Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Laptop won't boot & Recovery partition corrupt... Rootkit?

06 Jun 2013   #11
wwjd

Windows 7 Home 64-bit
 
 

okay, I've posted the logs as you suggested, under this Security thread: Recovery partition or MBR was damaged

Thanks for your help!


My System SpecsSystem Spec
.
06 Jun 2013   #12
gregrocker

 

If you have the System Reserved partition then it most likely had the System boot files and Active flag on it. The Active flag may have moved there once you tried to run Recovery, or during a repair attempt. It's not known viral activity.

Once you have any infection cleaned up and the System Files checked, I'd move the Active back to System partition and run Startup Repair up to 3 separate times until Win7 starts.
My System SpecsSystem Spec
06 Jun 2013   #13
wwjd

Windows 7 Home 64-bit
 
 

Quote   Quote: Originally Posted by gregrocker View Post
If you have the System Reserved partition then it most likely had the System boot files and Active flag on it. The Active flag may have moved there once you tried to run Recovery, or during a repair attempt. It's not known viral activity.
When you write "moved there," do you mean the System partition, or the Recovery partition?

My boot flag was originally on the System partition, but it apparently got moved somehow to the Recovery partition (which happened to be missing or corrupt, and thus the inability to boot on Saturday).

I moved the boot flag back to System yesterday, so that we could boot again, to run the TDSS and FRST scans. I can attempt a reboot back into Recovery tomorrow (by pressing 0 during startup), to test if the boot flag will get moved from that action.
My System SpecsSystem Spec
.

06 Jun 2013   #14
gregrocker

 

The Boot flag means different things in different environments. In Disk Mgmt it means the partition currently booted. In Partition Wizard which we rely most heavily upon here it means where the System boot files reside - which is signified by the System flag in Disk Mgmt. I'm not sure what it means in the Linux app you used but likely System boot files reside there and it is booting the OS.

Active flag points which partition is to boot, and Recovery can be made to boot in some PC's by marking it Active. So the Active flag might have been moved there when you attempted to run Recovery.

To repair Win7 once it's disinfected (if so) and system files checked, we mark the partition intended to boot Win7 Active and run Startup Repair - Run up to 3 Separate Times
until Win7 starts and its boot partition holds the System flag meaning the System files are booting from there. It explains in the tutorial why it's run 3 times, and why this is the most comprehensive method to repair or rewrite the System boot files.
My System SpecsSystem Spec
10 Jun 2013   #15
wwjd

Windows 7 Home 64-bit
 
 

FYI, I tried booting from the Recovery partition again, and that still doesn't work. Nor did that action cause my boot flag to move from System to Recovery partition, which means that something else did.

In summary, my Toshiba laptop does boot right now, from System partition, because I had manually moved the boot flag back to it. TDSS and MWB scans were negative but run from regular (not safe) mode.

However, my Recovery partition is damaged/gone for whatever reason, and thus, I don't trust this hard drive anymore and feel compelled to run a 0-fill wipe and restore from my recovery DVDs (in order to re-install a clean OS).

@gregrocker: Can you please clarify your suggestion that I run Startup Repair 3 times? On or from which partition? Do you still feel that is helpful in my situation, because it will at least provide some info on what exactly happened?

What about the tutorial on Windows Failure to start? Do you still think I should go through those steps? Thanks.
My System SpecsSystem Spec
10 Jun 2013   #16
gregrocker

 

Startup Repair will check for any problems and attempt to repair them if it finds any, so yes it is a good idea even if its booting.

I would not be too worried about being hijacked since there isn't any infection known to move the Active flag. Do you have other symptoms more related to performance which make you think you've been infected?

However if you are still running factory preinstalled Win7 that is a corrupt install to begin with, larded with smothering bloatware and useless duplicate utilities that have much better versions built into Win7. So I would unleash Win7's native performance by doing what most tech enthusiasts do to Clean Reinstall - Factory OEM Windows 7.

Everything you need is in the link to get and keep a perfect install, as long as you stick with the tools and methods given.
My System SpecsSystem Spec
Reply

 Laptop won't boot & Recovery partition corrupt... Rootkit?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Clean install WIN7 to new SSD - corrupt Boot Config/partition lost
Hi Firstly, thanks to all those tutorials and help provided in the forum by the forum members/experts - Kudos. Laptop - Sony Vaio VPCEE23FX OS - Windows 7 Home Premium x64 CPU - AMD Athlon II P320 Dual Core 2.1GHz Memory - 8GB (2 x 4gb) DDR3/1066MHz Graphics Card - ATI Mobility Radeon™...
Installation & Setup
Corrupt partition, can't boot, Startup Repair loop, tried chkdsk
Recently, my computer had a few files that were "corrupted and unreadable" and upon restarting or powering on the PC, it would run chkdsk before booting to Windows. It failed a few times, but once I luckily managed to get it to boot after running Startup Repair for the first time. This was when I...
BSOD Help and Support
Boot sector for system disk partition is corrupt
Hi! I'll go straight to the point. My OS is Windows 7 x64. I have a 500GB Seagate HDD. I have 4GB of Kingston RAM (DDR3), and MOBO is Asus (not sure about the brand since I am not at home now). I was using Win2Flash when my desktop suddenly froze. Even the task manager would not appear. I had...
General Discussion
Boot Sector for system disk partition is corrupt guidance.
I have read another thread with this same issue but I openly admin this above me so I am having to ask for info in smaller chunks. My wife shout down her computer this morning took it on remote location for work today but never booted it up. When she got back home tonight it wouldn't boot up. ...
General Discussion
deleted the recovery partition on my Laptop.
I accidentally deleted the recovery partition on my Hp compaq Presario CQ61 and have never burnt the recovery to a DVD. Checked Hp Site and the only option is to re-order another. The serial number of my Notebook is CNF9494GMB & Model is CQ-61420US Any help in this regard will be appreciated
Backup and Restore
Corrupt ci.dll rootkit virus help
Hi guys, I am new here and I have to admit that I am not very good with computers. I know my way around the software and terminology, but once the console opens up I am clueless. I have been battling a rootkit virus for a few days now and I think I am very close to the solution. My computer...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 11:26.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App