Thanks Blade,
I will prepare the boot CD and let you know when I am ready!
Tom
Thanks Blade,
I will prepare the boot CD and let you know when I am ready!
Tom
Hi Blade,
I am having some problems creating the UBCD (errors and warnings during the build). Apparently there are a few known snags and fixes needed when using a Dell XP CD as the build source. I'm getting some help over on the UBCD4WIN forum and will post back here when I get these problems straightened out. I hope you're enjoying the time off! <BG>
Tom
Ok. Do you have some friend with non-Dell Win XP Pro SP2 (or 3) media to borrow if creating with Dell version fails (better wait what they on UBCD forum say though)?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Good morning Blade,
Yep! I can probably get my hands on a MS XP CD if I don't get the Dell CD to work. I thought it was worth fiddling around with a bit since the machine I'm trying to fix is a Dell too. I'll be back!
Have a great day! I'm going to bed!
Tom
Hello Blade!
I finally have some good news to report. In fact I have GREAT news to report. I successfully created a UBCD Boot CD. After spending a lot of time and a lot of tries, I eventually gave up on using the DELL XP CD as the build source for the boot CD... too many problems in getting that to work. As you suggested, I borrowed a friend's MS XP CD to use as the source and the CD image file was created successfully on my first attempt. I don't know how familiar you are with the UBCD4WIN program but all I can say is "UBCD4WIN ROCKS!"
I can now start the problem machine from the CD and can access MyComputer, get to all the folders and files on the hard drive, with no passwords, and no more Blue Screens. The boot disk also includes a number of Plugins which make available a number of built in tools and utilities like ERUNT, HJT. etc. For the first time in two weeks now, I really feel like we may get this computer cleaned up and running again without formatting the drive and starting from scratch.
I also verified what I think probably caused the problem we had when we tried the ERUNT restore. As I mentioned in a previous post. I did in fact save my original ERUNT registry backup in a subfolder folder named 11_17_09_A, thinking I may want to try another backup later that day and save it in a folder like 11-17_09_B. So when we restored from C:Windows\erdnt\subs and then on the second try C:\Windows\erdnt\hiv-subs, we probably restored something other than my backup. I'm guessing we may have restored an ERUNT sample registry (with an Administrator Password) which normally would have been overwritten by my own backup had I put it in the right folder. Does this make sense?
I am ready to proceed again with your guidance and do look forward to your next reply!
Also, if you wouldn't mind... Can you explain why, when we first started out, we didn't begin by doing a regular Window System Restore to a point prior to the date of infection? I've been wondering about that all along.
Tom
Good to hear that you got the media created
It's probably correct one. Anyway, we may give one of those another try if needed.I also verified what I think probably caused the problem we had when we tried the ERUNT restore. As I mentioned in a previous post. I did in fact save my original ERUNT registry backup in a subfolder folder named 11_17_09_A, thinking I may want to try another backup later that day and save it in a folder like 11-17_09_B. So when we restored from C:Windows\erdnt\subs and then on the second try C:\Windows\erdnt\hiv-subs, we probably restored something other than my backup. I'm guessing we may have restored an ERUNT sample registry (with an Administrator Password) which normally would have been overwritten by my own backup had I put it in the right folder. Does this make sense?
We didn't restore to older point cos those seldom work. Usually infection has rendered them useless and symptoms won't disappear.Can you explain why, when we first started out, we didn't begin by doing a regular Window System Restore to a point prior to the date of infection?
Now that you have access to hard drive contents could you check c:\qoobox\quarantine\c\windows\system32\drivers folder to see if there's pciide.sys.vir file there?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi Blade,
Yep! I checked that folder for the file (pciide.sys.vir) and it is there.
There is also another file there too (fad.sys.vir).
Blade...
In checking other c:\qooboxquarentine/...subfolders, I see quite a few files with the ."vir" extension.
Tom
Hi
Click start->run->type cmd.exe and enter to access command prompt. Then type following command there:
Verify that output says 1 file(s) copied and if it does, reboot the system and see if it can start normally now.Code:copy /y c:\qoobox\quarantine\c\windows\system32\drivers\pciide.sys.vir c:\windows\system32\drivers\pciide.sys
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
That's normal. There are real bad items deleted tooIn checking other c:\qooboxquarentine/...subfolders, I see quite a few files with the ."vir" extension.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.