Troubleshoot Win 10 No Safe Mode, Login to black screen

B

bradcarvey

Level 1
Thread author
Verified
May 1, 2017
20
Webroot found 2 trojan horse virus and remove them. Rebooted found more and removed them, then rebooted, to a black screen. 500 Gbyte SSD Scandisk extreme pro.

I can boot into advanced options, but startup options is not available (no safe mode).

Used my rescue disk to enter cmd line and used things like scannow, chkdsk and diskprt to test the disk. Not errors listed.

Used rescue disk to try to reset windows while saving my data... Get an error about a missing partition, but diskprt shows an 8 Gbyte partition and an approximately 480 Gbyte partition, which contains my installation and data.

Used windows 10 install disk to reset the os, got a missing partition error.

I used a similar SSD and did a clean install of Windows, to verify that the bios and hardware are ok. Having trouble getting the ASUS Sabertooth x79 audio working. Driver issues.

I ran Anvi Rescue Disk "Scan", it did not find any Threats on the windows 10 disk.
I then ran "Repair" and it found problems, with everything except Windows Firewall.
 
  • Like
Reactions: shmu26
Sort by date Sort by votes
B

bradcarvey

Level 1
Thread author
Verified
May 1, 2017
20
Lots going on, will post from a computer later. 24 hours later, webroot responded with better instructions and closed my case. I talked to a friend yesterday, about the problem. He knew all about it and asked if he could have a look at the drive. He is not an IT guy, but is data security expert. Certainly, one of the best in any government research lab. This should be interesting.

I will follow ghost later today...

Brad Carvey
 
  • Like
Reactions: frogboy, Amelith Nargothrond and shmu26
Upvote 0
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
bradcarvey said:
Lots going on, will post from a computer later. 24 hours later, webroot responded with better instructions and closed my case. I talked to a friend yesterday, about the problem. He knew all about it and asked if he could have a look at the drive. He is not an IT guy, but is data security expert. Certainly, one of the best in any government research lab. This should be interesting.

I will follow ghost later today...

Brad Carvey
Click to expand...
Thanks for update
 
  • Like
Reactions: Amelith Nargothrond
Upvote 0
B

bradcarvey

Level 1
Thread author
Verified
May 1, 2017
20
Learned a lot of stuff today and yesterday. At the end of this, I will try to write a summary, so if others have this problem, this thread might be able to help them.

I got a second response from webroot, regarding my support ticket. The first response listed methods that assumed I could boot into window and run programs. If a computer got effected by the webroot issue, there would be not way to boot and run programs. Plus, the answer was targeted at a company with lots of corrupted systems. The second answer was targeted more at an individual, but even though my response made it clear that I could not boot and run programs, they suggested that I should run Webroot and then unblock the block files. This was when I realized that nothing I could do would fix the problem. At boot up, Webroot was correcting any fixes, because it was still running and still saw those system files as corrupt. Therefore, Webroot would block and effort to fix the "blocked" system files. Very frustrating.

After the second response that required being able to boot the corrupted window 10 drive, Webroot declared my problem fixed and closed the support ticket.

So I started another support ticket and this time I got something that might help. Although, if webroot would just tell us what files were blocked, it would make is much easier to fix those files. Then I could figure out a way to boot without webroot and things should work.

The response the current support ticket was as follows:

You can copy the DBL.db from the drive that is effected and put it into another unmanaged system to see what was removed.
From this you would be able to create copies of the files that were removed in an attempt to restore the profile.

I found the file in ProgramData\WRData
dbl.db 4/24/2017 3:16 PM 45,050 KB

"put it into another unmanaged system to see what was removed" ?????

Suggestions on what this means?


I copied the dbl.db to C:\ProgramData\WRData on a new install of Webroot on a windows 8.1 HP spectre.
I opened webroot and could not find anything that suggested there was a way to look at the dbl.db file. I then ran a scan, but it found nothing and there is not way to view the dbl.db file from Webroot.

Perhaps they want me to do a diff to see the difference, but there is nothing to check it against. Plus it's not an ascii file, what good would that do.

Maybe if I open the database file and look at the last entry there will be some information, but what do I open it with and what good would that do.

BTW, once I figured out that webroot was destroying any fixes at boot time, I was able to get to get a startup options in advanced options. But Safe Mode stalled, just like a regular boot. I now know that I safe mode was meaningless, because webroot was blocking system files and safe mode would have no effect on that.

I am not going to work on this more this evening. Tommorrow, I will experiment with removing the file from my corrupted folder and possibly more files from the WRdata folder. This may cause webroot to crash or at least not fix the blocked files. This probably won't help, but it might give me some clues to what is happening.
 
  • Like
Reactions: shmu26
Upvote 0
B

bradcarvey

Level 1
Thread author
Verified
May 1, 2017
20
Unmanaged system. Probably means a system that does not have webroot. I assume if I open the db file, it will contain records, which include blocked files. Then I can copy those files to the corrupted disk and it should boot normally, as long as I prevent webroot from blocking them.

Brad Carvey
 
  • Like
Reactions: shmu26
Upvote 0
angustaver

angustaver

Level 4
Verified
Oct 10, 2014
161
You must use linux cd live or hirens boot disk
Then delete files from the antivirus
Then with dvd win 10 fix windows startup
(Repair windows startup
Or with cmd commands bootrec.exe, fixboot etc ...)
When it can boot windows
Install dvd install windows 10 version 1703
And update
 
Upvote 0
B

bradcarvey

Level 1
Thread author
Verified
May 1, 2017
20
I have tried to open the DBL.db file that I copied from the WRDATA folder.
I tried using Libre Office base.
I tried excel.
I tried a variety of sql views and online views.
I have not tried Mongo or other data base programs.
I have done this in Linux and in Window 8.1.
I will try microsoft office on a mac and any other database programs on the mac.

Any suggestions? I have emailed support and asked them what I need to open their .db file.

Brad Carvey
 
  • Like
Reactions: shmu26
Upvote 0

Similar threads

Bot
    • Like
    • Applause
Releasing Windows 10 Build 19045.2787 to Release Preview Channel
Replies
0
Views
472
Windows 11
Bot
Bot
Bot
    • Like
Releasing Windows 10 Build 19045.2670 to Release Preview Channel
Replies
0
Views
308
Windows 11
Bot
Bot
Bot
    • Like
Releasing Windows 10 Build 19045.2301 to Release Preview Channel
Replies
0
Views
419
Windows 10
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top