Break Windows to fix it: “Several attempts were made, but the cause of the problem could not be determined”
From time to time, it happens that users come to me with a booted-up Windows 7 or 8 (probably there will be victims too), who are constantly running System Restore instead of a normal boot, and the automatic troubleshooting mechanism cannot cope .
I managed to figure out why the message “Several attempts were made, but the cause of the problem could not be determined” appears and how to restore the life of the OS without a radical reinstallation.
Symptoms of the problem: everything is fine with the disk, file system is OK, files from the bootable USB drive or disk are viewed on partitions, apparently everything is in place, the recovery system finishes with the code 0x0 (no errors), but Windows does not start, suggesting recovery , while it can not explain to the user - why.
')
The only clue is in the description of the problem issued by the recovery tool, there is a line of the form
At this stage, it is already possible to guess that the operating system does not start due to the absence or damage of some of the files needed at the kernel start up stage. However, nowhere is there any mention of which file we are talking about. This can only be learned by “dolomav” OSes: you need to replace the boot process so that the recovery system simply does not start. Below is a step by step instruction.
1. While in the recovery tool, click "Show additional system recovery options" and select the launch of the command line for manual intervention.
We will be asked for the login and password for the Windows user, under which we will be able to log into the fallen Windows, although this is not important to us.
2. In the console, execute two commands in sequence:
Just in case, make sure beforehand (by dir d: \ windows) that the drive letter in this recovery environment is really “d”.
Here, now we have “nailed” the recovery system. It is even possible that in some places at the initial stage we will now have inscriptions not in Russian (or whatever language there was, if Windows is localized), but in English. If this is undesirable, add the option "/ l ru-RU" to the end of the second command:
Well, or what language did you use? Further. Feel free to reboot and (if asked) choose the normal Windows boot. Very soon, the download will be interrupted, showing a bunch of white letters on a black screen, like this:
Of course, the line with “File:” is the only thing for which all this was started. We carefully remember the name of the specified file (or photograph it on a mobile phone, write it down on a piece of paper, etc.) and get our trump bootable USB flash drive with a Windows installer (or insert a similar DVD), click Reset (if available) and boot into the installer. The main thing is that we have the same version (7, 8, ...), system language and bit depth (x86 / x64) of the systems on the disk and on the installation media.
Now we need to return everything as it was before our arrival.
We select, having reached the image on the right, system recovery. We are asked which system we are going to restore:
If something is wrong, they will tell us that the installation disk does not fit the installed system. You should make sure that the selected bitness is correct (look at the presence of the folder “Program files (x86)” - if there is, then this is 64-bit axis, if not, respectively, 32-bit, although it is safer to search SysWOW64 in the folder of the axis itself, try Download the installer in another language, and maybe take another version.
It's time to lie back in the chair and watch the process.
At the end of this process, we will return to where we started from - to constantly launch the recovery system, which does not know what the problem is. If we could immediately see the name of the file that caused the problem, we would not need anything above!
Anyway, now we can only fix the problem itself, to which we have been selected for so long. Again, click "Show additional system recovery options" and select the launch of the command line. This we need only to run regedit.exe
In the Registry Editor, select the HKEY_LOCAL_MACHINE branch and in the menu select the registry hive load from the file:
In the opened dialog, we feed the SYSTEM file from the d: \ windows \ system32 \ config folder to the editor (this is a piece of the registry of the axis being restored).
We are asked for a name - we give absolutely any name, for example, "1". The bush connects and we can select it in the editor window. Now you just need to find and delete information about the file whose name we observed in white and black. Press Ctrl + f (you can even just F3) and type the same name into the search bar (you do not need to enter the path at all). When the editor finds the record, delete the entire branch (in the left part of the editor window, where the registry tree is) with this record and repeat the search (F3). When we receive the message “Search in the registry is complete” - you can wrap up: we wind the tree back to our name given to the bush (“1” for example) and unload the bush through the editor menu.
Everything, repair is finished, we reboot and we check operation of the operating system!
PS: As it should be seen from the file name, which we so easily fished out from the system - the problem is usually created by various kinds of Trojans, kindly installed by users working with the administrative account of the system, and the problem does not occur when the Trojan (or even just malware ) is installed, and then, when the beast is forced out by antivirus. The entry in the registry of the Trojan file, as "desperately needed to run," and causes Windows to loop with an attempt to restore. Therefore, in order not to get up twice - it is advisable to first scan the files with an antivirus, remove garbage Trojans from the disk, and then proceed to the described procedures - in case more than one such animal is registered in the system.
