Page 4 of 13 FirstFirst 12345678 ... LastLast
Results 31 to 40 of 123

Thread: Virtumonde-New Thread-As Per request

  1. #31
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    I do have another newer Dell machine and also found the XP Pro SP3 install CD for that machine too.
    That cd can be used assuming it's real install cd and not just for recovering.

    1. Insert the Windows XP startup disk into the floppy disk drive, or insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.

    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
    2. When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
    3. If you have a dual-boot or multiple-boot computer, select the installation that you must access from the Recovery Console.

    See if that lets you access command prompt of recovery console. If yes, try these commands here to check requested things.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  2. #32
    Member
    Join Date
    Nov 2009
    Posts
    70

    Default

    Blade said...
    That cd can be used assuming it's real install cd and not just for recovering.
    1. Insert the Windows XP startup disk into the floppy disk drive, or insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.


    This CD is labeled "Reinstallation CD, MS Windows XP Professional, SP3"
    "This software id already installed on your computer. Use this media only to reinstall the operating system on a Dell computer."

    Blade said...
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

    I think I may have to do this first.... I.E. Hit F2 when first starting to enter the Dell System Setup. Then set up boot priority making the CD # 1 instead of floppy. Then restart machine with the CD in the machine. Do you agree?

    Tom

  3. #33
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    I think I may have to do this first.... I.E. Hit F2 when first starting to enter the Dell System Setup. Then set up boot priority making the CD # 1 instead of floppy. Then restart machine with the CD in the machine. Do you agree?
    Floppy can be with higher priority than CD. Just ensure that CD priority is higher than hard drive's.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #34
    Member
    Join Date
    Nov 2009
    Posts
    70

    Default tried the CD

    I changed setup to boot from the CD, then restarted. The cd loaded a bunch of drivers and then asked to press R for Recovery console. That let me choose Recovery Console as before but PASSWORD STILL REQUIRED.

    There was another option when booting from the CD... Press F2 for ASR (Dells?) Automatic system recovery. Do you think I should try that?

  5. #35
    Member
    Join Date
    Nov 2009
    Posts
    70

    Default What do you think?

    And...
    Quote Originally Posted by TomZT View Post
    Hi Blade,

    I do have another theory but cannot check it out until I can get into the Recovery Console or get to a command prompt some other way. Perhaps a Bootable CD? I'm thinking I may have specified a folder other than C:\Windows\erdnt for my ERUNT Registry backup. I think I may have specified c:\Windows\erdnt_A instead; thinking I may wish to create another backup later in C:\Windows\erdnt_B. But I can't remember for sure if I did this or not and cannot check without getting back in to the Recovery Console. If I did save my backup in C:\Windows\erdnt_A, and ran the restore mistakenly from C:\Windows\erdnt, could this have created the Password problem I'm having now?
    Any thoughts on this???

  6. #36
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Don't try automatic system recovery. We can still try to create a boot cd and start system with it. I'm currently at work but will get back with new instructions later. Is that ok?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #37
    Member
    Join Date
    Nov 2009
    Posts
    70

    Default

    Quote Originally Posted by Blade81 View Post
    Hi,

    Don't try automatic system recovery. We can still try to create a boot cd and start system with it. I'm currently at work but will get back with new instructions later. Is that ok?
    That's fine Blade! I've had a long day... 12:30 AM here. I'll get a little sleep and check back in. When you have time, can you give me instructions or a link as to how to create a Bootable CD?

    Hopefully one that will get us to a command prompt????
    Thanks agin for sticking with me! I appreciate your help.
    Tom

  8. #38
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Instructions for creating UBCD can be found here. We'll use that later then.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #39
    Member
    Join Date
    Nov 2009
    Posts
    70

    Default Ubcd

    Hi Blade,

    I hope you had a good day! Thanks again for your help!

    I have downloaded the UBCD4Win tool and read the instructions. Before creating the UBCD, I have a couple of questions... to make sure I'm doing this right and cause no further problems!

    1. The problem computer (Computer 1) is WIN XP PRO SP3 (came with SP1 then updated later with SP2 and SP3) The UBCD instructions require using a WINDOWS XP CD "with at least SP1 (SP2 highly recommended)". The UBCD instructions do not mention SP3 at all. Should I still use the Dell Windows XP PRO SP3 installation CD to build the UBCD?

    2. As you know, I am using two other machines (Computer 2 & 3 - which still appear to healthy) to access the internet, post on the forum, and download these tools on. Since I've been on the MalwareForum trying to remove the infection, I have not had the problem machine connected to my home network at the same time as any of my other machines are connected to my network. I did however, immediately after the original infection, reach across the network from one of the other machines (Computer 3) to copy a folder with some important files on the infected computer. Repeated scans on Computers 2 & 3 with AVG 8.5 and SpyBot 1.6.2 reveal "No Threats Detected" except a few "Warnings" (identified as tracking cookies) which were all reported to be succesfully removed or healed.

    Early this morning when using Computer 3 to copy my Dell Win XP PRO SP3 Installation CD to my hard drive as recommended in the UBCD instructions... When I removed the Win XP CD from the drive, I got the following warning...

    TITLE BAR: DVD-RAM DRIVE (D
    MESSAGE: M:\ refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the internet or your network, and then try again. If it still cannot be located, the information might have been moved to a different location.
    OK BUTTON


    I saw a similar warning yesterday morning which apparently had popped up over the night before. Drive M: is the C: drive on the infected machine as mapped on Computer 3. I am now suspicious that "something bad" might be happening on Computer 3 because I never asked to access Drive M:. Also when I received the first of these warnings yesterday, I went into Windows Explorer and "Disconnected Network Drive M:. After refreshing the explorer screen, the mapped Drive M: disappeared from the folder tree. After this morning's warning, I looked again and Drive M: has re-appeared in the Explorer folder tree, but DOES NOT appear in the Tools> Disconnect Network Drive Window. Do you think there might be something bad on Computer 3 that is trying to access Drive M: and copy malware files from the infected computer?

    Or, am I just getting too paranoid now and there's some other harmless explanation for these warnings?

    I look forward to your reply.
    Tom

  10. #40
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    1. Yes, you can use Win XP Pro SP3 media.
    2. I wouldn't be worried. Especially, if there're not any clear symptoms there.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •