Hi there. I’m at work right now, so I won’t be able to try the recovery mode until after 6pm CST this evening. I’m not sure what you’re referring to about my configuration, but I have Windows XP Pro-Service pack 1. I didn’t go to Service pack 2, because I thought it could create problems. I never had the check_LSA7 text file before showing with other folders on my C (hard) drive, and when I right clicked and checked properties, it was created in September 2007, so I suspected it was part of the virus. I purchased my computer in 2004, and the majority (if not all) of my system files have 2004 creation dates. I could not delete, nor could I read the check_LSA7 text file before using Combo fix and No Lop, because I received the message “In use by another program or user…” I suspect my problems of rebooting started happening, either when I did the registry fix, or possibly when I deleted the check_LSA7 text file. I deleted the check_LSA7 text file and did the registry fix all at the same time within a couple minutes, before trying to reboot again. Also, I did reverse the process and hide the operating system files with the 2 or 3 checkboxes like you had suggested. Thanks.
Virtumonde or other nasty virus
- Thread starter Motoman
- Start date
ken545
Emeritus-Security Expert
Another thing to try.
Restore from Erunt Backups via Recovery Console
If Windows will not load, the user will need to boot from the Windows Install disc. The erunt backups can then be accessed via the Recovery Console.
If the user does not have a Windows Install disc, they can create a bootable disc. The simplest way is to download & burn this onto a cd > http://www.atribune.org/downloads/rc.iso
1. Insert Windows Install disc to boot from CD.
2. Press any key on the keyboard when prompted.
3. Press R to load the Recovery Console.
4. Enter your password when prompted.
5. You must enter which Windows installation to log onto. Type 1 and press enter.
6. At the C:\Windows prompt, type the following bolded text, and press Enter:
cd erdnt\subs
7. At the next prompt, type the following bolded text, and press Enter:
batch erdnt.con
8. The erunt backups will begin copying.
9. At the next prompt, type the following bolded text, and press Enter:
exit
Windows will now begin loading
Restore from Erunt Backups via Recovery Console
If Windows will not load, the user will need to boot from the Windows Install disc. The erunt backups can then be accessed via the Recovery Console.
If the user does not have a Windows Install disc, they can create a bootable disc. The simplest way is to download & burn this onto a cd > http://www.atribune.org/downloads/rc.iso
1. Insert Windows Install disc to boot from CD.
2. Press any key on the keyboard when prompted.
3. Press R to load the Recovery Console.
4. Enter your password when prompted.
5. You must enter which Windows installation to log onto. Type 1 and press enter.
6. At the C:\Windows prompt, type the following bolded text, and press Enter:
cd erdnt\subs
7. At the next prompt, type the following bolded text, and press Enter:
batch erdnt.con
8. The erunt backups will begin copying.
9. At the next prompt, type the following bolded text, and press Enter:
exit
Windows will now begin loading
ken545
Emeritus-Security Expert
Motoman,
You had the Vundo trojan that embedded it self in that registry key, I would like you to post here, they are windows experts and will get you back up and running.
Windows Helpnet This forum is free and one of the better ones on the internet for windows problems. Post in the Windows XP forum.
Tell them in the process of removing the Vundo trojan, you now have this error
“lsass.exe-system error object not found”.
You had the Vundo trojan that embedded it self in that registry key, I would like you to post here, they are windows experts and will get you back up and running.
Windows Helpnet This forum is free and one of the better ones on the internet for windows problems. Post in the Windows XP forum.
Tell them in the process of removing the Vundo trojan, you now have this error
“lsass.exe-system error object not found”.
