Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: windows failed to start with "ynhif is compressed" error


30 Dec 2011   #1

NY
 
 
windows failed to start with "ynhif is compressed" error

A friend who has an Aspire One with Windows 7 Starter asked me to help, his computer wouldn't boot. It would go through the bios part of the boot and then very quickly it would show an error saying "ynhif is compressed" and stop there. The error would come up so fast it was as if Windows wasn't even trying to boot. There was none of the normal Windows startup screens. There was nothing I could do to boot the machine. I couldn't get to the list of boot options. This problem was happening way before one could get that list in the startup process.

I booted off an AVG antivirus rescue disk cd and checked the system. There were no viruses. That disk allowed me to use a simple file browser and editor. I could see a file named ynhif with no file extension and a file size of around 233kb. It was modified at the same time that Windows 7.ld was modified.

I googled heavily but couldn't find anything about a file named vnhif. I didn't know what to do so on a hunch I just renamed the file to ynhif.old and the system booted right up.

Does anyone have any idea what ynhif might be from and how it got there? I looked into it with a text editor and looked like it was some kind of boot file, with references to linuxey stuff and thing about booting.

I thought I'd post this here as it might help someone else and also to see if anyone had any ideas.

Thanks!
Greg


My System SpecsSystem Spec
.

30 Dec 2011   #2

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by takoateli View Post
A friend who has an Aspire One with Windows 7 Starter asked me to help, his computer wouldn't boot. It would go through the bios part of the boot and then very quickly it would show an error saying "ynhif is compressed" and stop there. The error would come up so fast it was as if Windows wasn't even trying to boot. There was none of the normal Windows startup screens. There was nothing I could do to boot the machine. I couldn't get to the list of boot options. This problem was happening way before one could get that list in the startup process.

I booted off an AVG antivirus rescue disk cd and checked the system. There were no viruses. That disk allowed me to use a simple file browser and editor. I could see a file named ynhif with no file extension and a file size of around 233kb. It was modified at the same time that Windows 7.ld was modified.

I googled heavily but couldn't find anything about a file named vnhif. I didn't know what to do so on a hunch I just renamed the file to ynhif.old and the system booted right up.

Does anyone have any idea what ynhif might be from and how it got there? I looked into it with a text editor and looked like it was some kind of boot file, with references to linuxey stuff and thing about booting.

I thought I'd post this here as it might help someone else and also to see if anyone had any ideas.

Thanks!
Greg

Greg I am highly suspicious of it. I too googled it with no information, the fact that it had no extension (or was it hidden) more so.

The fact that AVG didnt find anything isnt un-usual. I would download malwarebytes and run it against the file before you delete it.
My System SpecsSystem Spec
30 Dec 2011   #3

NY
 
 

ZigZag,

Thanks! I didn't delete the file. I'm going to move a copy of it over to my Mac and send it to the antivirus folks that have a place on the web to submit suspicious files for analysis.

I think installing MalwareBytes is a good idea too! I'm going to do that now. I'll post back what it turns up.

Greg
My System SpecsSystem Spec
.


30 Dec 2011   #4

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by takoateli View Post
ZigZag,

Thanks! I didn't delete the file. I'm going to move a copy of it over to my Mac and send it to the antivirus folks that have a place on the web to submit suspicious files for analysis.

I think installing MalwareBytes is a good idea too! I'm going to do that now. I'll post back what it turns up.

Greg

Good luck
My System SpecsSystem Spec
30 Dec 2011   #5

NY
 
 

ZigZag,

Sophos came back with results first. They say the file is clean. I'll see what the others say. I also submitted to Avira, Symantec and another one.

Greg
My System SpecsSystem Spec
30 Dec 2011   #6

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by takoateli View Post
ZigZag,

Sophos came back with results first. They say the file is clean. I'll see what the others say. I also submitted to Avira, Symantec and another one.

Greg

Good. Better safe than sorry with unknown files.
My System SpecsSystem Spec
31 Dec 2011   #7

windows 7 x64 Home Premium
 
 

After you renamed the file and got the pc to boot, did your friend's system create a new ynhif file?
My System SpecsSystem Spec
03 Jan 2012   #8

Win7Ultimate x64 + x32, Win7Pro x64, XP x32, Win 2003, Ubuntu and OpenIndiana
 
 

It's highly likely you've caught some form of pre-boot rootkit that uses a random name for its payload. Googling or looking for another "ynhif" won't help because other installations of the same malware will be named with a different set of five random characters. If you want to check if the computer has been reinfected, use a boot disk to look for the re-appearance of any other files with random names.

Brand-name antivirus software virtually useless against this kind of threat and all 'clean' reports you get should be considered false negatives.

Rootkit malware is extremely difficult to eradicate. Your best option is to copy all data off the system, wipe the hard drive (diskpart clean) and reinstall from a recovery disk or retail DVD.

Make sure your friend gets into the habit of updating all his Internet-facing software (browser, flash, acrobat reader) to reduce the risk of being infected again. Running AV software alone is an inadequate defense.
My System SpecsSystem Spec
Reply

 windows failed to start with "ynhif is compressed" error




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:50 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33