It only saw "C". I'm running a repair on it now.
Challenging Rootkit
Started by
rootkits-r-evil
, Aug 20 2011 04:03 PM
#151
Posted 23 August 2011 - 12:25 AM
It only saw "C". I'm running a repair on it now.
#152
Posted 23 August 2011 - 12:41 AM
Didn't work. :-(
Got all the way to the end, went to the next screen, kept going, and suddenly a box popped up...
"The file asms on windows home edition service pack 2 is needed.
type the path where the file is located and then click ok"
in the box was "global root\device\cdrom0\1386" already.
------------------------------------------------------------
Click OK, nothing. The other choice was "C", I didn't press that, I pressed "Cancel", and that was it. It stopped.
Got all the way to the end, went to the next screen, kept going, and suddenly a box popped up...
"The file asms on windows home edition service pack 2 is needed.
type the path where the file is located and then click ok"
in the box was "global root\device\cdrom0\1386" already.
------------------------------------------------------------
Click OK, nothing. The other choice was "C", I didn't press that, I pressed "Cancel", and that was it. It stopped.
#153
Posted 23 August 2011 - 12:42 AM
Oh wait- I had taken out the CD. Duh. Start over....
#154
Posted 23 August 2011 - 12:43 AM
That was dumb but it's 2:43 on the East Coast...
so I am forgiven.
so I am forgiven.
#155
Posted 23 August 2011 - 03:00 AM
Wow!
Let me say it again- Wow!
Where did I go? You ask. All of a sudden I disappeared on you.
Go ahead and guess what happened. Go ahead.
Nope. Wrong.
I was working on that problem....
and all of a sudden on the "good" machine I started getting fake avs popups. Oh, yeah. THIS machine got some malware.
I saw task manager was greyed out. So I did the smart thing- I shut off my modem. that way it couldn't download more crap.
It did some nasty stuff- hid all my files, shut off task manager. All kinds of stuff. My big fear was that it was the same nasty virus. but it wasn't it was a run of the mill malware.
when I got back and running,I deleted malwarebytes, and re-installed it then I ran it. All kinds of nasty stuff.
Here,,,,,
take a look.
Can you believe it? Wow. I hit the jackpot this week.
I got rid of all of it. I'm clean. On this machine.
Let me say it again- Wow!
Where did I go? You ask. All of a sudden I disappeared on you.
Go ahead and guess what happened. Go ahead.
Nope. Wrong.
I was working on that problem....
and all of a sudden on the "good" machine I started getting fake avs popups. Oh, yeah. THIS machine got some malware.
I saw task manager was greyed out. So I did the smart thing- I shut off my modem. that way it couldn't download more crap.
It did some nasty stuff- hid all my files, shut off task manager. All kinds of stuff. My big fear was that it was the same nasty virus. but it wasn't it was a run of the mill malware.
when I got back and running,I deleted malwarebytes, and re-installed it then I ran it. All kinds of nasty stuff.
Here,,,,,
take a look.
Can you believe it? Wow. I hit the jackpot this week.
I got rid of all of it. I'm clean. On this machine.
#156
Posted 23 August 2011 - 03:02 AM
But the one we have been trying to fix? It's TOAST. That was a bad idea to run that disk. Now it is stuck in a loop. Keeps giving me the error code that it needs a file to reinstall XP. Can't boot. Not in safe mode- nothing. TOAST.
Any ideas?
I need to get some sleep.
Any ideas?
I need to get some sleep.
#157
Posted 23 August 2011 - 08:11 AM
Delete the hidden partition, repair windows again.
#158
Posted 23 August 2011 - 09:54 AM
I knew you would come up with a good answer. :-)
What do I do next?
What do I do next?
#159
Posted 23 August 2011 - 01:49 PM
Go into Recovery Console. Select C:\
Then type (with an Enter at the end):
diskpart
select partition 3
(Make sure you are at partition 3 before going on. It should say: Partition 3 is now the selected partition.)
delete partition
(If this is nothing more than a DELL hidden recovery partition then it may balk and refuse to remove it. There should be an error in this case. )
Boot into the XP disk and run a repair install again. This time leave the CD in until it tells you to remove it.
I have decided that the change we made to boot.ini was a mistake. It appears that they are no longer numbering the partitions starting with 0 like they used to. So go ahead and boot into the one that doesn't say Good if you get the chance.
Ron
Then type (with an Enter at the end):
diskpart
select partition 3
(Make sure you are at partition 3 before going on. It should say: Partition 3 is now the selected partition.)
delete partition
(If this is nothing more than a DELL hidden recovery partition then it may balk and refuse to remove it. There should be an error in this case. )
Boot into the XP disk and run a repair install again. This time leave the CD in until it tells you to remove it.
I have decided that the change we made to boot.ini was a mistake. It appears that they are no longer numbering the partitions starting with 0 like they used to. So go ahead and boot into the one that doesn't say Good if you get the chance.
Ron
#160
Posted 23 August 2011 - 01:51 PM
"Go into Recovery Console. Select C:\"
It won't let me. It gave me an error code when I tried. Same with "E". But I'll try again right now, that was last night and I was very tired as you can imagine. :-)
It won't let me. It gave me an error code when I tried. Same with "E". But I'll try again right now, that was last night and I was very tired as you can imagine. :-)
#161
Posted 23 August 2011 - 01:54 PM
Actually I think you had to type a 1 didn't you?
#162
Posted 23 August 2011 - 01:58 PM
No matter what, it boots into a bluescreen that says, "Setup is being restarted..."
Then it tries to setup with what was loaded from the Windows disk. Then it comes to the place where a box pops up saying it needs a file to continue, that it can't find the file, and to tell it where to look. A location on the disk is in the window already, or there is a menu that lets you choose "C". If I hit "continue" with either choice seleted it says, sorry, can't continue, shuts down, then starts over again in an endless loop.
I am going to try real hard to stop it from going into the bluescreen on boot, because when the black boot menue screen comes up, you get like half a second. (I loved you trick of changing that to ten seconds, but of course that's gone now.)
I think I managed to do that last night, but it won't let me go into recovery console. I know it wouldn't let me roll it back to an earlier time, but let me try again,..
Then it tries to setup with what was loaded from the Windows disk. Then it comes to the place where a box pops up saying it needs a file to continue, that it can't find the file, and to tell it where to look. A location on the disk is in the window already, or there is a menu that lets you choose "C". If I hit "continue" with either choice seleted it says, sorry, can't continue, shuts down, then starts over again in an endless loop.
I am going to try real hard to stop it from going into the bluescreen on boot, because when the black boot menue screen comes up, you get like half a second. (I loved you trick of changing that to ten seconds, but of course that's gone now.)
I think I managed to do that last night, but it won't let me go into recovery console. I know it wouldn't let me roll it back to an earlier time, but let me try again,..
#163
Posted 23 August 2011 - 02:21 PM
Here is what it looks like when it wants the file it can't get and starts the loop again.
In any event...
"Actually I think you had to type a 1 didn't you?"
Right. 1 for "C", 2 for "E".
Turns out last night what I was trying was to get into a restore console.
I got mixed up. When I hit 1 for C, it brings me to a C prompt like you said. So I am going to try to get rid of the partition per your instructions.
In any event...
"Actually I think you had to type a 1 didn't you?"
Right. 1 for "C", 2 for "E".
Turns out last night what I was trying was to get into a restore console.
I got mixed up. When I hit 1 for C, it brings me to a C prompt like you said. So I am going to try to get rid of the partition per your instructions.
#164
Posted 23 August 2011 - 02:29 PM
I can't read the file name it is looking for even if I blow up the picture.
Ron
Ron
#165
Posted 23 August 2011 - 02:30 PM
Go into Recovery Console. Select C:\
Then type (with an Enter at the end):
diskpart
select partition 3
(Make sure you are at partition 3 before going on. It should say: Partition 3 is now the selected partition.)
delete partition
(If this is nothing more than a DELL hidden recovery partition then it may balk and refuse to remove it. There should be an error in this case. )
Done! It worked. Looks like the Evil Partition is no more. Hooray!
Boot into the XP disk and run a repair install again. This time leave the CD in until it tells you to remove it.
Will do.
It's humming away over there....
I have decided that the change we made to boot.ini was a mistake. It appears that they are no longer numbering the partitions starting with 0 like they used to.
You are still my idol.
So go ahead and boot into the one that doesn't say Good if you get the chance.
If I get the chance- I'm taking it.
Then type (with an Enter at the end):
diskpart
select partition 3
(Make sure you are at partition 3 before going on. It should say: Partition 3 is now the selected partition.)
delete partition
(If this is nothing more than a DELL hidden recovery partition then it may balk and refuse to remove it. There should be an error in this case. )
Done! It worked. Looks like the Evil Partition is no more. Hooray!
Boot into the XP disk and run a repair install again. This time leave the CD in until it tells you to remove it.
Will do.
It's humming away over there....
I have decided that the change we made to boot.ini was a mistake. It appears that they are no longer numbering the partitions starting with 0 like they used to.
You are still my idol.
So go ahead and boot into the one that doesn't say Good if you get the chance.
If I get the chance- I'm taking it.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users