Infected system, boots to black screen after POST

You'll need a full version, absolutely.

 

I have BartPE up and running now. I had to use a copy of Server 03 Standard, but it booted.

 

What did you want me to run or check with the BartPE? It doesn't give me a lot of options.

 

I'd suggest looking around in the Windows files and determining if there are any Restore Points available. They will be found in C:\System Volume Imformation\ under various snapshot folders. These will contain a copy of the Registry on the date they were made. If you find one that predates this problem, it might provide a means for recovering the bootability. Basically what you would do is rename the present C:\Windows\System32\config folder to configX and then create a new empty config folder and copy the contents of your chosen snapshot registry files into it. Then exit the PE environment and attempt to boot the system.

If there are no snapshot files available, which would mean System Restore wasn't enabled, then you can look in the C:\Windows\Repair folder for a copy of the registry that was made when the system was first created. Perform the same ritual as above and try booting the system again. This would be least desirable since the early registry wouldn't support any software added since the beginning but at least it will allow access to the system for further virus detection and cleanup.

Of course you can run a disk check for errors with the PE tool. I doubt that will help since you already reported doing that earlier, but still worth a shot.

Do this first and post the contents.. You could also inspect the boot.ini file and see that it has the proper content for booting the system. You can also edit it to cause it to boot directly to a Safe Mode session without having to do any key pressing. If you can get to Safe Mode, it might lead to the ability to do further repairs such as driver recovery or replacement, if that be the problem.

But the first and possibly most important thing to consider would be to use the PE boot system to copy any valuable user data files to separate media for safe keeping.

There are several plug-ins available for the BartPE CD. If you need some function that isn't available, check for an available plug-in that would help.

Since you report that this system has been severely damaged, I wouldn't go much further than what I have outlined above before deciding to wipe and do a clean install.

 

I've recovered all the necessary data. Thankfully, we train our people to save everything to the network, so it was a very easy recovery process.

I'll work with the restore points, if I can find them, as you suggested, as well as the safe mode boot.

I'm replacing the machine now, actually, and keeping the hard drive to work on. I have the luxury of taking as long as this requires. It's now a learning exercise in system recovery for me. Let me know if that changes your willingness to help me - since it's not a "help me!" issue anymore.

 

That doesn't change a thing, I'll be happy to assist in any way I can.

 

I would think that if you aren't getting any error message or even a blinking cursor but instead just a black screen, it would tend to indicate a failure in the first sector of the drive where the MBR resides. The fact that you can access the drive when hooked up to another computer would mean that the partition table is intact. That's on the first sector as well so it mean that only part of the first sector is corrupt, unreadable, damaged, or missing.

Running the fixmbr command from a Recovery Console session can sometimes fix that sort of problem. An alternate way is to run fdisk /mbr from a dos boot with the fdisk tool on it.

The problem is, if you run the fixmbr or fdisk /mbr command while the boot sector is infected by a virus, you risk causing permanent damage. I hope that isn't what has happened but just wanted to make you aware of the risk, albeit rather late since you did that before your first post here.

Good luck and keep posting your results.

 

Going back over all the posts and processing what has been tried and failed, I have come to conclude that the boot sector is not the problem. That was ruled out by the Quick Boot CD that I had you make. It substitutes for the entire first sector of the boot drive. It also substitutes for the boot.ini, ntdetect.com, and the ntldr files. So that would tend to clear that area from the list of suspects.

That could mean that some driver that wasn't loading during boot that causes the process to hang. Since you have run a Repair install and it should have replaced any such critical drivers necessary for booting, that would seem to point to some driver that is needed for some peripheral as a possible cause. Testing that would require removing or disconnecting all added hardware, to include any added cards.

It will be interesting to hear if you were able to boot into a Safe Mode session. You need not edit the boot.ini to accomplish that, just boot the Quick Boot CD I had you make and when it pauses for you to select which drive & partition to boot, press the F8 key. That will give you the Advanced Boot Options screen where you can select Safe Mode. When you select that, you'll be returned to the drive & partition selection screen. Choose the second selection which is Physical Disk 1(rdisk0) Boot Partition 2. I think that's correct for your hard drive layout but if it doesn't work, do the process again and choose the first selection.

That's all I have for now. I'm finding it hard to believe that the Repair Install couldn't have produced a bootable system if it completed properly. It amounts to a SFC /scannow on steroids so it very well should supply all needed files for booting if it completed properly. That lends more credence to the possibility of a failed peripheral causing a driver loading hang up.

Good luck.