Question: Windows 7 Computer won’t start, keeps rebooting, help?

Question: Windows 7 Computer won’t start, keeps rebooting, help?

This is an actual help question at Yahoo Answers > Security that I found as somewhat towards rare, somwhat, that I fielded in attempt to help. Perhaps you may see something additional ?

USER QUESTION….
Windows 7 Computer won’t start, keeps rebooting, help?
http://answers.yahoo.com/question/index?qid=20120626135518AAuS8tK
The other day I was using my Toshiba Satellite L655, when suddenly it froze on me, as I tried to reboot it, it would just show a black screen. Now, I figured out that it was my Master Booter repair that had been corrupted. I have been trying to use a system repair disk, but when I use it, it comes up with country select, then I click next. After that it comes up with System recovery options, choose operating system, but it is frozen on the screen, when another box appears and is System Recovery options: Searching for Windows installations… and it is stuck from there. I can NOT get into Safe Mode on my computer, it just takes me back to reboot loop that i’m stuck in. Please help! (I don’t know much about computers so please put into simple terms, thanks)

MY ANSWER / antibotnet yahoo handle by bluecollarpc…….

You are talking a highly technical area as the MBR being fumped. (Master Boot Record). Though you say keep it simple, this is a highly technical area needing at least an Advanced User to professional to diagnose and fix. However, apparently you are aware enough to have seen or detected something and perceive the general area of trouble. The BSoD (blue screen of death) is one event. The black screen generally appears when critical and fatal corruption has occurred and other than the normal black screen appearing like when you boot into Safe Mode with Options.

If there has been irreperable damage and corruption to the system and a Black Screen appears – it will generally have a one or two liner explantion that something is totally screwed like especially something ending as SysConfig not found or similar. UNLESS you are seeing a one or two line explantion on a Black Screen and can not use the computer then it is probably not any fatal error requiring the Windows system to be reinstalled via CD Recovery Disk. So that means still a chance at a fix.

I recommend you continue in the efforts you began as reinstalling Windows as you apparently have already initiated and review online information and help about this task. If you are convinced you are performing the reinstallation process properly then this is going to wipe the disk and reinstall Windows to Factory Fresh. I own two Toshibas and they have excellent CD Recovery Disks that work flawlessly. You should NOT be running into problems with these – should be two disks either included at purchase or made from Toshiba utilities in the PC added free to make these.

As the PC has virtually become unusable – I would take the hail mary approach of attempting the drastic – wipe the entire disk and reinstall. Myself, at the point you say you are in, I would not even bother with some fix/repair option. I would go with wipe the disk and reinstall. It may be the only chance you have at getting the computer back the way you describe the situation you are in.

POSSIBLE DIAGNOSIS….
It sounds like perhaps the problem is that your computer has been infected with a rootkit/bootkit. These are about the ONLY malwares that affect the MBR area. Of course with these the ONLY cure is generally to reinstall windows after wiping the disk (completely erasing everything on the computer – windows and personal softwares and files installed). The CD Emergency Repair Disks will do that automatically and malware does not prevent this. The other repair option is an attempt to fix just an area that may have been corrupted or mistaken file deletion without wiping the disk at all – which saves all the softwares and files you have installed or created – personal files as audio and video clips, pictures, documents etc.

POSSIBLE SOLUTION….. This area is the exact new security solutions being released in Windows 8 – the new anti-rootkit anti-bootkit technologies which prevent these malwares from start up in the boot sector. There are TWO possible solutions as these two antimalware USB CD Drive products. One is the full antimalware product from well known and well awarded Emsisoft Antimalware products and FREE. The other is from Microsoft. These are first placed on a USB Drive (about 15 bucks and NOT a usb media stick – the USB DRIVE – same price) with at least 2Gigs space get 4 if you can. These will BOOT cold cokced against these very malwares (rootkit/bootkit) to quarantine them from starting up in the boot sector before the actual system is booting up. Traditional antimalware does NOT protect in this manner – but after the system start up is occurring. Make the USB Drive and stick it in and cold cok boot it with fingers crossed that this is indeed the problem experienced. If so, these should remedy this and will return the PC to normal – malware free.

Emsisoft Emergency Kit 2.0
http://www.emsisoft.com/en/software/eek/
Your emergency kit for infected PCs! Detects and removes Malware > 5 million known dangers. World class dual-scan-engine. 100% portable – perfect for USB sticks.
HiJackFree and BlitzBlank included.
Emsisoft BlitzBlank
BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. These days the software pests use clever techniques to protect themselves from being deleted. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, registry entries and drivers at boot time before Windows and all other programs are loaded.
Self made Emergency USB stick – Expand the content of the Emsisoft Emergency Kit to an USB stick and make your own universal tool to scan and clean infected PCs.  

==========
Microsoft Standalone System Sweeper (Beta) [FREE]
http://connect.microsoft.com/systemsweeper

NOW CALLED WINDOWS DEFENDER OFFLINE http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
Note “beta” means it is actually still a test version with ability of feedbacks from the community for any bugs found they need to correct. It then is released as normal “alpha” version.
NEWS:
Microsoft ships free malware cleaner that boots from CD or USB
ZDNet (blog)
June 1, 2011, 10:15am PDT In a move aimed at cutting down on support call costs, Microsoft has released a malware recovery tool that boots from a CD or USB stick. Ryan Naraine is a journalist and social media enthusiast specializing …
http://www.zdnet.com/blog/security/microsoft-ships-free-malware-cleaner-that-boots-from-cd-or-usb/8712
SEE
Bootkits
http://en.wikipedia.org/wiki/Bootkit#bootkit

Ask HTG: Reading Blue Screen of Death Codes
http://www.howtogeek.com/97093/ask-htg-reading-blue-screen-codes-cleaning-your-computer-and-getting-started-with-scripting/?utm_source=newsletter&utm_medium=email&utm_campaign=081111
Generally IRQL errors are hardware or driver related. We’d suggest
checking to see if any drivers have been updated recently and either
roll them back to the old driver or see if an even newer driver is
available (the vendor may have released a driver to fix the crashes). If
that doesn’t help you’ll find BlueScreenView, a crash dump analyzer,
rather helpful. We have a guide to using BlueScreenView to help get you
started……

BlueScreenView v1.40 – View BSOD (blue screen) crash information stored in dump files.
Copyright (c) 2009 – 2011 Nir Sofer
http://www.nirsoft.net/utils/blue_screen_view.html
SOURCES
https://sites.google.com/site/pcsecurityhelper/malware-removal-center
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
https://bluecollarpcwebs.wordpress.com/2011/11/18/unbelievable-windows-8-boot-security-cracked-already-before-released-bootkit-malware/
http://en.wikipedia.org/wiki/Bootkit#bootkit

Microsoft has issued an emergency security patch (Flame malware)

Microsoft has issued an emergency security patch (Flame malware) (FIX LINK!)
DOWNLOAD FIX: (OR at RUN Windows Updates)
Microsoft Knowledge Base Article 2718704
http://support.microsoft.com/kb/2718704

Fw: US-CERT Current Activity – Unauthorized Microsoft Digital Certificates
http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/1777
This document can also be found at
http://www.us-cert.gov/current/#microsoft_unauthorized_digital_certificates
INFECTED?
Flamer removal tool from Bitdefender
Help Net Security
It goes places where other spyware doesn’t go, retrieves information others don’t retrieve, and ensures the infected computer has no privacy whatsoever,”said Catalin Cosoi, Bitdefender’s Chief Security Researcher. “Luckily, the Bitdefender removal tool …
http://www.net-security.org/malware_news.php?id=2128

——–
Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing
http://technet.microsoft.com/en-us/security/advisory/2718704
Published: Sunday, June 03, 2012
Version: 1.0
Affected Software and Devices
This advisory discusses the following affected software and devices.
Operating System
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Affected Devices
Windows Mobile 6.x
Windows Phone 7
Windows Phone 7.5
———-

WARNING!
Flame malware hijacks Windows Update to spread from PC to PC
Ars Technica
The Flame espionage malware targeting Iranian computers contains code that can completely hijack the Windows update mechanism that Microsoft uses to distribute security patches to hundreds of millions of its users, security researchers said Monday….
http://arstechnica.com/security/2012/06/flame-malware-hijacks-windows-update-to-propogate/

INFECTED?
Flamer removal tool from Bitdefender
Help Net Security
It goes places where other spyware doesn’t go, retrieves information others don’t retrieve, and ensures the infected computer has no privacy whatsoever,”said Catalin Cosoi, Bitdefender’s Chief Security Researcher. “Luckily, the Bitdefender removal tool …
http://www.net-security.org/malware_news.php?id=2128

Homeland Security warns businesses about new cyber weapon
Examiner.com
Webroot said they first encountered a sample of Flame malware in December 2007. Researchers believe Duqu may have been created in August 2007. The first variant of Stuxnet did not appear on computers until June 2009. Cyber security experts at Kaspersky …
http://www.examiner.com/article/homeland-security-warns-businesses-about-new-cyber-weapon

Microsoft certificate used to sign Flame malware, issues warning
http://www.zdnet.com/blog/btl/microsoft-certificate-used-to-sign-flame-malware-issues-warning/78980
=========
Cover Story: Cyber spy program Flame compromises Microsoft security system
http://news.yahoo.com/cyber-spy-program-flame-compromises-key-microsoft-security-170651458–abc-news-topstories.html
Microsoft certification authority signing certificates added to the Untrusted
Certificate Store
3 Jun 2012 5:55 PM
IN FULL:
http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx
“Today, we released Security Advisory 2718704, notifying customers that
unauthorized digital certificates have been found that chain up to a Microsoft
sub-certification authority issued under the Microsoft Root Authority. With this
blog post, we’d like to dig into more technical aspects of this situation,
potential risks to your enterprise, and actions you can take to protect yourself
against any potential attacks that would leverage unauthorized certificates
signed by Microsoft
We’d also like to share how this issue relates to a complex piece of targeted
malware known as “Flame”. As many reports assert, Flame has been used in highly
sophisticated and targeted attacks and, as a result, the vast majority of
customers are not at risk. Additionally, most antivirus products will detect
and remove this malware. That said, our investigation has discovered some
techniques used by this malware that could also be leveraged by less
sophisticated attackers to launch more widespread attacks. Therefore, to help
protect both targeted customers and those that may be at risk in the future, we
are sharing our discoveries and taking steps to mitigate the risk to
customers….. ”
IN FULL
http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx
RELATED LINK
Security Advisory 2718704,
http://technet.microsoft.com/en-us/security/advisory/2718704

=========

Microsoft certificate used to sign Flame malware, issues warning
ZDNet (blog)
By Zack Whittaker | June 4, 2012, 6:04am PDT
Summary: Microsoft has issued a security advisory warning and a high-priority update after parts of the Flame malware were signed with Microsoft-issued certificates. Microsoft has issued an emergency …
http://www.zdnet.com/blog/btl/microsoft-certificate-used-to-sign-flame-malware-issues-warning/78980

=========

OLDER

Term of the Day: Flame Virus
http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/1743

Flame Malware: All You Need to Know
Network World
Because of this, it is an extremely difficult piece of malware to analyze. The reason why Flame is so big is because it includes many different libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a …
http://www.networkworld.com/news/2012/053012-flame-malware-all-you-need-259713.html?hpg1=bn

FAQ: Flame, the “super spy”
The H
by Jürgen Schmidt The spyware worm Flame is being billed as a “deadly cyber weapon”, but a calmer analysis reveals it to be a tool by professionals for professionals that doesn’t actually have that many new features compared to, say, the widespread …
http://www.h-online.com/security/features/FAQ-Flame-the-super-spy-1587063.html

Flame: Trying to Unravel the Mystery of ‘Sophisticated’ Spying Malware
PBS
Reportedly capable of taking computer screenshots, logging keystrokes and even listening in on office conversations, malware known as “Flame” is grabbing international attention after appearances in Iran and elsewhere in the Middle East….
http://www.pbs.org/newshour/bb/science/jan-june12/theflame_05-30.html

New malware Flame said to be “the most complex threat ever discovered”
allvoices
By arkar
If reports are to be believed, a malware identified as Flame has, for the past two years, been collecting private data from such countries as Iran and Israel and is being described as “one of the most complex threats ever discovered…..
http://www.allvoices.com/contributed-news/12267165-new-malware-flame-detected-said-to-be-the-most-complex-threat-ever-discovered

Flame ‘first Windows-based malware ever observed to use Bluetooth’
CSO (blog)
Despite all the hype I’ve complained about these last few days regarding Flame, there is some interesting research from the vendor community worth noting here,
including the malware’s affinity for Bluetooth. Symantec sent me the details in an email …
http://blogs.csoonline.com/malwarecybercrime/2203/flame-first-windows-based-malware-ever-observed-use-bluetooth

Don’t Get Burned By ‘Flame’ Malware Attack
PCWorld
Weighing in at 20 megabytes, and somewhere around 750000 lines of code, Flame is much closer to a commercial application like Microsoft Word, or Intuit’s Quicken than it is to the vast majority of malware attacks out there. The question is should you …
http://www.pcworld.com/article/256499/dont_get_burned_by_flame_malware_attack.html

UPDATE EDIT…..

Flame malware made to self-destruct after discovery —Symantec
GMA News
Shortly after it was discovered and made public, the “Flame” (or “Flamer”) malware, which security vendors have described as a potent super cyber-weapon, received a command from its creator to self-destruct. According to security vendor Symantec, …
http://www.gmanetwork.com/news/story/261076/scitech/technology/flame-malware-made-to-self-destruct-after-discovery-mdash-symantec
 
Flame authors order infected computers to remove all traces of the malware
Computerworld
By Lucian Constantin IDG News Service – The creators of the Flame cyber-espionage threat ordered infected computers still under their control to download and execute a component designed to remove all traces of the malware and prevent forensic analysis …
http://www.computerworld.com/s/article/9227876/Flame_authors_order_infected_computers_to_remove_all_traces_of_the_malware
 
Flame gets suicide command
Register
By Richard Chirgwin 
The controllers of the Flame malware have apparently reacted to the publicity surrounding the attack by sending a self-destruct command. According to Symantec, some command-and-control machines have sent …
http://www.theregister.co.uk/2012/06/07/flame_suicide_command/
 
%d bloggers like this: