Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SMART virus


  • This topic is locked This topic is locked

#16
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
You seem to have searched for all items. Read the instructions. Each item is a command line in the Terminal Window. Also, make sure you download the Query.exe directly to the USB drive, then double click on it. That should extract the query.sh file and the chntpw folder.

Please tray again, then after running these commands, reboot back to xPUD. That usually helps to keep the files saved in the drive.
  • 0

Advertisements


#17
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I did it again, but still can only get the file find file.

Attached Files


  • 0

#18
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I tried again - I don't know what else to do.

Attached Files


  • 0

#19
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
There are drivers in two locations, mnt/sda2/Windows/System32 and mnt/sda3/Windows/System32. Browsing these locations, are you able to tell which location is the System Drive? You may be able to do so by browsing to the mnt/sda2/Users or mnt/sda3/Users and see your username.
  • 0

#20
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I don't know how to tell ... I checked mnt/sda2/Users or mnt/sda3/Users and under sda3 Heidi is a folder. That is my username.
  • 0

#21
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
I believe is sda3 also.

Seems that there is an issue with the registry. No user accounts are found. Lets take a look at what may be available as a backup.

Please delete the current filefind.txt file from the USB drive.

Boot to xPUD

  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    SAM

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    DEFAULT

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    SYSTEM

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    SECURITY

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:


    SOFTWARE

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    XBURDERWHJWA.EXE

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt

Please post the filefind.txt on your next reply.
  • 0

#22
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Attached File  filefind.txt   14.94KB   74 downloads
  • 0

#23
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
It is a little bit confusing as it looks as if you have two hard drives with a Windows installation.

Lets attempt this manually. There is no automatic way to do this throughout xPUD.

Boot to xPUD.

First browse to /mnt/sda3/ProgramData and rename the file xBuRdeRWhJWa.exe to xBuRdeRWhJWa.exe.vir

Second, browse to /mnt/sda3/Windows/System32/config and rename the file sam to sam.123

Then browse to /mnt/sda3/Windows/System32/config/RegBack, right click on the file SAM and select Copy. Browse back to /mnt/sda3/Windows/System32/config, right click on an empty space and select Paste. That should copy the file SAM from the RegBack to the config folder after being renamed.

If successful, attempt to reboot into Normal Mode and let me know the outcome.
  • 0

#24
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
When I tried to start windows normally, it looped me back to the start screen and asked if I wanted to started windows normally or repair. Then it automatically went to the repair option and then to the wondows screen with otheruser. I click on other user and go to the username and password page, which won't let me in.
  • 0

#25
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
If you select "Repair my computer" in the Advanced Menu, wouldn't that let you in? How about typing your username and password?
  • 0

Advertisements


#26
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I don't have a username and password - If I click on repair, it goes to that screen - if I click on run normal, it loops back to tht page
  • 0

#27
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
If you can't get to a command prompt throughout the Repair Console, lets try another application:

You will need a CD to burn and a flash drive to move information from the troubled computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.
  • Download OTLPEStd.exe to your desktop. NOTE: This file is 93.5MB in size so it may take some time to download.
  • Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe.The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
  • Once the CD is burned, boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in the root directory of your hard drive, usually C:\.
  • Copy this file to your USB drive.
  • Please post the contents of this file in your reply.

  • 0

#28
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
According to xPUD, your username is Heidi. Try that one. If you do not have a password, leave it in blank.
  • 0

#29
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I tried and nothing - the specified domain either does not exist or could not be contacted -
  • 0

#30
hknh

hknh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
what do I chose for windows directory after double clicking otlpe?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP