the KDCOM.DLL line in safe mode, so I expanded the files you mentioned above and at least I've gotten past that issue.

I still have some work to do, because all I have now is the Windows XP default desktop wallpaper.

I believe that this issue was created by a rogue anti-virus / anti-malware scanner that was installed by a "drive-by" malware from an advertisement.

Thanks again !

Link to comment
Share on other sites
Richhs

Richhs

Posted
Posted (edited)

OK, It was the rogue anti-virus application Antivirus 8 that corrupted the files mentioned above and disabled the task manager.

After I got into safe mode, I navigated to the C:\Program Files\AV8\ directory and renamed the file av8.exe to av8.RID.

The process was still running in the memory so the bogus pop-ups kept occurring, but it's easy to work around that.

I then deleted the registry values :

HKEY_CURRENT_USER\Software\A88547 (or something similar might be listed)

HKEY_CURRENT_USER\Software\WinAE (or something similar might be listed)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV8"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-A8I 23.09.2010"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe "Debugger" = "C:\Program Files\AV8\av8.exe -d"

Then I deleted directories :

C:\Program Files\AV8\

C:\Documents and Settings\All Users\Start Menu\AV8\

Then I took care of the task manager problem :

To re-enable the Task Manager I did this :

1. Click Start

2. Click Run

3. Type REGEDIT

4. Click OK The Registry Editor will now open

5. Browse to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\

CurrentVersion\Policies\system

6. In the right pane, look for the value: DisableTaskMgr

7. Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

8. Now browse to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\

CurrentVersion\policies\system

9. In the right pane, look for the value: DisableTaskMgr

10. Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

11. Close the Registry by choosing File | Exit

12. You should now be able to access Task Manager. If not, reboot into Safe Mode and repeat the steps outlined above.

http://antivirus.about.com/od/windowsbasics/ht/taskmanager.htm

After that I rebooted into the normal mode of windows and everything started as normal. :thumbup

Now to install anti-malware apps and finish the job.

I'm new here, and I'm not sure if I should copy this post and make a new thread entitled :

Remove Antivirus 8

Just let me know, and I'll be happy to take care of that.

Edited by Richhs
Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

I'm new here, and I'm not sure if I should copy this post and make a new thread entitled :

Remove Antivirus 8

Just let me know, and I'll be happy to take care of that.

It would be nice. :)

Also you could "merge" in it some of the info here:

http://www.freeremovalofspyware.org/remove-antivirus-8

http://www.2-viruses.com/remove-antivirus-8

(at first sight they appear to list more files/keys to delete/fix :unsure:)

jaclaz

Link to comment
Share on other sites
Richhs

Richhs

Posted
Posted

I'm new here, and I'm not sure if I should copy this post and make a new thread entitled :

Remove Antivirus 8

Just let me know, and I'll be happy to take care of that.

It would be nice. :)

Also you could "merge" in it some of the info here:

http://www.freeremovalofspyware.org/remove-antivirus-8

http://www.2-viruses.com/remove-antivirus-8

(at first sight they appear to list more files/keys to delete/fix :unsure:)

jaclaz

OK... done :

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...