Vista 32 not booting - BSOD stop:0x0000007B

AlaDes,

The Pihar family of rootkits (TDSS variants) create an encrypted hidden partition at the end of a drive and mark it Active to have the machine boot to that partition first. It contains all of the rootkit files (encrypted), then continues to boot the system partition. In doing so, this, of course, grants it access to all information flowing through the PC. This is actually what my blog post (linked above) is about.

The side effect, naturally, is that if you remove the rootkit but do not properly adjust the partition flags, you end up with an unbootable system as the main OS partition is Inactive. Sometimes it's as easy as correcting that setting, but other times the entire BCD seemingly needs to be rebuilt. After that, I find that all of these machines spring back to life.

I hope my post above helps the OP solve the issue.
 
othersteve said:
AlaDes,

The Pihar family of rootkits (TDSS variants) create an encrypted hidden partition at the end of a drive and mark it Active to have the machine boot to that partition first. It contains all of the rootkit files (encrypted), then continues to boot the system partition. In doing so, this, of course, grants it access to all information flowing through the PC. This is actually what my blog post (linked above) is about.

The side effect, naturally, is that if you remove the rootkit but do not properly adjust the partition flags, you end up with an unbootable system as the main OS partition is Inactive. Sometimes it's as easy as correcting that setting, but other times the entire BCD seemingly needs to be rebuilt. After that, I find that all of these machines spring back to life.

I hope my post above helps the OP solve the issue.
Click to expand...

I did a rebuild from the bcdedit command. I believe I already did the steps you describe but will try again just to be sure. I already tried unhide partitions and no new ones were revealed. System has no system recovery partition as it was a custom build.
 
Last edited:
Last edited:
I give up !!

I have several Vista recovery CD's and I finally found all the commands. Don't know why they were missing from the Vista Ultimate retail DVD but they are not there. I ran Steve's list of 19 command strings and had high hopes :D of success because I received no indications of failure. Restarted the computer and got the very same boot stop error message. :eek: I tried another repair from the installation disk and got the same problem details about BadPatch.

When I was in high school, I worked as a diesel mechanic on bulldozers, loaders, dump trucks, etc. One of my main tools was a BFH (Big Floking Hammer or something like that) which was often required on heavy equipment. Tomorrow, I break out the BFH and replace the hard drives and install Windows 7 (64) on this computer. I was planning to do this soon anyway but this was not the best time for me - - right before Christmas.

Other than a Windows Update that happened right before the failed reboot, the only other system change was the unauthorized installation of some game software called "KingsIsle Entertainment". My daughter's old desktop died recently and I had let her use one of my laptops while I configure another one for her. I suppose she got tired of the little laptop screen and decided to play something on the big system. Before the system failed to boot, I scanned the computer with several different tools and found nothing. From my research on this game software, it may be one of the few on the Internet that is NOT malicious.

This also breaks my winning streak. This is the first problem that I could not fix. I do just about anything including replacing capacitors and fuses on motherboards which most shops do not do anymore. I spent over 5 days on this which is probably about 3 days more than I should. In the middle of all this, my truck broke (fuel or ignition problem), audio/video receiver died (no Christmas music), I seriously injured my back, and my wife had a stroke. It has not been a very merry Christmas this year.

I thank the members on this forum that tried to help me. This is a good place.
 
Last edited:
Sorry to hear you've run into so much misfortune!!! May the New Year be far better for you and yours!

BTW, if the truck has high miles and you can't hear the fuel pump, get a pressure gauge on the fuel rail and see if the fuel pressure is within spec after engaging the starter briefly. Most pumps are in the tank these days and they have a bad habit of croaking rather suddenly.
 
othersteve said:
AlaDes,

The Pihar family of rootkits (TDSS variants) create an encrypted hidden partition at the end of a drive and mark it Active to have the machine boot to that partition first. It contains all of the rootkit files (encrypted), then continues to boot the system partition. In doing so, this, of course, grants it access to all information flowing through the PC. This is actually what my blog post (linked above) is about.

The side effect, naturally, is that if you remove the rootkit but do not properly adjust the partition flags, you end up with an unbootable system as the main OS partition is Inactive. Sometimes it's as easy as correcting that setting, but other times the entire BCD seemingly needs to be rebuilt. After that, I find that all of these machines spring back to life.

I hope my post above helps the OP solve the issue.
Click to expand...

Actually, your blog is one of the fixes I tried without any success.
 
JustInspired,

Thanks man! It was a lot of luck stumbling upon that solution.

AlaDes said:
Actually, your blog is one of the fixes I tried without any success.
Click to expand...
Gotta be something other than BCD issues then. That's the only this this particular fix addresses. If it was still a product of the infection, the next thing I'd suspect is either a problematic filesystem filter driver or other kernel-mode malware. 0x7b stop errors can reference a wide variety of memory access issues, but it just so happens that those relating to Pihar and SST are the most common currently (hence why this fix works so often).
 
Last edited:
Let's just say this one had me stumped at the time. My hardware diagnostics kept reporting bad video memory on both the PCs, but they ran fine under a linux environment. Also, extracting the factory images on the recovery partition after copying it to another drive and repartitioning the drives did mo good either. I guess it could have been possible that both PCs had a corrupt image but I find it hard to believe lol.
 
othersteve said:
Over at my site, there's this blog posting on a related issue... Might want to take a look at this:

http://triplescomputers.com/blog/ca...00000d-0x0000000000000000-0x0000000000000000/

This approach nearly always solves the problem for me. Hope this helps.
Click to expand...
Thank you! Thank you! Thank you! Worked great for a Windows 7 laptop we have that was getting 0x7b bluescreen. I was at my whit's end. I also have a Windows XP laptop getting the same error right now. It will not boot to XP in normal or Safe Mode, and when booting to an XP CD to go to repair console, it does not recognize the hard drive at all. However, when booting from Hiren's or Spinrite the drive is seen just fine. Not sure what to do there.
 
You must log in or register to reply here.

Similar threads

timeshifter
How to wipe 4-8 drives at the same time in a Windows PC?
2
Replies
27
Views
4K
Joep
Joep
sapphirescales
Weird (Possibly Memory?) Issue
2 3
Replies
51
Views
5K
lan101
lan101
NJW
Lenovo IdeaCentre B540 AIO - no BIOS/UEFI display, but boots normally
Replies
8
Views
3K
NJW
NJW
HCHTech
Win10 - setup with 4TB data drive
2
Replies
20
Views
3K
HCHTech
HCHTech
Metanis
[WARNING] Linux still not so much fun
2 3
Replies
56
Views
5K
Alexey
Alexey
Back
Top