Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reinstall Win XP -- Can I preserve my data?


  • This topic is locked This topic is locked
5 replies to this topic

#1 QuasiMotive

QuasiMotive

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 05 April 2010 - 11:38 PM

I got the "Your ____________" malware today on my Dell Vostro 200 running WIN XP. It excluded me from the task manager, Malware Anti-Bytes, and Spybot. As i tried to work through it by reinstalling Malware Antibytes (no success) and Spybot (no success), it eventually just boots to the desktop, displays several error messages and then I'm left with just my background picture and a mouse cursor. ALT-ESC, ALT-F4, ALT-TAB all do nothing. I tried to reboot into safe mode and the computer comes up with a blue screen indicating that it has stopped booting to protect my computer. So I am left without a way to run any repair programs or use a USB drive. I have a DELL recovery CD and was able to run the XP repair console, but I am clueless how to use it. Back in the WIN98 days, I would just reinstall Windows right over the old Windows and my programs and data were preserved. Does this work with XP? How can I get it to boot in Safe Mode and run MBAM and Spybot?

Darren

BC AdBot (Login to Remove)

 


#2 QuasiMotive

QuasiMotive
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 06 April 2010 - 01:01 AM

I guess my question was too vague. I decided to forge ahead. I am running CHKDSK /R on the hard drive from the Recovery Console. I then plan to either use the Recovery Disk to "in place" install WIN XP to repair my installation, or restore the "hive" files to an earlier restore point. Not knowing which to do, I think I will try the hive file restore as this sounds like it is most likely to preserve my data and get me back to before the malware struck. Any comments?

Darren

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 06 April 2010 - 01:27 AM

You could try backing up your data with this:

http://www.howtogeek.com/howto/windows-vis...ndows-computer/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:35 AM

Posted 06 April 2010 - 09:40 AM

FWIW: A repair install is not an effective remedy for malware situations.

Data files can be moved to another drive/system or removeable media.

If intent on using recovery/restore CDs, I would do so after moving data from the infected system.

Louis

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:35 AM

Posted 06 April 2010 - 11:56 AM

Hi, QuasiMotive smile.gif

Welcome.

Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Two programs to download

First

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standart Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:35 AM

Posted 27 April 2010 - 12:50 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users