Trying to sort a computer out for a mate.

It won’t boot in to Windows – just a black screen and flashing cursor. I can take the drive out, mount it externally with my laptop and view the files on it so it’s not fried.

I can put a different disk in the machine and that will boot so the rest of the hardware would appear fine.

I can boot from a Windows disk and get in to the recovery console. However chkdsk fails as it can’t detect the drive (meesage is something like AUTOCHK.EXE could not be located in either startup directory or CDROM drive). Similar problems when trying to run a command to fix the boot sector.

Booting from the XP disk and trying to re-install windows won’t happen as it can’t see the partition on which Windows resides.

I think what I might need to do is hook up the disk to my laptop and run recovery console on it from there but I can’t quite work out how to do this.

Any help, including instruction to buy a mac, welcome. Cheers!

Ooh, hiya.

I can take the drive out, mount it externally with my laptop and view the files on it so it’s not fried.

Anything stopping you from running chkdsk at that point?

Sounds like there’s no boot sector

What makes you say that?

Couple of things,

1) when it gets to a “flashing cursor”, how far’s it got through the boot sequence before then? What happened just before that?

2) what’s the history of this? Did it ‘just happen,’ or has he done something that might have caused a problem? (And, if he wants it fixing, he needs to be honest)

Try fixboot and fixmbr commands in Recovery Console.

Hi!

Anything stopping you from running chkdsk at that point?

Yes – I don’t know how to in this setup!

Point 1 – the Dell screen where I can hit F2 or F12, which work. Then nothing, doesn’t get anywhere in to booting.

Point 2 – His sons were using limewire and it got a few virii. MSE cleaned them up when I mounted it on the laptop.

Tried fixboot and again it couldn’t see the drive to do it on. So how do I run recovery console on it when it’s mounted as a drive on the laptop?

Ok.

Can you mount the drive “externally” as a slave and then boot regularly into Windows on your laptop? Or am I misunderstanding what you’re doing?

If you can see the files on it, you should be able to run tools against it at that point? Sorry, I might be missing something here but what you’re describing doesn’t add up.

I’ve got it hooked up to USB/SATA cable so it’s plugged in to the USB port and appears as drive F on the laptop. Sorry, didn’t make that clear

Okay, I’ve got chkdsk running on it… which has reminded me I did manage to get it to run on Friday night and it didn’t sort it. Sorry, destroyed a few brain cells last night I think!

So is there a way to run fixboot and fixmbr with the drive mounted this way as they won’t run from the discs own recovery console?

What I would do before you go any further is back up any data that’s on there, whilst you can access it. If there’s been an infection on there, don’t open anything on your laptop in case it migrates across to yours.

Can I assume we’re running XP on both machines?

I don’t suppose you know the name of whatever was found by MSE?

You can rewrite the MBR on a slave drive using the tool here:

http://www.ambience.sk/fdisk-master-boot-record-windows-linux-lilo-fixmbr.php

… with the caveat that I haven’t tried this personally. XP has this functionality built in (“fdisk /mbr”) but only for the boot drive, not a slave.

If you can’t see the drive when booting from the XP CD, this could be down to it needing SATA drivers. Similarly when it’s connected to yours, it’s not mounting USB drives.

What make / model is the affected PC? Is it another laptop? Where I’m going with this is, there might be a manufacturer-specific ‘recovery disc’ which has the same functionality and has the correct drivers built in.

Oh, speaking of drivers,

The other thing you could try is to disable AHCI in the affected PC’s BIOS (sometimes labelled as ‘enabling legacy IDE / ATA’ rather than disabling AHCI). This will switch off some of the SATA cleverness, meaning the XP disc might be able to talk to it. You really want to back up ^^ before doing this though.

XP on the problem drive, my lappy is Win 7.

MSE found Alureon.A and Ramnit.G.

Affected drive is a desktop, a Dell Dimension 5051C. There doesn’t appear to be a recovery partition looking at the disk but I haven’t actually tried to get in to it via F11 at startup – was saving this for a last resort.

Cheers, I will back up the data then try that mbr fix.

Danger, Will Robinson.

I’m not familiar with Alureon short of googling, but I’m well versed with Ramnit, it’s a swine. It spreads like wildfire and is a proper sod to get rid of. It infects every executable it can lay its hands on, adds replication script to HTML files, and can leap across machines by infecting autorun on USB keys.

It also hooks into the Windows login process, adding a call to itself in the registry, and on the last one I saw it ruined two core Windows files, explorer.exe and winlogon.exe (though I never worked out exactly whether this was part of Ramnit or a secondary infection).

The best way – no, the only way I’ve found to get it reliably under control is by using the online AV scanner at ESET. I’d run a full scan against your slaved F:\ drive before you entertain the idea of booting from it. Run it at least twice.

I’ve just Googled Alureon, and it gets worse. I know this one as well, under another name – Zlob.

Zlob is a data-mining trojan. If the infection took hold (which might not be the case – MSE reporting it could just be MSE doing its job) then as a priority your brother needs to change any passwords he’s entered on the web since the infection hit. If he’s logged into Internet banking, notifying his bank and / or cancelling his cards and getting them reissued would be good idea.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2FAlureon

… If the infections have taken hold (and it might not – ESET will tell you), I’d give serious consideration to flattening the drive and rebuilding it.

Oh, good job I checked back here!

Cheers, will use that first

When I had what sounds to be the same problem, after doing everything I could find to fix boot sectors, MBRs, etc, I just had to admit defeat and backup the files and reinstall Windows. Only an option if you’ve got a disc you can use, but saved a lot of hair-pulling!