Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how do i create a boot cd for xp


  • This topic is locked This topic is locked
19 replies to this topic

#1 cornerstone

cornerstone

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Appleton - WI - USA
  • Local time:02:56 AM

Posted 09 September 2010 - 10:04 PM

Id like to create a boot cd for a system so I can run a virus scan on it to remove a virus. I think it may have the "fake AV" virus. It will not boot - when I go to safe mode it allows me to click on either Compaq_administrator or Administrator accounts but nothing happens. It appears like its going to the opening desktop but I instead get a message "logging off - saving settings" then I am back at the same screen. I have seen this before and it is usually the work of the FakeAV virus. If there was a way I could boot the thing with a CD or DVD to a GUI with then possibly run a virus utility or Malwarebytes that would be great. Am I asking to much ??

Edited by hamluis, 10 September 2010 - 08:42 AM.
Moved from XP forum to Am I Infected ~ Hamluis.

Cornerstone

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 10 September 2010 - 02:07 PM

Hello, this soudns to me like a corrupted userinit value. Do you get the same logon-logoff problem when trying to boot in normal mode?

Do you have your XP CD?

Do you know which fake AV (name) was causing the problems (if I know that, I can see which file is most likely causing the problem).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 cornerstone

cornerstone
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Appleton - WI - USA
  • Local time:02:56 AM

Posted 11 September 2010 - 11:48 AM

Below is the Malwarebytes scan results. Basically I removed the drive from the sysem and put it in a external encloser and ran the scan against the drive - cleaned everything - then afterwards to be sure i ran a complete scan with McAfee. I now have no viruses on the drive - BUT -

I placed the drive back into the system and I still cannot login on - Safe mode and Safe mode with networking and Normal boot all have the same issues in that once you click on the login it just says " saving settings - logging off" and you are back to where you started ( cylical ).

Help Help Help !!!!!!!!!!!


Scan type: Quick scan
Objects scanned: 118953
Time elapsed: 1 hour(s), 43 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
G:\eddc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
G:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\mwrsxocena.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
G:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Uhp.exe (Malware.Packer) -> Quarantined and deleted successfully.
G:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\nsaxcemorw.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\rascsnet.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
G:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\rcsenwomax.tmp (Trojan.Inject) -> Quarantined and deleted successfully.
G:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\swenoxmrca.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\HEQVEQEM\green[1].htm (Rogue.ControlCenter) -> Quarantined and deleted successfully.
G:\Documents and Settings\Compaq_Administrator\My Documents\WebfettiSetup2.3.50.19.ZKfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP642\A0226622.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP642\A0226624.exe (Malware.Packer) -> Quarantined and deleted successfully.
G:\WINDOWS\svmfodci.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\6to4v32.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\BIT3.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\bubopoyu.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\hewurevi.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\IPHACTION.dll (Trojan.Agent) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\kbdsock.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\kewuziga.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\libetuka.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\mshlps.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\ranufuka.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\srsvc.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\tevinuki.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\tle0gdkv7i.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\wezisuve.exe (Rogue.ControlCenter) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\spool\prtprocs\w32x86\0000548e.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\WINDOWS\Temp\win6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Cornerstone

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 11 September 2010 - 12:30 PM

Please let me know if you have your windows XP CD at hand.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 cornerstone

cornerstone
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Appleton - WI - USA
  • Local time:02:56 AM

Posted 13 September 2010 - 06:02 AM

not sure if it maters or not but the system has xp media edition on it ( its a compaq presario sr1834nx ) - i have a windows xp home with sp2 cd and a winows xp pro cd available - will they work for this.


cornerstone
Cornerstone

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 13 September 2010 - 06:50 AM

No problem, any XP CD will suffice. smile.gif

I will move this topic to a more appropriate forum.

Let's try to boot your computer using a Boot CD.

Please print this guide for future reference!

You will need a blank CD, your Windows XP install disc, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. Please tell me what error messages you got and/or what steps you got hung up on.

1. Download the PE Builder to your desktop

http://www.nu2.nu/download.php?sFile=pebuilder3110a.exe
  • Double-Click on the PE Builder that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on PE Builder.exe located on your desktop.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
      • Source:(path to Windows installation files)[list]
      • Enter the path to the drive where your XP CD is located.
      • You can click on the "..." button on the right to navigate to the path as well.
    • Custom: (include files and folders from this directory)
      • No information is necessary, leave blank.
    • Output:
      • Keep the default
  • Media output
    • Choose Create ISO image
    • Do not choose Burn to CD/DVD
      • Download the RunScanner plugin and save it to your desktop

      http://www.paraglidernc.com/Files/RunScanner10025.cab

      Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner <--- Important!!!

      • Press the Plugin button on the PE Builder interface
      • Press the Add button and navigate to the location of the RunScanner plugin to install
      • Please note: If you are using a Windows XP disc with sp2 then highlight RpsSS needs to launch DComLaunch and then press Enable
    • When your done press Close and the PE Builder interface will re-appear
3. Click on the "Build" button
  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run it's course
  • When the Build is finished you can click close, then exit
4. Burn your ISO file to CD==========

Next........

From your clean computer..

Please download OTLPE.zip and save it to a flash drive.
http://oldtimer.geekstogo.com/OTLPE.zip
http://www.itxassociates.com/OT-Tools/OTLPE.zip

Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

==========

Plug your flash drive into your sick computer now and do as instructed below..

==========

1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created
  • Insert the CD in to one of your CD/DVD drives.
  • Restart your computer.
    • The computer should choose to boot from the CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on No
  • After it loads press the Go button in the lower left and do this....
    • Go
    • System
    • Display
    • Screen Resolution
    • 1024x768
    Next choose....
    • Go
    • Programs
    • A43 File Management Utility

==========

In A43File Management you should see your flash drive
Navigate to the OTLPE folder that you saved to your flash drive.

Open the OTLPE folder and double click Start.bat.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTLPE should now start

    Change the following settings
    • Change Services, Drivers, Standard and Extra Registry to Use Safelist
    • Uncheck LOP and Purity check

    Please note: Stay with your computer during the course of the scan. If "Entry Point Errors" are encountered simply press "ok" and allow the program to continue. <-- Important!!
  • Push
  • A report will open named "OTL.tx"t and another will be minimized to the system tray named "Extra.txt". Save both log's to your flash drive. Copy and Paste them in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 cornerstone

cornerstone
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Appleton - WI - USA
  • Local time:02:56 AM

Posted 13 September 2010 - 10:30 PM

wacko.gif jumpin jiminy - i wasnt expecting it to be quite that involved ! GGGEEEEZZZZZZZZZZZZ.

ok - tell you what - i have pe on my computer here - dont know if its recent - have not looked at it in a long long time.

speaking of time - with my work schedule the way it is this week i might not get to this until this weekend - but i will try to squeeze it in during the week but cannot promise it.

thanks for the response - we will be in touch

cornerstone
Cornerstone

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 14 September 2010 - 05:33 AM

It looks quite like a list, but its not that bad. smile.gif

I'll wait for your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 cornerstone

cornerstone
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Appleton - WI - USA
  • Local time:02:56 AM

Posted 17 September 2010 - 04:43 PM

received a few errors during the build process.

ill try to upload the prebuild.log file - here goes.

todd ( cornerstone )

Attached Files


Cornerstone

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 18 September 2010 - 12:59 AM

Hi Cornerstone, did you run the PE builder from a useraccount with administrator permissions? If you run it on Vista/Windows 7, make sure you right click on the file and select "run as administrator".

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 cornerstone

cornerstone
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Appleton - WI - USA
  • Local time:02:56 AM

Posted 18 September 2010 - 08:07 AM

dell inspiron 9200 with windows xp - service pack 3 ( the cd i am using is a dell oem windows xp home edition with service pack 2).

comment s???


thanks
Cornerstone

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 18 September 2010 - 08:40 AM

Hi, that doesn't matter; what I want to know is what I asked you in my last post. smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 cornerstone

cornerstone
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Appleton - WI - USA
  • Local time:02:56 AM

Posted 18 September 2010 - 01:12 PM

there is no account on the computer - it boots to the opening desktop - i am the admin

todd
Cornerstone

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 18 September 2010 - 01:20 PM

From what version of windows are you running the PE builder?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 cornerstone

cornerstone
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Appleton - WI - USA
  • Local time:02:56 AM

Posted 18 September 2010 - 03:19 PM

wndows xp 32 bit with service pack 3
Cornerstone




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users