# [SOLVED] Boot critical file c:/ci.dll is corrupt



## summer_0126 (Jun 1, 2011)

I was downloading a file from the internet, about half way through the download the computer shutdown and restarted. 

On restart, the computer stated that Windows 7 could not load and started to do a startup repair, which did not succeed.

I opened Startup Repair and Diagnostics and the report log stated:

Boot critical file c:\ci.dll is corrupt.

I have tried system restore at several points and run sfc /scannow, which told me to reboot my computer, but I kept going round in a loop from there.

I would appreciate some help and guidance on this. Thank you.


----------



## pip22 (Aug 22, 2004)

*Re: Boot critical file c:/ci.dll is corrupt*

This error has been known to be caused by Windows Updates. Every reference I've read on that issue required a re-install of Windows 7 since nothing else worked.

Provided you've taken the sensible precaution of backing up your files before that happened, re-installing will not involve losing anything. Better still, if you've created a "System Image" which Windows 7 allows you to do (& which everyone should do as soon as possible after installation), restoring Windows will be even easier.


----------



## jlwu (Jun 5, 2011)

*Re: Boot critical file c:/ci.dll is corrupt*

It's likely a TDSS rootkit that neither McAfee nor Norton will detect. 
It will prevent the system from booting
It will get auto repair to go round and round
Auto repair will sometimes say its ci.dll and sometimes it will say it cant find anything wrong.
BEFORE you try to blast and reinstall or do any copying of ci.dll to various directories.

Boot withtout driver sig verification (NOT SAFE MODE), it will get you back your desktop, (YES it will boot up)
and quickly use Kaspekerkys TDSS removal tool tdsskiller.exe before the rootkit does further damage by downloading other stuff. 
Read up "How to remove malware belonging to the family Rootkit.Win32.TDSS" 
One simple step will save you hours and hours of frustration.
Good luck


----------



## summer_0126 (Jun 1, 2011)

*Re: Boot critical file c:/ci.dll is corrupt*

@jlwu ray:It worked!!!!!!!! Thank you, thank you, thank you!!!!!!!!!!ray:


----------



## Marticus12914 (Jun 10, 2011)

JLWU .... You are the shiz-nit!! I came into this forum by chance loking like a cross between this guy :sigh: and this guy :upset:. Now I look more like this guy :grin: thanks to your post. It's pretty rediculous the Microsoft EMPIRE can't include a simple fix like that in their billion dollar programs. :4-dontkno. Thank you for saving me hours.


----------



## jlwu (Jun 5, 2011)

Thank you for the kind comments.
One thing if I may add.
Once the rootkit is removed, you may want to 
1. Turn on Windows Defender and see of stuff like c:\windows\system32\drivers\etc\hosts is corrupted to take you to fake AV vendor sites.
2. install AntiMalwareBytes, boot in safe mode, and run a scan.
(AntiMalwareBytes and KAV are pretty complementary, they usually find different things)
3. install Kasperky Pure or AV2011 or just the virus remover and run it once.
Best of luck.

Too bad you are most likely not behind an Antimalware gateway like Wedge Networks BeSecure, otherwise the bot likely wouldnt have downloaded the rootkit in the first place.


----------



## Eminisc (Jun 12, 2011)

Umm hi
im new to this and my computer had the same problem c:\ci.dll is corrupted. i followed ur steps @jlwu about f8 then boot driver sig verication. i got to the desktop  yay, i dled the TDSS kit and followed the tutorial on running it, after i chose cure for the rootkit that it found, so then it told me to restart, now when i restart, it goes into a loop of even if i f8 and driver sig it tells me that windows cannot boot up because of newly installed software, so now the situation is worse than before?
can u somehow help me??


----------



## jlwu (Jun 5, 2011)

One possibility:
One of the rootkits actually corrupts/bypasses DNS by hacking c:\windows\system32\drivers\etc\hosts so it is possible what you think you downloaded from Kaspersky might be another trojan hosted on a hacker site. I hope this is not the case.

More likely:
There is more damage done to your windows install than just tdss rootkit.
It just didnt manifest itself until the reboot after your last boot up without signature verification.

Get a windows 7 boot disk and see if it will boot up and try to repair your HDD install by running a repair.

You can also boot the DVD/CD, hit SHIFT F10 and get to a command prompt and run 
sfc /offwindir=c:\windows /offbootdir=c:\ /*scannow* 
and verfiy your windows install did not get further corrupted,
then boot safe mode and see what you can disable 
in msconfig
to get the system to boot again.
Best of luck.


----------



## Eminisc (Jun 12, 2011)

where can i get a windows 7 boot disk???
and how do i run a repair my HDD?


----------



## jlwu (Jun 5, 2011)

If your PC is legit (like a dell) it should have come with a rescue / restore DVD you can boot. You dont have to blast the system and reinstall, just run a repair.
If not, and "a friend" installed the OS for you...then its probably where the virus is from.
BUT the big question is: can the system boot safe mode (f5) or no driver verif (f8)?
If not then you need to boot that DVD that came with the system and start a rescue.
TDSSkiller will not :install anything new into the PC.
Its another virus that showed itself after you fixed TDSS.


----------



## Eminisc (Jun 12, 2011)

erm, i bought the dell studio pc legit with win7 preinstalled, i cant seem to find a cd with the name of win7 boot disk, only found like drivers and utilities, applications, etc. no matter what i try i can't seem to boot it to desktop. f8 + disable driver sig doesnt work, neither does f8 + safe mode, it always redirects me to windows cannot boot up because new software has been installed.


----------



## jlwu (Jun 5, 2011)

If you had bought it from Dell instead of Ebay Ubid or TigerDirect, the machine should have come with a DVD called Operating System Already Installed On your Computer Reinstallation DVD Windows 7 XXX xx Bit.
That is what you should have, and should use to boot up the PC and attempt a repair.


----------



## f2004w (Jun 14, 2011)

*Re: Boot critical file c:/ci.dll is corrupt*



jlwu said:


> It's likely a TDSS rootkit that neither McAfee nor Norton will detect.
> It will prevent the system from booting
> It will get auto repair to go round and round
> Auto repair will sometimes say its ci.dll and sometimes it will say it cant find anything wrong.
> ...


I'm sorry that I am a little slow when it comes to computers how to boot without sig verification. And what is Kaspekerky?


----------



## mfsmith (Jun 15, 2011)

*Re: Boot critical file c:/ci.dll is corrupt*

As other people have already told you, I want to thank you very much for this assistance. I also want to thank you for being willing to share your knowledge with others!!!! You are the bomb


----------



## jlwu (Jun 5, 2011)

You are most welcome. Just glad to be of help.


----------

