Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32.Agent.gfo per Kaspersky


  • This topic is locked This topic is locked
46 replies to this topic

#1 muzzles

muzzles

  • Members
  • 265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 04 February 2009 - 05:14 PM

Have scanned with Mcafee, F Secure, superantispyware, antimalewarebyte and spybot to remove with no luck

I was instructed to post here after trying the others, thank you

Referred here from: http://www.bleepingcomputer.com/forums/t/199948/not-sure-what-to-do/ ~ OB


DDS (Ver_09-02-01.01) - NTFSx86
Run by Scott at 16:31:33.16 on Wed 02/04/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6001.1.1252.1.1033.18.3069.1864 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Scott\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.foxnews.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard 5\ScannerFinder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultraw~1.lnk - c:\program files\dell\dell wusb\WQ_Tray2.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231873338741&h=6f33ec9c213b588ea9e81530db7f2023/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd

============= SERVICES / DRIVERS ===============

R1 is-2CBA5drv;is-2CBA5drv;c:\windows\system32\drivers\42078067.sys [2009-1-25 148496]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-7-1 7424]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]

=============== Created Last 30 ================

2009-02-02 08:30 --d----- c:\users\scott\appdata\roaming\Malwarebytes
2009-02-02 08:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-02 08:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 08:30 --d----- c:\programdata\Malwarebytes
2009-02-02 08:30 --d----- c:\progra~2\Malwarebytes
2009-02-02 08:30 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-28 22:47 --d----- C:\fsaua.data
2009-01-28 13:37 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-01-28 13:37 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-01-28 13:37 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-01-28 13:37 --d----- c:\program files\TUGZip
2009-01-28 00:25 --d----- c:\programdata\Spybot - Search & Destroy
2009-01-28 00:25 --d----- c:\progra~2\Spybot - Search & Destroy
2009-01-28 00:25 --d----- c:\program files\Spybot - Search & Destroy
2009-01-25 22:48 --d----- c:\programdata\is-2CBA5
2009-01-25 22:48 --d----- c:\progra~2\is-2CBA5
2009-01-25 22:45 201,766,944 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-25 22:45 2,317,724 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-01-25 22:45 148,496 a------- c:\windows\system32\drivers\42078067.sys
2009-01-16 20:32 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-12 11:50 --d----- c:\program files\Panda Security

==================== Find3M ====================

2009-02-01 14:11 27,839 a------- c:\programdata\nvModes.dat
2009-02-01 14:11 27,839 a------- c:\progra~2\nvModes.dat
2008-12-15 19:31 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-12 19:44 143,360 a------- c:\windows\inf\infstrng.dat
2008-12-12 19:44 51,200 a------- c:\windows\inf\infpub.dat
2008-12-12 19:44 86,016 a------- c:\windows\inf\infstor.dat
2008-12-12 17:58 39,936 a------- c:\windows\system32\drivers\CDAC11BA.EXE
2008-12-12 16:53 109,568 -------- c:\windows\system32\pxinsi64.exe
2008-12-12 16:53 108,544 -------- c:\windows\system32\pxcpyi64.exe
2008-12-12 16:53 20,640 -------- c:\windows\system32\drivers\PxHelp20.sys
2008-11-26 18:10 27,335 a------- c:\users\scott\appdata\roaming\nvModes.dat
2008-11-23 17:11 121,364 a------- c:\windows\hpoins15.dat
2008-11-19 11:15 165,680 a------- c:\windows\hpoins28.dat
2008-07-27 01:00 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 21:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-06-30 19:55 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 16:32:51.89 ===============

Attached Files


Edited by Orange Blossom, 04 February 2009 - 06:33 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 13 February 2009 - 09:48 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.
In your next reply include:
-the ComboFix log
-the GMER scan log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

#3 muzzles

muzzles
  • Topic Starter

  • Members
  • 265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 13 February 2009 - 12:17 PM

My computer has failed to start. After running combo fixit the blue screen of death appeared saying windows had detected an illegal operation and will shut down referencing a kernel change and a registry file is missing or corrupt.

Now I'm in windows boot manager saying windows failed to start. Asking to fix the problem:
1- insert your windows installation disk
2- if I do not have the disc the file referenced \windows\system32\config\system status:Oxc000000d info: windows failed to load because the system registry file is missing or corrupt

I did notice that combo fixit did delete a file system autorun.inf

Sorry for the post. I am communicating on another computer.

Thank you for your help.

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 13 February 2009 - 01:24 PM

Hello.

ComboFix should have installed the Recovery Console. We should be able to restore the ERUNT backup there.

Shutdown the computer. Start it again.
After hearing the beep, hit F8 repetitively until you see the boot selection screen.
Select Return to OS Choices.
Select Microsoft Recovery Console.

Enter your password if prompted.
You must enter which Windows installation to log onto. Type "1" and press Enter.
At the C:\Windows prompt, type "cd erdnt", and press Enter.
At the C:\Windows\ERDNT prompt, type "cd subs", and press Enter.
At the next prompt type batch erdnt.con and press Enter.
At the next prompt, type "exit", and press Enter.

Windows will begin to load normally. Can you boot now, atleast into Safe Mode?

With Regards,
The Panda

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 13 February 2009 - 01:40 PM

Please reply in this topic rather than using PM. Thanks.

From PM:

I have restarted the computer and the choices in the advanced boot options are:
Safe Mode
Safe Mode w/ Networking
Safe Mode w/ commmand prompt

Enable boot loggin
Enable low-resoluton video
Last known good configuration (advanced)
Debugging mode
Disable automatic restart on system failure
disable driver signature enforcement

Start windows normally

The OS selections should appear for a brief second during the boot. If you hit the down arrow quickly and enter to select the Recovery Console, it should work.

If you can't do that..

Download the RC.iso image file to your working computer's desktop.

Burn the image to a blank CD. If you do not have CD burning software, you can use ImgBurn.

Place the CD into the drive of the non-booting computer. Your computer should boot into the Recovery console.

There, follow the directions in my previous post for restoring the ERUNT backup.

With Regards,
The Panda

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 13 February 2009 - 02:35 PM

From PM...:

I download the iso file and extracted it into 2 files and a folder and burned in on a CD. I loaded the burned CD into the computer and changed the boot sequence to boot from the CD and rebooted. The Boot manager appears as before.

I must be doing something wrong

Burn the .iso image, not the extracted contents onto the CD.

With Regards,
The Panda

#7 muzzles

muzzles
  • Topic Starter

  • Members
  • 265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 13 February 2009 - 02:45 PM

I burned the rc.iso file to the CD. Loaded the CD into the computer and changed the sequence of the boot to CD and rebooted. the same message and options appeared:
1-Safe Mode
2-Safe Mode w/ networking
3-Safe Mode w/ command prompt
4- Last known good configuration (advanced)
5- Start windows normally

Thanks

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 13 February 2009 - 02:50 PM

Hello.

Restart the computer with the CD inside. Do not touch the comptuer while it boots.

Does it start in the Recovery Console?

With Regards,
The Panda

#9 muzzles

muzzles
  • Topic Starter

  • Members
  • 265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 13 February 2009 - 03:06 PM

It will not start in the recovery console you describe. The error recovery console I have has the 5 options I listed earlier.

Thanks

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 13 February 2009 - 04:14 PM

Hello.

It doesn't sound like the CD was created properly.

Are you burning the file onto the CD, or the image? What CD burning program are you using?

Put the CD into the working computer. Right click the CD drive and select Explore.

Was do you see there?

With Regards,
The Panda

#11 muzzles

muzzles
  • Topic Starter

  • Members
  • 265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 13 February 2009 - 04:34 PM

I wasn't making the file executable. I change the boot sequence and now when booting from the CD drive I get an error message saying operating system missing.

When I right click the image in the CD drive, it shows rc.iso file.

Thanks for your continued help.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 13 February 2009 - 04:58 PM

Hello.

The file was written, not the image.

Please download and install ImgBurn.

Right click the rc.iso file and select Burn with image burn.

Tell me what files you see on the new disk. Also try the ERUNT restore again.

With Regards,
The Panda

#13 muzzles

muzzles
  • Topic Starter

  • Members
  • 265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 13 February 2009 - 05:23 PM

I downloaded and installed Img Burn. On the disk are 2 files and 1 folder.

I loaded the disk into the computer and had the computer boot from the CD drive and Windows XP Home Editon Setup page opened.

I have Vista, will this hurt?

The options are setup XP
Repair Xp installatiion using Recovery console
Quit Setup without installing XP


Thanks

#14 muzzles

muzzles
  • Topic Starter

  • Members
  • 265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 13 February 2009 - 05:27 PM

I choose the option R and the message "Setup dd not find any hard disk drives installed on your computer.

Setup cannot continue. to quit Setup press F3.


Thanks

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 13 February 2009 - 05:41 PM

Hello.

Sorry, I didn't notice this was a Vista.

Do you have your Vista installation disk available? We can use the Recovery Console there too.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users