[SweetTech]

This isn't working out like I had hoped it would. Lets try a different method using the Recovery Console. You may want to print out these instructions, as you will not have access to them from the infected computer, while being in the Recovery Console.

Please Note: You will need your Windows XP disc to perform the next set of instructions below.

NOTE:

If you have any questions while being in the Recovery Console please STOP and ask me for clarification before you continue.

Insert the Windows XP CD into your computer and then restart your computer.
Press 'R' to enter the Recovery Console.

The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.

You will need to enter the administrator password. If a password was not set then leave the password field blank and press Enter.

From the Command Prompt please type the following lines, one at a time, hit the Enter key after each line.

set allowallpaths = true

At the next prompt type the following bolded text, and press Enter:
Note: (If your CD drive is not D - change it to the appropriate letter)

expand d:\i386\winlogon.ex_ c:\winlogon.exe

At the next prompt type the following bolded text, and press Enter:

copy c:\winlogon.exe c:\windows\system32\winlogon.exe

The command should then show 1 file(s) copied.

At the next prompt type the following bolded text, and press Enter:

expand d:\i386\explorer.ex_ c:\explorer.exe

At the next prompt type the following bolded text, and press Enter:

copy c:\explorer.exe c:\windows\explorer.exe

The command should then show 1 file(s) copied.

At the next prompt type the following bolded text, and press Enter:

exit

Windows will now begin loading. Please run a new scan with ComboFix.

[Advertisements]

Still not working. When I entered the first command, it said it couldn't create the file. On the second one, it said file not found.

[jtjag]

Still not working. When I entered the first command, it said it couldn't create the file. On the second one, it said file not found.

[jtjag]

Still not working. When I entered the first command, it said it couldn't create the file. On the second one, it said file not found.

[SweetTech]

What does the line before the blinking cursor say?

[jtjag]

In recovery console? The prompt is c:\windows>

[SweetTech]

Hello,

Not sure why this is giving us so much trouble. I've created a text file for you, and have attached it to this post. Please download it, and save it to your C:\ drive.

 Fix.txt   357bytes   140 downloads

Please Note: You will need your Windows XP disc to perform the next set of instructions below.

NOTE:

If you have any questions while being in the Recovery Console please STOP and ask me for clarification before you continue.

Insert the Windows XP CD into your computer and then restart your computer.
Press 'R' to enter the Recovery Console.

The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.

You will need to enter the administrator password. If a password was not set then leave the password field blank and press Enter.

From the Command Prompt please type the following command, hit the Enter key after.

batch c:\Fix.txt c:\Results.txt

Windows will now begin loading. Please post the contents of C:\Results.txt

[SweetTech]

Please be sure you see my post above.

[jtjag]

My cd drive is F:. Will the txt file need to be altered for that?

[SweetTech]

Yes, it will.

Let me update it.

[SweetTech]

Okay, I've updated the file. Please delete the copy you downloaded, and re-download a new copy from my previous post.

[jtjag]

I entered the command and hit enter. It just gave me a new prompt with c:\window\system. I typed exit and enter to restart. Now it's just cycling. I get to the windows splash screen with the loading bar at the bottom, then the computer restarts. It just does it over and over.

[SweetTech]

Hello,

Please do the following:

SFC ScanNow

Please follow my previous instructions for entering the Recovery Console.

You will want to type the following command followed by hitting ENTER:

sfc /scannow

Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files.

Please post back when it has finished letting me know what it has reported.

Let me know if that allows you to get back into Windows.

More info on this process can be found here.

[jtjag]

I typed the command and hit enter. It says "The command is not recognized Type HELP for a list of supported commands."

[SweetTech]

Hello,

Sorry about that.

Lets try this:

Go back into the Recovery Console (RC)

Type in the following ensuring you hit ENTER after each:

copy c:\explorer.exe c:\windows\explorer.exe
copy c:\winlogon.exe c:\windows\system32\winlogon.exe

Then ENTER in:

Exit


Are you able to get into Windows now?

[jtjag]

After typing the command and hitting enter, it says "The system cannot find the file specified."