PDA

View Full Version : xp reboot loop


nhaines
10-02-2010, 05:15 PM
Okay come across similar before and managed to fix it, due to rogue boot record or the like but this one is strange.

Went to client who reported that avg had come up with a pop up about a virus but couldnt fix it. So she installed norton 360. This seemed she said to solve it, but then she got a frozen screen and when she rebooted the internet wouldn't work (i feel this may have just been a firewall issue).
She then calls me out. System is running okay but i decide to install my own AV, Sophos, so i uninstall norton.
I then reboot but just as it gets to the splash screen the system reboots itself. This goes on in a loop. I check the boot.ini, nothing in there. Run fixmbr , no help. I manange to boot to ubcd and the av says 4 trojans found, and removed. Still this doesn't solve the reboot loop.

Anyone any ideas? Ive also run chkdsk etc

Xander
10-02-2010, 05:33 PM
What happened after you manually recreated the boot.ini?

nhaines
10-02-2010, 05:40 PM
same thing, gets to splash screen and reboots. I diasbled auto restart when going to safe mode and get a blue screen 000021a, points to a winlogon.exe or csrss.exe error possibly?

NeutronTech
10-02-2010, 05:46 PM
Run fixmbr , no help.

If you got the splash screen, fixmbr isn't going to help you. The computer has made it past the mbr, at this point.

Can you do a step by step startup? Also, when does the bluescreen appear? Before or after the GUI starts?

nhaines
10-02-2010, 06:14 PM
Start up pc, HP Pavilion splash screen appears with usual options, leave alone so xp starts. XP splash screen appears, then after about 10 seconds you can hear the hard drive reboot and hence no signal message on monitor briefly before it all starts again. If i disable autoretstart the blue screen appears instead of the pc rebooting at the same stage

NeutronTech
10-02-2010, 09:06 PM
Start up pc, HP Pavilion splash screen appears with usual options, leave alone so xp starts. XP splash screen appears, then after about 10 seconds you can hear the hard drive reboot and hence no signal message on monitor briefly before it all starts again. If i disable autoretstart the blue screen appears instead of the pc rebooting at the same stage

This might be the problem. If your hard drive is making strange noises, it's probably going bad.

Otherwise, bring up the startup menu and choose the step by step confirmation and see if maybe you can't pinpoint one of those files.

Xander
10-02-2010, 11:28 PM
You did check the HD for errors before even starting the thread, didn't you?
And you just neglected to mention that, right?


('Cause anytime a HD might be the cause of the problem, one should check it before asking for advice)

nhaines
10-03-2010, 04:26 AM
yes hard drive checked three times, no problem -apologies for not mentioning.

Crgky127
10-03-2010, 05:14 AM
Does safe mode work? Have you tried replacing the files related to the BSOD code?

B Trevathan
10-03-2010, 07:05 AM
before it all starts again. If i disable autoretstart the blue screen appears instead of the pc rebooting at the same stage
Leave automatic restart on system failure disabled, obviously the computer is not going to start up with it enabled untill you fix the error.


System is running okay but i decide to install my own AV
Old saying: "Don't fix what isn't broken" lol


Did you try last known good configuration?


Are you able to boot into safe mode?


Did you run the Norton removal tool before installing your own AV? Did the client uninstall AVG before installing Norton? Once its running again you may want to run both AVG's and Norton's removal tool.

nhaines
10-03-2010, 12:58 PM
Okay the culprit appears to be winlogon.exe. Ive replaced it with one from the i386 folder, and system does now get to the xp welcome screen. However when i login it says loads personal settings then just stops, doesnt load the desktop. Same thing in safe mode or last known good. Every time i reboot now the trojan seems to replace winlogon with its own version. Need to get into machine to run AV but cant get past login

red12049
10-03-2010, 01:30 PM
Okay the culprit appears to be winlogon.exe. Ive replaced it with one from the i386 folder, and system does now get to the xp welcome screen. However when i login it says loads personal settings then just stops, doesnt load the desktop. Same thing in safe mode or last known good. Every time i reboot now the trojan seems to replace winlogon with its own version. Need to get into machine to run AV but cant get past login

Boot to UBCD4WIN. Use Registry Restore Wizard to restore the registry to a time before the defecation hit the rotary oscillator. That should let the system boot, so you can clean it. If that fails, do a repair install of XP.

Let us know how you make out.

Rick

kisk
10-03-2010, 05:49 PM
Safe mode work?

Did you check the bios and see if she might have reset the bios settings thus changing the ATA drive mode?

B Trevathan
10-03-2010, 06:02 PM
Every time i reboot now the trojan seems to replace winlogon with its own version. Need to get into machine to run AV but cant get past login

Try holding down the shift key immediately after you login and hold it down until the desktop icons appear.


If an infection is what is causing windows not to boot you could try one of these live CD's:

DR. Web live CD (http://www.freedrweb.com/livecd/?lng=en)

Avira Rescue CD (http://dl.antivir.de/down/vdf/rescuecd/rescuecd.iso)

G Data Boot CD (https://www.gdatasoftware.com/support/main-subjects/upgrade-service/download.html)

hondablaster
10-03-2010, 08:07 PM
I had a situation like this but it was not due to a trojan. Are you sure its a trojan switching your winlogon.exe or a guess?

I cloned a drive and my boot.ini and a registry setting relating to winlogon.exe needed to be changed. It was real messy and I grew dislike for Drive Image XML. At any point was this drive cloned?

Regardless if it was or not you can google some fixes from here on out. "winlogon.exe stuck hangs loading your....."

http://support.microsoft.com/kb/816873 http://support.microsoft.com/kb/315270

To work around this issue, turn off the Welcome screen and use the classic logon screen instead. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
291559 (http://support.microsoft.com/kb/291559/EN-US/ ) HOW TO: Change the Logon Window and the Shutdown Preferences in Windows

nhaines
10-04-2010, 09:27 AM
looks liked may have solved it. Replaced the winlogon.exe with a copy from i386 and booted fine. On restart it happened again, so again replaced and ran av which found the trojan, removed it, restarted again and boots okay from then on.
It replaced the winlogon.exe with a same name file but half in size and no modified date and permissions were different.