boot problem/virus with Inaccessible_Boot_Device

JJ · Aug 21, 2006

Hi:
Last week after rebooting our win2k sp4 server, our server came up Blue
Screen with Inaccessible_Boot_Device error and even cannot go into Safe
mode. Used a Win2k startup CD
going into the recovery console and ran Chkdsk but came up with
nothing.

Use a DOS bootable disk and FDISK /MBR, the system was able to boot
normally then a message pop up saying something like: "The system has
been updated and you would need to reboot your system to take effect".
Once reboot the system went into Blue screen again.

We then mount the hard drive to another PC and ran several major
Anti-Virus such as Norton, Kaspersky. Kill some suspicious but still
get into Blue screen again with the same error. We then have to use
FDISK /MBR again in order to boot normally.

It seems that the system was infected with some kind of boot sector
virus that erase the partition boot section on every successful boot.
But none of our major anti-virus software was able to dis-infect it.
Anyone has any thought whether this is a virus? Is there any solution?

Much appreciated.

Meat Plow · Aug 21, 2006

Subject: boot problem/virus with Inaccessible_Boot_Device
From: "JJ" <[email protected]>
Newsgroups: microsoft.public.win2000.general,alt.comp.virus,24hoursupport.helpdesk
Date: 21 Aug 2006 02:52:07 -0700

Hi:
Last week after rebooting our win2k sp4 server, our server came up Blue
Screen with Inaccessible_Boot_Device error and even cannot go into Safe
mode. Used a Win2k startup CD
going into the recovery console and ran Chkdsk but came up with nothing.

Use a DOS bootable disk and FDISK /MBR, the system was able to boot
normally then a message pop up saying something like: "The system has been
updated and you would need to reboot your system to take effect". Once
reboot the system went into Blue screen again.

We then mount the hard drive to another PC and ran several major
Anti-Virus such as Norton, Kaspersky. Kill some suspicious but still get
into Blue screen again with the same error. We then have to use FDISK
/MBR again in order to boot normally.

It seems that the system was infected with some kind of boot sector virus
that erase the partition boot section on every successful boot. But none
of our major anti-virus software was able to dis-infect it. Anyone has any
thought whether this is a virus? Is there any solution?

Maybe your dos bootable disk is infected?

Dave Patrick · Aug 21, 2006

Try creating a boot disk. For the floppy to successfully boot Windows 2000
the disk must contain the "NT" boot sector. Format a diskette (on a Windows
2000 machine, not a DOS/Win9x, so the NT boot sector gets written to the
floppy), and copy Windows 2000 versions of ntldr, ntdetect.com, and boot.ini
to it. Edit the boot.ini to give it a correct ARC path for the machine you
wish to boot. Below is an example of boot.ini. The default is to start the
operating system located on the first partition of the primary or first
drive (drive0). Then drive0 partition 2 and so on.

[boot loader]
timeout=10
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows 2000 0,1"
multi(0)disk(0)rdisk(0)partition(2)\WINNT="Windows 2000 0,2"
multi(0)disk(0)rdisk(1)partition(1)\WINNT="Windows 2000 1,1"
multi(0)disk(0)rdisk(1)partition(2)\WINNT="Windows 2000 1,2"

Another possibility is to try loading the controller driver also from
floppy. For the floppy to successfully boot Windows 2000 the disk must
contain the "NT" boot sector. Format a diskette (on a Windows 2000 machine,
not a DOS/Win9x, so the "NT" boot sector gets written to the floppy), then
copy ntldr, ntdetect.com, and boot.ini to it. Edit the boot.ini to give it a
correct ARC path for the machine you wish to boot.

In order for this to work you'll want to change the arc path in boot.ini
from multi syntax to scsi syntax to indicate that Windows 2000 will load a
boot device driver and use that driver to access the boot partition. Then
also copy the correct manufacturer scsi driver to the floppy but renamed to
ntbootdd.sys

Something like this below;

[boot loader]
timeout=10
default=scsi(0)disk(0)rdisk(0)partition(1)\windows
[operating systems]
scsi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows 2000 0,1"
scsi(0)disk(0)rdisk(0)partition(2)\WINNT="Windows 2000 0,2"
scsi(0)disk(1)rdisk(0)partition(1)\WINNT="Windows 2000 1,1"
scsi(0)disk(1)rdisk(0)partition(2)\WINNT="Windows 2000 1,2"