I managed to figure out why the message “Several attempts were made, but the cause of the problem could not be determined” appears and how to restore the life of the OS without a radical reinstallation.
Symptoms of the problem: everything is fine with the disk, file system is OK, files from the bootable USB drive or disk are viewed on partitions, apparently everything is in place, the recovery system finishes with the code 0x0 (no errors), but Windows does not start, suggesting recovery , while it can not explain to the user - why.
')
The only clue is in the description of the problem issued by the recovery tool, there is a line of the form
Signature Problem 07: CorruptFile
At this stage, it is already possible to guess that the operating system does not start due to the absence or damage of some of the files needed at the kernel start up stage. However, nowhere is there any mention of which file we are talking about. This can only be learned by “dolomav” OSes: you need to replace the boot process so that the recovery system simply does not start. Below is a step by step instruction.
1. While in the recovery tool, click "Show additional system recovery options" and select the launch of the command line for manual intervention.
We will be asked for the login and password for the Windows user, under which we will be able to log into the fallen Windows, although this is not important to us.
2. In the console, execute two commands in sequence:
bootrec /RebuildBcd bcdboot d:\windows Just in case, make sure beforehand (by dir d: \ windows) that the drive letter in this recovery environment is really “d”.
Here, now we have “nailed” the recovery system. It is even possible that in some places at the initial stage we will now have inscriptions not in Russian (or whatever language there was, if Windows is localized), but in English. If this is undesirable, add the option "/ l ru-RU" to the end of the second command:
bcdboot d:\windows /l ru-RU Well, or what language did you use? Further. Feel free to reboot and (if asked) choose the normal Windows boot. Very soon, the download will be interrupted, showing a bunch of white letters on a black screen, like this:
Of course, the line with “File:” is the only thing for which all this was started. We carefully remember the name of the specified file (or photograph it on a mobile phone, write it down on a piece of paper, etc.) and get our trump bootable USB flash drive with a Windows installer (or insert a similar DVD), click Reset (if available) and boot into the installer. The main thing is that we have the same version (7, 8, ...), system language and bit depth (x86 / x64) of the systems on the disk and on the installation media.
Now we need to return everything as it was before our arrival.
We select, having reached the image on the right, system recovery. We are asked which system we are going to restore:
If something is wrong, they will tell us that the installation disk does not fit the installed system. You should make sure that the selected bitness is correct (look at the presence of the folder “Program files (x86)” - if there is, then this is 64-bit axis, if not, respectively, 32-bit, although it is safer to search SysWOW64 in the folder of the axis itself, try Download the installer in another language, and maybe take another version.
It's time to lie back in the chair and watch the process.
At the end of this process, we will return to where we started from - to constantly launch the recovery system, which does not know what the problem is. If we could immediately see the name of the file that caused the problem, we would not need anything above!
Anyway, now we can only fix the problem itself, to which we have been selected for so long. Again, click "Show additional system recovery options" and select the launch of the command line. This we need only to run regedit.exe
In the Registry Editor, select the HKEY_LOCAL_MACHINE branch and in the menu select the registry hive load from the file:
In the opened dialog, we feed the SYSTEM file from the d: \ windows \ system32 \ config folder to the editor (this is a piece of the registry of the axis being restored).
We are asked for a name - we give absolutely any name, for example, "1". The bush connects and we can select it in the editor window. Now you just need to find and delete information about the file whose name we observed in white and black. Press Ctrl + f (you can even just F3) and type the same name into the search bar (you do not need to enter the path at all). When the editor finds the record, delete the entire branch (in the left part of the editor window, where the registry tree is) with this record and repeat the search (F3). When we receive the message “Search in the registry is complete” - you can wrap up: we wind the tree back to our name given to the bush (“1” for example) and unload the bush through the editor menu.
Everything, repair is finished, we reboot and we check operation of the operating system!
PS: As it should be seen from the file name, which we so easily fished out from the system - the problem is usually created by various kinds of Trojans, kindly installed by users working with the administrative account of the system, and the problem does not occur when the Trojan (or even just malware ) is installed, and then, when the beast is forced out by antivirus. The entry in the registry of the Trojan file, as "desperately needed to run," and causes Windows to loop with an attempt to restore. Therefore, in order not to get up twice - it is advisable to first scan the files with an antivirus, remove garbage Trojans from the disk, and then proceed to the described procedures - in case more than one such animal is registered in the system.
Source: https://habr.com/ru/post/276171/
All Articles