Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Finally a member, and a Hello to all!


  • Please log in to reply
4 replies to this topic

#1 Cyberchipz

Cyberchipz

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 11 May 2015 - 02:36 AM

No doubt that future Cybergurus will come from those adept and creative at forming meaningful queries on the internet. This site has slowly wormed its way into my paranoid heart over the years.  As a programmer, developer, IT Tech, and Networking (dare I even think it) Guru and general JOAT (Jack of all Trades, and master of some), I often find myself pondering the now age old question, "Knowing what I know about networking and computers, how do regular people survive owning a computer or manage to get anything fixed?".  Those who also think of themselves as Gurus measure their own aptitude by 1: Being able to claim having forgotten more than they know. on the subject. 2: Questioning at times if they really know anything at all about the subject. and 3. Being able to know what they know, #AND# knowing what they don't know.  The last one making them wisest of all.

 

Last but not least in this list of qualification is: Knowing where to look, and what to look for.  Amazingly, a new friend of mine (my daughter's beau (read that... Suger Daddy) has been successfully running a business on a machine that has 1. No COA, 2. Never been backed up. 3. Recently was getting computer help from "Nerds in Bugs", 4: Was basically crying to my daughter for someone to help his FBI Moneypak Ransom infected machine that wouldn't do diddly squat, fighting off Nerds in VW Bugs" who wanted the big bucks for coming to his business and getting nowhere on the machine.   And while my daughter bragged that "If my daddy can't fix it, no one can.", and I can claim, "I've never lost a patient yet." felt over the last almost 4 days now, that this was going to be my first patient loss.  And I'm not out of the water yet; but, feel if I can get the damned license authenticated, we may be in the clear (but, swatting bugs for a while).

 

So, this guy is running a Windows XP Pro, because the software he runs cost him over $16k and he can't afford an upgrade which runs around $9K just so he could run it on a Windows 7 machine, with no guarantee it will run on Win 8!!!    I'm clearly in the wrong business!  Oh, that's right, I'm retired.  Apparently running a Moneypak Ransom can net you around $3 Million, and many years in jail.  I'm almost thinking it might be worth 5 years in jail for $3M; but, I would soil my White Hat, and I keep mine clean.

 

So, I was able to run a couple of prime software on his machine, and had to stop him from being overjoyed, as it was running XP pro, from a new COA (currently unauthorized) in Command Prompt... turned Repair Console, in ultra safe mode, with practically every parameter possible listed in the boot.ini because even the monitor could only work in /basevideo with no gui waving a white flag, which after Ransom looked good to him after a day of Nerds in Bugs only giving him a glimpse of his Desktop before it froze him out.  And to be honest, that's all I got for two days too.  With no backup, I was very careful, and after a day managed to grab a backup with FBI trojan still intact.   Hey, at least I could hand it back to him the same way he gave it to me if I failed.  I know that's better than what the Nerds in VW's could offer.  After the guy who built his machine died, he's been using the Geeky squad for at least 2 years, and no one thought to get him to make a backup! o-O

 

I have to admit the dead guy made a great machine!  And I'd pat him on the back if I'd have just seen a dang COA somewhere on the machine, yellow sticky note would have been fine.  The owner?  His answer to all my questions were: I don't know, I can't remember, and I didn't know that was important when it came to disks and documentation.  We all know them right?

 

So... it was a nice break writing you to say 'Hey!'; and I just finished installing IE7 & IE8 so hopefully the machine will boot to safe mode now I've repaired it. (I hope).

And, if you don't hear from me for a while, I got it done, and I'll see you around the next time.  Once my mother passes away, I might even get time to answer some questions.  Gawd, I hope I don't have to post any questions; but, it's nice to see a good active community.  Thank goodness the internet is like an Elephant;  it has a long memory, and on the internet, even Windows XP Pro questions and answers are still valid 10 years after they were asked.  Kudos to Bleeping Computers, and Kudos for the internet and it's elephantine memory, because for me... Windows XP is part of the "Forgotten more than I know excuse of a Guru I am at this moment.  But, it's amazing how much I still remember.  Haven't seen Windows 10 yet; but, so far... peeking under the hood of Windows 8, and using Windows 7.  Not that much has changed... it's all Windows dressing.

 

BTW as a parting thought.  Has anyone noticed how over the years we don't so much as fix the machines anymore as we do tell them to forget what is wrong, and more and more they can almost fix themselves?  No?  Yeah, me neither... but, it's getting closer and closer.

 

Cheers,

 

Chip as in Cyberchipz  :warrior:

 

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:05:00 AM

Posted 11 May 2015 - 02:52 AM

Hello, and :welcome:

I have to admit, running around the Internet without backup these days is *almost* insane. Your friend has Reveton, which is nasty - but not to the same degree as some of the crypto ransomware currently rampart that you will see a lot of here.

BTW as a parting thought.  Has anyone noticed how over the years we don't so much as fix the machines anymore as we do tell them to forget what is wrong, and more and more they can almost fix themselves?  No?  Yeah, me neither... but, it's getting closer and closer.

Well, it's *almost* fix... we take care of the not-almost part. :lol: Otherwise GeekSquad would go out of business.

#3 Cyberchipz

Cyberchipz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 12 May 2015 - 05:23 PM

Nice to hear from you! Well my 20 year record still stands.  Didn't lose this patient, but I had my doubts for a while.  I mean this guy had nothing for his machine! OMG. So, finally got him up and back in business!  I'm ashamed of how long it took me.  It's tough with no safe mode. So the following steps got me up and running.  This was how I fiexed rampart.

  • 1st Geek Squad used Anti-anything they could run, which I think removed the bug detected; but, didn't fix the OS.  A dual boot, they used WinXP 64 bit to scan and repair the C:drive (Primary boot) Win XP Pro 32bit. But, these couldn't repair of oust anything in the Registry :-( or repair the system.  But, could have done this a multitude of ways, up to and including removing the drive and putting it another machine to scan it.  Supposedly this is not supposed to be done as it will removed authentication (so I've heard) but never happened to me, at least not with XP. Or Windows PE, etc.
  • I used an installation disk to do the Install/repair (overwrite) but this broke Win XP pro 64 (and as I found out later Internet Explorer on the XP pro 32 (oh well :-/)
  • Even with the repair, the XP 32bit OS was corrupted beyond booting to any mode, plus video was also giving "out of frequency range" which is why the /basevideo was used.  (Cheap monitor problem)  I quit computer repair about 3 years ago and I wasn't lugging my Flat screen back from my machine to the client because I had to do research.
  • I used a bootable CD to get a command prompt and editor and edited the boot.ini to make XP boot with /safeboot:minimal(alternateshell) /sos /bootlog /noguiboot /basevideo
  • In normal boot: I now had the next error:"A problem has prevented Windows from Accurately Checking the status of this computer" which was due to corrupted IE7 & IE8.
  • Searching that error on the internet, I found  this sweet little hack/help, that worked for me and 22 other people by booting into the new boot.ini listed above got me into a safe mode desktop: http://answers.microsoft.com/en-us/windows/forum/windows_xp-system/xp-hangs-on-startup-and-dialog-box-provides-the/f7cce2a4-b0db-4b8d-a6e1-812071bc759c
  • I booted in (alternate shell) safemode as listed above and used the hack to get to a desktop  I installed hitman, and it found nothing. In RUN prompt of desktop Ran msconfig, and shut down all non-Microsoft services and startup files.
  • I removed IE8 but IE7 would not could not uninstall. IE7 not listed in Add/New/Unistall Programs, nor updates, IE7 folder existed, but there was no SPUNINST.EXE to uninstall it.
  • At this point normal boot gave me this error Not enough quota is available to process the command not letting me register the license. Which turned out to be corrupt ie7 & ie8 due to OS Repair Restore (overwrite) and IE7 still in the system corrupt.
  • So, I looked for full Offline installations of IE7 as I thought I might be able to overwrite it.  
  • Couldn't find (Microsoft XP is not longer supported) what an offline loader at Microsoft: but,  thanks to this site I found full offline versions of IE7 & IE8.
  • http://www.itechtics.com/download-internet-explorer-all-versions/:  
  • Using my new boot.ini and the hack, I got to the desktop where I could install IE7 & IE8.
  • In normal mode, I got the registration screen, and internet was working
  • So after some non-starts, and over 3 days, I registered the OS and was up and running!
  • Hitman immediately found 3 trojans!  Did a full chkdsk and sfc /scannow after hitman.
  • Checked clients essential programs he needed, and the registry and program associations were still intact!!!  Repaired Chrome, and a couple of other minor bugs. Chkdisk found errors.
  • Client is now busy at work!

Well, gotta run to art class, and I'm late. (sigh)  L8r)

Chip



#4 Cyberchipz

Cyberchipz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 14 May 2015 - 07:42 PM

From what I've heard about the Crypto version, I just wouldn't even consider taking on the job.  I think I'd be kinder to a client if I just told him the machine was a lost cause; and to avoid doing the activity that got him infected.  I feel for anyone who would get it for any reason though.  That's why I prefer wearing a white hat; at 60, I can leave jobs like a Crypto Ransom to the young exuberant types.



#5 Cyberchipz

Cyberchipz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 16 May 2015 - 11:29 AM

This was how I fiexed rampart.

Oops I mean <sp> 'fixed Reveton' (sigh),


Edited by Cyberchipz, 16 May 2015 - 02:45 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users