Hi,
Do you get any better results if you run these commands in recovery console:
cd erdnt\hiv-backup
batch erdnt.con
exit
Hi,
Do you get any better results if you run these commands in recovery console:
cd erdnt\hiv-backup
batch erdnt.con
exit
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi Blade,
Thank you for your continuing assistance! Not only does my computer appear to be highly infected, but you must feel like you're leading a blind man!
From recovery console, I ran
cd erdnt\hiv-backup
batch erdnt.con
exit
SAME BLUE SCREEN
I don't know if this will help you but...
After the "exit", I'm automatically returned to the recovery console for the restart...
If I wait for the 30 sec countdown timer, or choose Start Windows Normally, I immediately get the same blue screen which consistently displays the following... TECHNICAL INFO
STOP: 0x0000007B (0xF79FA528, 0xC0000034, 0x00000000, 0x00000000)
If I choose Start in Safe Mode, it first starts loading a bunch of drivers before the Blue Screen... I've watched this carefully many times now and the Blue Screen appears just after loading ".... C\Windows\system32\Mup.sys
Is this info any help to you?
Hi,
Error code indicates problem with hard drive controller loading. Please enter recovery console mode again and run following commands:
cd\
cd c:\qoobox\quarantine\c\windows\system32\drivers
dir
You should see a list of items there. Check if pciide.sys.vir file (or any with ide in its name) is listed there and let me know about the results.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Now In trying to enter the Recovery Console... as I did before...
After entering the #1 to select the only recovery console option...
1: c\WINDOWS
Instead of going to the C|WINDOWS>_ prompt
I get "Type the administrator Password:__"
Simply pressing enter displays...
"The Password is Not Valid. Please retype the Password."
I've never setup an administrator password on this computer and this is the first time I've been asked for a password to get to the recovery console command prompt.
I still hope you can help!
I've never seen similar case with recovery console first not asking and then on other attempt asking for admin password. See if administrator or admin (with first letter capitalized or not) works.
Do you have Windows XP Professional installation media around?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi Blade,
Sorry for the delay in getting back to you. I had Sunday morning activities to attend. I did include you and my infected computer in my prayers.
I tried the passwords.. "Administrator, administrator, Admin, & admin"
All invalid!
Do you think the second set of ERDNT commands...
cd erdnt\hiv-backup
batch erdnt.con
exit
...might have set an administrator password? The password request appeared just after running these commands???
Or perhaps, the infection (after a set period of time or actions) took admin control? I'm just guessing here.
I do remember that way back in this process... before running any of the initial ERUNT OR HJT scans... when I could still boot to Windows XP SAFE mode... I was once asked... while starting up to SAFE MODE... "What user account to log on to": The choices were: ADMINISTRATOR or Tom McNeal (my name). This surprised me back then because I had never setup any Administrator Account or Passwords on this machine. AT that time I did try choosing Administrator and when prompted for a password... I simply pressed enter. This was invalid and so next selected my name as the User account and booted to safe mode.
I'm sure I have the Windows XP CD (that came with this computer from DELL) but i will have to do some digging to find it. Does your question mean we will need to re-format the hard drive and re-install XP??? OR, do you have other ideas to try with the XP CD?
I look forward to your reply.
Tom
Hi Tom,
That's something I was wondering too. But both this and the backup we restored earlier should be similar ones.Do you think the second set of ERDNT commands...
cd erdnt\hiv-backup
batch erdnt.con
exit
...might have set an administrator password? The password request appeared just after running these commands???
I was thinking about running recovery console from XP Professional media. It might be possible to run that way without password prompt.I'm sure I have the Windows XP CD (that came with this computer from DELL) but i will have to do some digging to find it. Does your question mean we will need to re-format the hard drive and re-install XP??? OR, do you have other ideas to try with the XP CD?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
I am chatting now with DELL support about getting a WIN XP PRO replacement CD in case I cannot find the one that came with the computer.
That's something I was wondering too. But both this and the backup we restored earlier should be similar ones.
The first ERUNT BACK UP Copied 9 Files before returning to the prompt for EXIT.
The second time 10 Files were copied before the prompt for EXIT.
Maybe there was an administartor entry in the 10th file copied.
I was thinking about running recovery console from XP Professional media. It might be possible to run that way without password prompt.
Would this need to be the same XP CD that came with this particular machine? Or will any Win XP Pro CD work for this.
Hi Blade,
I have found my original Dell licensed Windows XP Pro Reinstall CD but I am not sure if this will help us if we can't get into the Recovery Console anyway without entering a correct Administrator Password.
Another problem might be that the original Dell XP install CD is XP Pro SP1. SP2 and then SP3 were later installed on the problem machine via Microsoft Updates. I remember reading in the ComboFix Instructions that it would install different versions of the Restore Console depending on whether it found SP1 or SP2 / SP3 on the machine.
I do have another newer Dell machine and also found the XP Pro SP3 install CD for that machine too. But even so, don't you think we'll still have the same problem getting to the Recovery Console Command Prompt without the correct Administrator password. I should also note that this newer Dell machine uses the NTFS file system whereas I think the problem machine uses the FAT32 file system. I don't know if this would cause a problem?
I do have another theory but cannot check it out until I can get into the Recovery Console or get to a command prompt some other way. Perhaps a Bootable CD? I'm thinking I may have specified a folder other than C:\Windows\erdnt for my ERUNT Registry backup. I think I may have specified c:\Windows\erdnt_A instead; thinking I may wish to create another backup later in C:\Windows\erdnt_B. But I can't remember for sure if I did this or not and cannot check without getting back in to the Recovery Console. If I did save my backup in C:\Windows\erdnt_A, and ran the restore mistakenly from C:\Windows\erdnt, could this have created the Password problem I'm having now?
I've re-read the ERUNT instructions and emailed Lars Hederer to ask if he might know what's going on. I will let you know what he thinks if and when he replies.
Any ideas or suggestions you may have will be much appreciated.
Tom