Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lots of problems with Windows XP


  • Please log in to reply

#1
Soad342

Soad342

    Member

  • Member
  • PipPip
  • 19 posts
Hey guys. I was told to make a post in here. Please refer to the http://www.geekstogo...51#entry1139851 thread to see what we did. I'm pretty sure we removed the virus, but it edited some registry keys

I had the VBS/Ritart.worm virus, but thankfully the Malware guys (Rorschach112) helped me get rid of most if not all of it Please read http://vil.mcafeesec...nt/v_143930.htm to see some specific stuff on what registry the virus edited

Basically, my problems are:
I can't open Regedit, CMD, MSConfig, a few other important EXE programs (above link lists more if you read the edited registry).....but espeically can't run and "Setup.exe" or "Install.exe" (which is a real pain) programs.
The Virus had originally created tons (about 13,000) .VBS files that were disguised as MSWORD Docs. Through Virusscans, I got most of those out. In my Start Menu, "Run" and "Search" were missing, and "Folder Options" in the CP was missing. By using a registry cleaner, I was able to restore the Run and Folder Options icons.
My boot.ini file is blank, and during the reboot process A black screen appears that reads "Invalid boot.ini file, Booting from c:/ or something along those lines.
When I log on, I get two Notepad popups that reads [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
Now, MSWORD seems to be gone from my computer (but I think this has something to do with a registry cleaner I had run "RRT.exe"

Sorry for the long list of problems. I've run tons of different malware tests, but I'll run anything you guys would need in order to help me. I'm no tech or anything, but I just imagine that I'd have fix those registrys and somehow fix my boot.ini.


Thanks guys
  • 0

Advertisements


#2
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
Try this fix from the Doug Knox web site: EXE FIle Association Fix
  • 0

#3
Soad342

Soad342

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Which fix would I download? I imagine the Regedit, but I'm pretty sure I was having trouble opening some BAT files. Thanks
  • 0

#4
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
Ummmm, how about EXE File Association fix, you know, the one I posted the link to :)

If you are having problems with batch files, give the Batch file association fix a try also.

Edited by Ztruker, 24 January 2008 - 04:35 PM.

  • 0

#5
Soad342

Soad342

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks, but I can't open either. Since its a registry thing, windows says "windows cannot find the regedit.exe" I see what he said about pressing CTRL, ALT, DELETE to work around this, but the virus disabled this as well.
  • 0

#6
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
Okay, do you have a XP CD? If yes, put the XP CD in the CD drive then click on Start then Run, type sfc /scannow and press Enter.

This can take awhile to run. It will check all critical system files to see if they are missing or damaged and replace as needed.

If that doesn't fix your problem then I would suggest doing a Repair Install. This won't mess with your data but you will have to reinstall some software, especially AV and firewall.
  • 0

#7
Soad342

Soad342

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
thanks for the reply man. I ran sfc /scannow, and that little pop up box came up for a minute or so, then randomly closed. Now when I re-tried, CMD flashed for a split second, but that little box doesn't come up anymore. Also, what I got with my computer was a "Windows XP Service Pack 1 Recovery" but I now have SP2 installed..so I'm wondering if a repair install would work.
  • 0

#8
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
You need to create a new XP CD slipstreamed with SP2. Not hard to do, just takes a little time. Directions follow:

The simplest way to create a Bootable Windows XP Pro or Home Installation CD Slipstreamed with SP2 is to use Autostreamer. You point to your XP Pro/Home CD, the SP2 Service Pack .exe file, give it a path to write the .iso file to and off it goes. In 5 or 10 minutes you have a .iso file that you can burn to CD with almost any CD burner program you want to use. I used Roxio 7. There is a good freeware burner called DeepBurner which will do this also.

Here is the link to Autostreamer:
http://www.softpedia...ostreamer.shtml

You can download the SP2 .exe here:
http://www.microsoft...;displaylang=en

An excellent alternative is nLite. It allows you to merge SP1/SP2/Windows Updates into a new XP CD image that you can install from. Takes a bit of fiddling with but worth the effort since it also allows you to pre-answer all the questions asked during install so all you have to do is boot the new CD, select where you want to install, format or not and go to lunch. When you come back the install is finished and your are at the latest Service Pack and Update level. See here:
http://www.nliteos.com/

Use this site to get the MS updates:
http://www.softwarepatch.com/windows/

You can also get updates from an MS site but it takes more work:
http://windowsxp.mvp...saveupdates.htm

  • 0

#9
The Skeptic

The Skeptic

    Trusted Tech

  • Technician
  • 4,075 posts
If the original installation was with sp1 then you shouldn't have any problem repairing with your sp1 disk. In the process you will lose sp2 and all other windows updates, meaning that you will have to re-update.
  • 0

#10
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
Checked with Skeptic and he was referring to doing a Repair install and SP2 does not matter there.

It won't work with SFC though so you do need to do the slipstream if you want to run it.
  • 0

#11
Soad342

Soad342

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey guys thanks for the help so far, sorry.........but I'm confused at the part where it says "give it a path to write the .iso file to and off it goes" sorry. I understand the rest though.
  • 0

#12
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
One of the things you need to do when using Autostreamer is fill in the path (like d:\temp or c:\documents and settings\youruserid\isowork, etc.), where you want Autostreamer to create the iso file on your hard drive.

It will be obvious when you start Autostreamer.

Edit: Or maybe not so obvious. Autostreamer will not create a bootable CD directly. It creates a .iso file that can then be used to make the bootable CD.

Edited by Ztruker, 26 January 2008 - 09:05 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP