Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Vista Home Premium - infected drive

  • Please log in to reply
1 reply to this topic

#1 KewlToyZ


  • Members
  • 3 posts
  • Local time:12:03 PM

Posted 27 August 2009 - 08:39 AM

I had a guy bring in his home PC with Vista home premium installed.
Badly infected. You simply could not run any program on the system at all.
Permissions are disabled, task manager closes everytime it is ran, and control panel wont open.
It seems multi functional with a renaming bug that renames every process when it is attempted to run.

Well one of the other IT guys decided to try a clean install of Windows.
The Manufacturer neglected to put a a repair section into their Vista install DVD.
It ran ok, but we wanted to clean up the system from the threat.
I went ahead and ran a full scan with Avast on the new install and it caught a few items in the Windows.old installation files.
Then I ran Malware Bytes, that too caught a few items.
Then I ran ComboFix..... it found a ton of trash, then suddenly the fresh OS lost all permissions, Task Manager no longer runs, Control Panel no longer runs. I guess this is some sort of evolving bug that threads when attempting to delete or even wander by the folder it has nested itself into.

I was curious if any of you guys have ever made a Live CD of Knoppix/Linux with AV Malware cleaning tools to run with it?
I'm going to look around and see if I can find anything like that. I'll let you know what I find. :huh:

BC AdBot (Login to Remove)


#2 Blade


    Strong in the Bleepforce

  • Site Admin
  • 12,746 posts
  • Gender:Male
  • Location:US
  • Local time:11:03 AM

Posted 27 August 2009 - 08:51 AM

Here you go :huh:

From a working computer download and install IMGBurn.

Download Knoppix to your desktop.

Open IMGBurn via the newly created icon on your desktop, or by pointing to Start->All Programs->ImgBurn->ImgBurn
Push the large "Write image file to disk" button.
Right under "Source" and next to "Please select a file" push the Posted Image button.
Browse to and select the Knoppix image file on your desktop.

Place a blank CD-R into your clean system's CD Burner, and press the large button that looks like a page going into a CD in the bottom left of IMGBurn.

Now place this CD into the non-bootable system. Configure the system to boot from CD. You can usually do this by pressing F10, F11, or F12 (try all of them if unsure) to bring up configuration options, and select CDRom as your boot device. Some machines will automatically attempt boot from the CD if one is inserted.

When you see this screen,
Posted Image
Press enter, and wait for Knoppix to boot.
On Knoppix' desktop, you should see an icon for your hard disk (Looks like Posted Image.)

Right click the drive, and select "Change Read\Write Mode". Press "Yes" at the prompt.

Now you have ready access to you hard drive. You can drag and drop files/folder to another hard drive, a flash drive or burn the data to disk.

For safety sake...

Note that the files with the following extensions should not be backed up:

Once the files are done moving, press the large K button in the lower left corner of the screen, and select Log Out...
Then press "Turn off computer".


If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users