Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major Defense Kit- Can't open file explorer to Get to RKill !!


  • Please log in to reply
1 reply to this topic

#1 buckyswider

buckyswider

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 10 November 2010 - 07:58 PM

Hi all, Major Defense Kit has taken over my brother's computer. Working on a laptop with horrible WWAN signal, so my searching is limited. Sorry.

The PC is Win XP. I have printed the removal instructions and downloaded the requisite code onto both a USB stick and a CD. When I boot the machine, of course Major Defense Kit comes up. I let it go through its "scan" and then opt to "continue infected" of whatever it says. But then it just shows me a blank desktop (well, the background is there). It seems like the windows key (on the keyboard) is disabled, so I can't use WIN-E to bring up file explorer to run rkill. Of course, there's no icons or start button so I can't start it that way either.

How the heck can I open something in order to run/copy rkill to get going?

A couple things I've done:

I've killed MDK during its "scan". But I still can't do anything. Are there processes I can kill manually via task manager to help??

I've let MDK finish its "scan" and then clicked on "Install Heuristics module" to open up the browser window. However, I don't have any network connectivity on the infected machine, so I get a 501 in internet explorer. Even if it did have connectivity, the browser window it brings up has no url bar, so I couldn't redirect it somewhere to download rkill to the desktop anyway.

So how can I open up a file explorer window to access the USB stick or CD?

**a maybe AHA**- I just thought to CTRL-N at the browser window, and it brought me up a "full" browser window complete with address bar. I will take this machine home to see if I can connect to my network to somehow download RKILL to the desktop. I'm not too optimistic though.

Edited by buckyswider, 10 November 2010 - 10:19 PM.


BC AdBot (Login to Remove)

 


#2 buckyswider

buckyswider
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 12 November 2010 - 10:42 PM

Hey all, thought I'd follow up to tell my tale and hopefully others can learn by my mistakes.

First off, I learned a trick to run something when you can't open windows explorer. Probably a well-known trick, but was new to me. Since I could get in to task manager, go to the "applications" tab and select the "New Task" button on the bottom right. Then hit "Browse" and you can navigate to the program you want to run. Something else I learned along the way is that in these "browse" windows you can copy and paste files (and probably delete stuff too, but I didn't realize that until way too late. Woulda saved me a lot of time).

So I opened up task manger, selected the "major defense kit" app, right clicked on it, and selected "go to process". I was then able to ascertain the executable that was running. It was not one that was listed in removal instructions for MDK. It was "hotfix.exe".

So since I couldn't figure out how to delete the files with windows running, I booted Ultimate Boot CD (UBCD4WIN). I went into that file explorer and found it in the \Windows directory. I deleted it along with its companion .bat file (also different from the removal instructions) usdfgs.bat. Then I booted up windows and MDK did not start (yay!) but still I only had a desktop background with no icons or start menu (boo!).

So I spent the next coupld hours trying to find the listed registry entries using both the registry editor in UBCD4WIN and another standalone bootable tool "PCRegedit". No dice. Searched high and low for the needle in the haystack. I guess it doesn't help that I'm major inexperienced in Ways Of The Registrt, but no luck at all.

So then while researching that I stumbled on the "New Task" trick. I booted up windows, opened up task manager, and New Task'd into the malware remover. After an hour and a half, 5 suspects were found and I quarantined them. Booted into windows- still no luck taskbar or icons. Phooey.

So then I read about using Recovery Console to repair a windows install. I had booted into it several times (using an XP install CD) during these attempts so I was familiar with that. Did the 'ol manually remove the 5 registry files and copy over from the recovery point directories. Still no desktop. Blah.


Then I thought about something I had noticed during startup- "Hit F11 to run Recovery" (or something along those lines).

Well, THAT mistake cost me about 12 hours. It put me into the "PC Angel" Recovery console, BUT it said there were files missing and I needed the original install CD. Long gone, says Broski. So I reboot, but it goes right into PC Angel again- no way out. I then chased my tail for a long time learning how to mark a partition "active" and the like using bootpart off of the recovery console. But it couldn't find anything when I did a "scan" or "rebuild"- it says the filesystems were corrupt. So I did chkdsk /r on both the C: (install) and D: (PC Angel) partitions. But guess what? Still wouldn't work.

So then after more googling I decided to try the "repair" trick from the install disk. Booted into the windows install, but it didn't recognize any partitions with windows installed. Aye Karumba.

So then a brain storm (more like a light drizzle I guess) hits. "I'm using an XP Pro boot CD, but this has XP Home Installed. THAT'S why it can't find it!". So I spend the next couple hours trying to download an XP Home (with SP3) install CD that is NOT a torrent (bad luck with them). Finally find one and burn the .iso to a CD and reboot. Guess what? It STILL didn't find any existing windows installs to do the repair install!!

Back to UBCD4WIN. Found the partition program, and marked the Windows partition as "active". Booted again, windows couldn't load because a .dll wasn't found. Sigh. But at least I'm away from the PC Angel loop!

Went back to the recovery console to see if it could now find windows installs in bootpart. And guess what?? It DID this time! I was able to rebuild the boot sector (?) pointing to the proper windows install. Let's boot!!!

So this time it boots into windows, and VIOLA- STILL no desktop or taskbar! So it took me all this work to get back exactly to where I was before I decided to hit F11!!

So now I think hey, maybe the install will find the windows install to repair. And it did!! An hour later, I rebooted after the repair. Only one <minor> problem- it didn't like the windows key from the sticker on the PC. Not a big deal, at least for 30 days. The sticker was an OEM key and the install disk I repaired from was retail.

BUT, after repair- YAY! I booted into windows with the same userid and password, all the programs were there, goodness! But no network connectivity. If fact, no network device was listed in device manager, even though I could see it happily blinking away. So back to the OEM site. (I had hit them up for a recovery disk, but the said since it was out of warranty, they couldn't supply a recovery disk). There were 4 drivers still out on the site though. Turns out the motherboard driver had 4 different parts, including the ethernet driver. Installed them all, rebooted, and goodness! For good measure I installed the other drivers (CPU, audio, and video). The last issue to solve was the windows key.

Turns out that MS has something really cool set up to handly the eventuality of situations like this. I learned abou the "Microsoft Prouduct Key Changer Utility", googled it up, and ran it. It asked me for my windows key, I supplied the OEM key, and Viola! It accepted it, made me reboot, and now the copy of windows is registered. For grins and tickles I downloaded and installed the 86 missing windows updates, and now all is good in Whoville.

Needless to say, I had my brother install AV software. And for his birthday he's getting an external drive and some sort of driver image backup software (ghost or something like that). I can't go through this again!!

(Disclaimer: Everything listed above is done from memory of this excrutiating 36 or so hours. I'm sure I have some things our of order, and I omitted either intentionally or otherwise a lot of the steps I took. There's only so much room to type!!!)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users