Startup Repair Looping to no effect

Discussion in 'Windows 7 Help and Support' started by reynola1, Aug 18, 2010.

  1. reynola1

    reynola1 New Member

    Joined:
    Aug 18, 2010
    Messages:
    6
    Likes Received:
    0
    Hello,

    My computer contracted the AntiMalware Doctor/Spyware Suite trojan several days ago. I was able to remove the majority of it, but upon booting AND connecting to the internet I would receive the following message:

    "Windows has encounterd a critical error and will restart in 1 minute."

    After doing some research the solution seemed to be to run the 2010 Kapersky Recovery disk. I did this, it ran and found several remaining trojans, restarted, and......


    Went into startup repair. Now every time I boot, regardless of the choice (Safe mode, last known good config, normal) the computer instead goes to startup repair.


    The startup repair will take several minutes and then return saying "could not fix the problem" (I can get the exact error message again if need be).

    Here are the things I've tried so far:

    Letting startup repair run
    Running startup repair from the Windows 7 disk
    Using bootrec.exe /FixMbr
    Using bootrec.exe /RebuildBCD
    Using bootrec.exe /FixBoot

    I have put another hard drive in the computer and installed a copy of Windows 7 on it and run EasyBCD 2.0. Using EasyBCD 2.0 I have:

    Reset BCD configuration
    Recreated/Repaired Boot files
    Installed the Windows 7 bootloader to the MBR

    So far nothing has worked. Is there any more information that would be of help to solving this?


    Thank you in advance.
     
  2. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    Hi.

    Based on your description, you have a particularly bothersome strain of malware that affects a Windows service necessary to run.

    You will have best luck by low level formatting the hard drive with Killdisk, to 0 it out and destroy all malware.

    Then proceed to install Windows by booting to the DVD.

    You'll have to backup anything you want to keep, first. I'd be careful though with that, as whatever you backup may be compromised as well.
     
  3. reynola1

    reynola1 New Member

    Joined:
    Aug 18, 2010
    Messages:
    6
    Likes Received:
    0
    Well I think I have managed to solve the problem.

    Using EasyBCD on my alternate installation I installed the BCD onto my formerly damaged partition.

    Now instead of booting into startup repair it would return an error saying that system file ""wwfzuyy.sys"" in the System32/Drivers folder was corrupted. A quick Bing/Google search did not turn up anything so, using the alternate install I removed the file from the damaged windows installation. Rebooted, selected the damaged Windows and.....


    Sucsess :D

    Booted straight into windows with no problems. I'm now going to run several virus/malware scans to try and see if it is still there.

    TorrentG would you happen to know the name of this bothersome piece of malware?

    Anyways I shall be sure to update if anything more of note happens.

    Thanks
     
  4. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    No, I don't know the name as I was generalizing.

    Based on your post, wwfzuyy.sys was/is definitely malware and it was great what you have done to repair Windows.

    I have to say from a technical standpoint though, that once Windows is compromised in this manner, there is absolutely no way to tell what the malware has done behind the scenes, so to speak.
    This is not only my opinion, but that of the world famous security expert Steve Gibson.

    So I still recommend a clean install in the manner I described above. If you don't care too much and would rather take your chances, you may be fine and get away with the fix you've already done.
     
  5. reynola1

    reynola1 New Member

    Joined:
    Aug 18, 2010
    Messages:
    6
    Likes Received:
    0
    I have no doubt that Windows has been compromised. I have allready noticed that the performance has degraded considerably. However, I just need to keep it up and running long enough for me to buy another hard drive to back up my data.

    Again, thanks for your help.
     

Share This Page

Loading...