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi:
| Last week after rebooting our win2k sp4 server, our server came up Blue
| Screen with Inaccessible_Boot_Device error and even cannot go into Safe
| mode. Used a Win2k startup CD
| going into the recovery console and ran Chkdsk but came up with
| nothing.
|
| Use a DOS bootable disk and FDISK /MBR, the system was able to boot
| normally then a message pop up saying something like: "The system has
| been updated and you would need to reboot your system to take effect".
| Once reboot the system went into Blue screen again.
|
| We then mount the hard drive to another PC and ran several major
| Anti-Virus such as Norton, Kaspersky. Kill some suspicious but still
| get into Blue screen again with the same error. We then have to use
| FDISK /MBR again in order to boot normally.
|
|
| It seems that the system was infected with some kind of boot sector
| virus that erase the partition boot section on every successful boot.
| But none of our major anti-virus software was able to dis-infect it.
| Anyone has any thought whether this is a virus? Is there any solution?
|
|
| Much appreciated.
|

Ben Myers · Aug 21, 2006

Go into the BIOS setup and see if there is "Boot virus protection" option.
If so, enable it. Be sure to save the change when exiting. Also, most
antivirus programs can be set to real time or "On Access" scanning and
many actually record the boot sector and MBR information when installed
in case of infection or damage.

AVG http://www.grisoft.com
F-PROT http://www.f-prot.com
On line scan http://housecall.trendmicro.com

Ben

Gabriele Neukam · Aug 21, 2006

Use a DOS bootable disk and FDISK /MBR, the system was able to boot

Why didn't you use fixboot and fixmbr, which are the tools for a
NT-based system?

Gabriele Neukam

(e-mail address removed)

Dustin Cook · Aug 21, 2006

JJ said:
Use a DOS bootable disk and FDISK /MBR, the system was able to boot
normally then a message pop up saying something like: "The system has
been updated and you would need to reboot your system to take effect".
Once reboot the system went into Blue screen again.

Your lucky you didn't kill your partition/mbr tables doing that. I
wouldn't suggest it again...

We then mount the hard drive to another PC and ran several major
Anti-Virus such as Norton, Kaspersky. Kill some suspicious but still
get into Blue screen again with the same error. We then have to use
FDISK /MBR again in order to boot normally.

Nevermind then... your data thats at risk, not mine...

It seems that the system was infected with some kind of boot sector
virus that erase the partition boot section on every successful boot.

Never heard of any virus that does this...

Have you tried using www.cgsecurity.org testdisk? have it scan and
write a new partition table to the system for you. You might also want
to use the NT versions of fixmbr, instead of fdisk...

But none of our major anti-virus software was able to dis-infect it.
Anyone has any thought whether this is a virus? Is there any solution?

I doubt it's a virus... Solution depends on the problem. Try the
testdisk application I already mentioned, and quit trying to fix NT
with a dos boot disk, unless you want to tell your boss you hosed the
system....

David H. Lipman · Aug 21, 2006

From: "JJ" <[email protected]>

| Hi:
| Last week after rebooting our win2k sp4 server, our server came up Blue
| Screen with Inaccessible_Boot_Device error and even cannot go into Safe
| mode. Used a Win2k startup CD
| going into the recovery console and ran Chkdsk but came up with
| nothing.
|
| Use a DOS bootable disk and FDISK /MBR, the system was able to boot
| normally then a message pop up saying something like: "The system has
| been updated and you would need to reboot your system to take effect".
| Once reboot the system went into Blue screen again.
|
| We then mount the hard drive to another PC and ran several major
| Anti-Virus such as Norton, Kaspersky. Kill some suspicious but still
| get into Blue screen again with the same error. We then have to use
| FDISK /MBR again in order to boot normally.
|
| It seems that the system was infected with some kind of boot sector
| virus that erase the partition boot section on every successful boot.
| But none of our major anti-virus software was able to dis-infect it.
| Anyone has any thought whether this is a virus? Is there any solution?
|
| Much appreciated.

Please don't Multi-Post.

You know how to Cross-Post. Plaese do so to only pertinent, On Topic, News Groups in the
future.

boot problem/virus with Inaccessible_Boot_Device	6	Aug 21, 2006
inaccessible_boot_device on clean install on clean drive	6	Sep 19, 2009
Inaccessible_Boot_Device	10	Feb 14, 2009
System Will Not Boot	4	May 17, 2005
A required device isn't connected or can't be accessed. Error code:0xc0000225	5	Jul 29, 2021
INACCESSIBLE_BOOT_DEVICE" error	7	May 26, 2006
Help!! Can't boot Win2k: INACCESSIBLE_BOOT_DEVICE	4	Jun 7, 2004
BSOD trying to boot into Safe Mode	2	Aug 19, 2007

boot problem/virus with Inaccessible_Boot_Device

JJ

Meat Plow

Dave Patrick

Ben Myers

Gabriele Neukam

Dustin Cook

David H. Lipman

Ask a Question

Similar Threads