Help
XP Repair Install
Need assistance - redirected from the HJT forum
Back to top
#32
- Member
-
- Group: Members
- Posts: 41
- Joined: 31-January 09
Posted 11 March 2009 - 12:54 AM
Just wanted to send an FYI: I'm still here, haven't worked on it yet due to family reasons, i'll post as soon as I can. Thanks for your patience.
#33 Guest_Jay-P VIP_*
Posted 11 March 2009 - 01:02 AM
Right on, no problem--please let me know of results that you may have!
#34
- Learning To Bleep
-
- Group: BC Advisor
- Posts: 2,834
- Joined: 06-July 08
- Gender:Not Telling
- Location:127.0.0.1
Posted 11 March 2009 - 04:15 PM
thcbytes, on Mar 2 2009, 03:09 PM, said:
Wow. Great work folks!! I have been following along and have a few questions.
Would not a good 2-way firewall provide a notification of this process trying to access the Chinese site?
Any idea how you got hacked in the 1st place?
Edit...One more question. Why did not the virustotal upload flag the file as malware?
Thanks,
t
Would not a good 2-way firewall provide a notification of this process trying to access the Chinese site?
Any idea how you got hacked in the 1st place?
Edit...One more question. Why did not the virustotal upload flag the file as malware?
Thanks,
t
Since nobody answered your last question, I am trying:
The VirusTotal online service didnt find anything, because there is nothing to find. Its genuine copy of Windows Notepad which is being used to access some chinese website.
In my experience, by default, ZoneAlarm allows internet access to all Microsoft signed system modules. Windows Notepad is a signed binary. Again I may be wrong.
#35
- Bleepin' Teacher
-
- Group: Malware Response Instructor
- Posts: 12,267
- Joined: 09-December 08
- Gender:Male
Posted 11 March 2009 - 05:40 PM
That makes sense. I wonder how it got there in the first place?
Thanks,
t
Thanks,
t
Proud member - Unified Network of Instructors and Trained Eliminators
I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!
http://organdonor.gov/index.html
I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!
http://organdonor.gov/index.html
#36
- Member
-
- Group: Members
- Posts: 41
- Joined: 31-January 09
Posted 20 March 2009 - 03:45 PM
Hi everyone, I apologize for the delay. I've tried to boot using a friend's XP home disc, but even when i manually select the DVD drive from the boot menu, it loads straight to the desktop. any suggestions?
#37 Guest_Jay-P VIP_*
Posted 20 March 2009 - 08:50 PM
Do the following:
Attempt to boot from the CD. Place the CD in the drive, then restart the computer. If the computer boot up normally and did not boot to the disk then do the following set up options:
When you restart again, you will see the first screen when it kicks over from shutdown to boot up. Press F2, delete, or the correct key for your specific system on the POST screen (or the screen that displays the computer manufacturer's logo) to enter the BIOS setup screen. You need to navigate to the boot tab. On the boot tab you may see three or more values. The values listed are CD-ROM drive, Hard Drive or HDD, Diskette Drive, etc. Read the instructions on how to bring CD-ROM up to the first thing to boot. Once you do that, press the ESCape key and save changes and make sure it reboots.
On boot up you might see a screen that states:
Note: Remember this page so after you do the repair install, you can reset the boot order back to what it was before it was changed.
Edit: spelling
Attempt to boot from the CD. Place the CD in the drive, then restart the computer. If the computer boot up normally and did not boot to the disk then do the following set up options:
When you restart again, you will see the first screen when it kicks over from shutdown to boot up. Press F2, delete, or the correct key for your specific system on the POST screen (or the screen that displays the computer manufacturer's logo) to enter the BIOS setup screen. You need to navigate to the boot tab. On the boot tab you may see three or more values. The values listed are CD-ROM drive, Hard Drive or HDD, Diskette Drive, etc. Read the instructions on how to bring CD-ROM up to the first thing to boot. Once you do that, press the ESCape key and save changes and make sure it reboots.
On boot up you might see a screen that states:
CD boot screen said:
Press any key to boot from CD...
Note: Remember this page so after you do the repair install, you can reset the boot order back to what it was before it was changed.
Edit: spelling
This post has been edited by Jay-P VIP: 20 March 2009 - 08:51 PM
#38
- Member
-
- Group: Members
- Posts: 41
- Joined: 31-January 09
Posted 07 April 2009 - 01:18 PM
Hey everyone, sorry for the late post. I tried the above method, and it still won't boot from the CD. I'm not entirely sure what's wrong. I did finally manage to borrow a friend's XP CD that had the "I386" folder, which I copied to my C:\ drive as per the tutorial instructions for SFC. I completed the steps listed, but when I ran SFC, it still asked me to insert the windows CD, even though i had made the registry key change; not to mention the CD i had copied "I386" from was still in the drive!
I'm starting to contemplate a complete re-install.. any ideas?
I'm starting to contemplate a complete re-install.. any ideas?
#39 Guest_Jay-P VIP_*
Posted 07 April 2009 - 02:21 PM
usasma, on Oct 5 2006, 09:14 AM, said:
Then perform this registry edit to point SFC.EXE at it:
So, the first step is to backup your registry. The easy way to do this is to set a System Restore point ( http://www.microsoft.com/windowsxp/using/h...temrestore.mspx )
Next, go to Start...Run...and type in "regedit.exe" (without the quotes) and press enter. You'll see a folder-like view on the left, and entries on the right.
Navigate down the folder view on the left to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Setup Just click on the + sign to expand the view of the next level - so, to start, you'll click on the + next to HKEY_LOCAL_MACHINE and look for the SOFTWARE entry.
Then you'll click on the + next to SOFTWARE and look for Microsoft, and so on until you get to the Setup key. Then just click once on the Setup key.
Look in the right hand pane and double click on the entry that says "SourcePath".
In the box that pops up, type in "C:\" (without the quotes) and press Enter. Then close regedit and reboot your computer. SFC.EXE /SCANNOW should now run without problems for you.
So, the first step is to backup your registry. The easy way to do this is to set a System Restore point ( http://www.microsoft.com/windowsxp/using/h...temrestore.mspx )
Next, go to Start...Run...and type in "regedit.exe" (without the quotes) and press enter. You'll see a folder-like view on the left, and entries on the right.
Navigate down the folder view on the left to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Setup Just click on the + sign to expand the view of the next level - so, to start, you'll click on the + next to HKEY_LOCAL_MACHINE and look for the SOFTWARE entry.
Then you'll click on the + next to SOFTWARE and look for Microsoft, and so on until you get to the Setup key. Then just click once on the Setup key.
Look in the right hand pane and double click on the entry that says "SourcePath".
In the box that pops up, type in "C:\" (without the quotes) and press Enter. Then close regedit and reboot your computer. SFC.EXE /SCANNOW should now run without problems for you.
It should not ask for the CD if you do this!
#40
- Member
-
- Group: Members
- Posts: 41
- Joined: 31-January 09
Posted 07 April 2009 - 02:41 PM
That's why I don't understand why SFC asked for my CD... here's a screenshot of the registry:
Attached File(s)
-
Screen1.JPG (196.73K)
Number of downloads: 10
