Page 4 of 5 FirstFirst 12345 LastLast
Results 31 to 40 of 46

Thread: Virtumonde

  1. #31
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    I mean that change boot order from BIOS in a way that cd/dvd drive is first, insert CD and reboot.

    Tell me if you are able to boot that way.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  2. #32
    Junior Member
    Join Date
    Oct 2008
    Posts
    26

    Default

    Using the Windows CD? I can do that using the Kubuntu CD, but not with the Windows CD. The Windows CD takes me to Windows Setup, which is what I've been doing all this time (trying to use system restore and repair console).

  3. #33
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    I see.

    Let's then try this.

    Using kubuntu CD please backup these hives (in c:\windows\system32\config; copy them to some other folder which you can find easily later if needed):

    security
    system
    software
    sam
    default

    Then copy same hives from C:\Windows\repair to c:\windows\system32\config folder and choose yes if asked for overwrite.

    Try to reboot without any CD and let me know how it went.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  4. #34
    Junior Member
    Join Date
    Oct 2008
    Posts
    26

    Default

    The computer looked like it was going to start but then restarted. I think it's still getting the BSOD but is restarting instead of showing it due to settings reset. I noticed something interesting though. The BSOD produced by my computer is the same BSOD used by some programs to force reboot when trying to remove Vundo/Virtumonde. Perhaps the ComboFix restart flag is still in effect?

  5. #35
    Junior Member
    Join Date
    Oct 2008
    Posts
    26

    Default

    HOWEVER, it seems that somehow my sam file got deleted and moving the backup sam over seems to have fixed this as the recovery console now asks for a password. I can log in. I'm going to try what you suggested to do earlier in the recovery console.

  6. #36
    Junior Member
    Join Date
    Oct 2008
    Posts
    26

    Default

    Ugh. Still getting Access is denied when I try to batch erdnt.con. I'm going to examine the contents of erdnt.con in Kubuntu and see if it's something I can do manually.

  7. #37
    Junior Member
    Join Date
    Oct 2008
    Posts
    26

    Default

    Hahah looking at the contents of ERDNT.CON, that's what we just did with the config folder, isn't it?

  8. #38
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Actually it is not 100% same as backup isn't the same. That one restores registry backup taken by ComboFix and we restored registry backup taken by Windows.

    So can you now log in normally to windows or just to recovery console?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #39
    Junior Member
    Join Date
    Oct 2008
    Posts
    26

    Default

    Just recovery console. But some things are still not accessible for some reason.

  10. #40
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    I do a bit research next.

    In the meanwhile I suggest that you backup most important files etc. via Kubuntu just in case that we can't restore ability to boot.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •