Register - Login
Views: 95201200
Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users
Ranks - Rules/FAQ - Stats - Latest Posts - Color Chart - Smilies
09-23-18 09:43:36 PM

Jul - Computers and Technology - OH CRAP I THINK I BROKED IT! New poll - New thread - New reply
Pages: 1 2Next newer thread | Next older thread
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 164


Posts: 2064/9863
EXP: 56539165
For next: 1163225

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 1 day
Last activity: 5 min.

Posted on 01-06-10 01:51:09 AM (last edited by GabuChickenleg at 01-06-10 01:52 AM) Link | Quote
Here's the scoop. About an hour ago I was surfing... um... ED... and suddenly a window pops up with another of those annoying drive by attacks for some bullshit antivirus software really being malware. Try to exit out of the window, but it keeps saying "You have a virus! Click OK to do a scan!". Of course, the fake Windows windows were either from Vista or 7, but I still click cancel and try to close the window before the dialog box pops back up. So what do I do, I try to Control+alt+delete my way out. Instead, this thing somehow got into permissions and turned off Task Manager for me. I freak out and turn off the computer, wait several minutes, then turn it back on. I hear the motor whirr as usual, wait for my desktop, but instead the screen flashes off for a moment, the tower whirrs again, and I'm kicked onto a screen saying that "Windows could not start due to a recent change in hardware or software, blahblahblah". Instinctively, I chose Safe Mode, but seems to freeze when on the line when the system loads Isapnp.sys. I try Last Known Good, system doesn't start, as does trying to boot normally and even Safe Mode w/ Networking. I get onto this (dad's) computer, and get some instructions to reinstall that system file via Recovery Console. I grab his XP CD, turn on the computer to put it in, restart, get to the screen where I can load an OS from a hard drive, CD, etc., choose CD, wait several seconds...

...

...

...kicked right back on to "Windows could not start due to a recent change in hardware or software" screen.



For those who tl;dr:
-Got drive-by malware trying to push it's antivirus, cannot exit because Task Manager was disabled, shut down due to a regressive impulse
-Start back up, Windows refuses to load, and looking at Safe Mode whilst trying to load, stops at Isapnp.sys, so I get instructions via dad's computer, his XP CD, and try to get into Recovery Console
-Even though I'm loading from CD, I get kicked back to the "Windows cannot start screen"

And now, what my brain has to say about the possibility that I may have totaled my compy:



At the very least I put all my important files on an external drive. Just need to know if that thing came out OK or through some horrible luck fried the contents.
303darthbobby
Catgirl
I'm the one they warned you about.
Level: 79


Posts: 1510/1810
EXP: 4550902
For next: 28565

Since: 03-02-09

From: North Carolina

Since last post: 66 days
Last activity: 1 day

Posted on 01-06-10 03:33:46 PM Link | Quote
I'd try a live/boot cd (ubuntu, Hiren's) and run a virus scan. Both are extremely handy for this kind of thing. I just hope you either already have one of them, or you are able to get it from another PC.
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 164


Posts: 2071/9863
EXP: 56539165
For next: 1163225

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 1 day
Last activity: 5 min.

Posted on 01-06-10 04:49:21 PM Link | Quote
You know, emotionally, if this were someone else's computer, I wouldn't give a shit. But it is so I am.

But I did tweak the boot order around in the BIOS and got the Windows CD to load and get into RC that way. I've discovered that access is denied to at least the system files, since I'm totally unable to apply the "fix" I found last night, and if I try to change directory, I get a "Directory not valid" message.
Miss Dani
6210
Level: 134


Posts: 1880/6219
EXP: 27989550
For next: 597424

Since: 10-23-09


Since last post: 6.0 years
Last activity: 42 days

Posted on 01-06-10 04:55:55 PM Link | Quote
If you're going to have to reinstall Windows, and your computer is decent enough... you might want to consider upgrading to Windows 7... but you might need the 32-bit version, depending on the age of your computer
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 164


Posts: 2074/9863
EXP: 56539165
For next: 1163225

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 1 day
Last activity: 5 min.

Posted on 01-06-10 05:02:39 PM (last edited by GabuChickenleg at 01-06-10 05:08 PM) Link | Quote
Why would I install Windows 7 when Windows XP works just fine? Yeah, WIndows 7 is better than Vista, but it seems kind of... odd. Sure, we had 98 until 2004, when we got the new (now mine, now shat itself) computer, but that was because we had no choice.

Okay, I'm rambling, but I'm not installing Windows 7 until I both know of all the tricks and shit for it, have a machine that can use 7 optimally while keeping programs running fast, and know that everything in my computer works with 7, and know if everything I have for that machine has updated drivers for that system.

So no.

E- Sorry if that came off as asshole-ish. I'm dealing with a slow computer handling several chats (one of them Facebook, which disables the keyboard unless windows are quickly switched around) while burning a boot CD and the idea that this may be unrecoverable.
Miss Dani
6210
Level: 134


Posts: 1882/6219
EXP: 27989550
For next: 597424

Since: 10-23-09


Since last post: 6.0 years
Last activity: 42 days

Posted on 01-06-10 05:07:54 PM Link | Quote
You might just want to reinstall XP at this point... I don't really know that much, being a recent Mac convert
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 164


Posts: 2075/9863
EXP: 56539165
For next: 1163225

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 1 day
Last activity: 5 min.

Posted on 01-06-10 05:11:01 PM Link | Quote
Nah, I'm still at the Recovery Console phase, and I'm currently burning a boot CD that might help. I still have Automated System Recovery as the next biggest step if that fails as well before doing a clean install.
Miss Dani
6210
Level: 134


Posts: 1884/6219
EXP: 27989550
For next: 597424

Since: 10-23-09


Since last post: 6.0 years
Last activity: 42 days

Posted on 01-06-10 05:12:59 PM Link | Quote
Yea... at least there's Recovery Console and stuff like the boot CD now... sure beats having to reinstall more frequently, like I had to do with 98

I didn't have to reinstall 2000 or XP even once in the many years I used those systems...
Hiryuu
Banned (again) for basically trolling and stirring up shit (again)

Level: NaN


Posts: 12576/-14435
EXP: NaN
For next: 0

Since: 07-06-07


Since last post: 8.0 years
Last activity: 8.0 years

Posted on 01-06-10 05:13:06 PM Link | Quote
Originally posted by 303darthbobby
I'd try a live/boot cd (ubuntu, Hiren's) and run a virus scan. Both are extremely handy for this kind of thing. I just hope you either already have one of them, or you are able to get it from another PC.


Listen to the man. Especially Hi-Ren's. Fixes multiple issues that are related to FakeAlert and Vundo (which is likely what you have). Hi-Ren's should have Kaspersky, Malwarebytes and SuperAntiSpyware, at the very least, which should take the virus out.
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 164


Posts: 2076/9863
EXP: 56539165
For next: 1163225

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 1 day
Last activity: 5 min.

Posted on 01-06-10 05:21:33 PM (last edited by GabuChickenleg at 01-06-10 05:37 PM) Link | Quote
Doing that now, though I'm having issues with burning the image onto a blank CD, since there doesn't seem to be any in the household. At least one of these CD-Rs in that spindle should be good...

E- Oh shit, I forgot my dad has BartPE.

Xkeeper

Level: 244


Posts: 14450/23358
EXP: 228603675
For next: 1583591

Since: 07-03-07

Pronouns: they/them, she/her, etc.

Since last post: 1 day
Last activity: 1 hour

Posted on 01-06-10 05:49:59 PM Link | Quote
Originally posted by Hiryuu
Listen to the man. Especially Hi-Ren's. Fixes multiple issues that are related to FakeAlert and Vundo (which is likely what you have). Hi-Ren's should have Kaspersky, Malwarebytes and SuperAntiSpyware, at the very least, which should take the virus out.

The last time I tried to use Hiren's BootCD it didn't do shit except crash.

I think it was the change to GRUB, but whatever it was broke the CD pretty badly. The menus broke and pretty much nothing worked.
Hiryuu
Banned (again) for basically trolling and stirring up shit (again)

Level: NaN


Posts: 12578/-14435
EXP: NaN
For next: 0

Since: 07-06-07


Since last post: 8.0 years
Last activity: 8.0 years

Posted on 01-06-10 06:00:18 PM Link | Quote
Take a look at Hi-Ren 10.1 sometime. Includes Mini XP.

Only say this because I did the exact same fix two weeks ago.
Xkeeper

Level: 244


Posts: 14453/23358
EXP: 228603675
For next: 1583591

Since: 07-03-07

Pronouns: they/them, she/her, etc.

Since last post: 1 day
Last activity: 1 hour

Posted on 01-06-10 06:02:18 PM Link | Quote
Originally posted by Hiryuu
Take a look at Hi-Ren 10.1 sometime. Includes Mini XP.

That would be the one I burned, and GRUB presented a list of options (Boot from CD, boot from HDD, whatever) and selecting any of them spit out some garbled ANSI crap and some message involving bad commands, then returned to an empty (and even more broken) menu.

Maybe the image I got was bad, but bleh, I think I'll stick with an older version :|
Hiryuu
Banned (again) for basically trolling and stirring up shit (again)

Level: NaN


Posts: 12579/-14435
EXP: NaN
For next: 0

Since: 07-06-07


Since last post: 8.0 years
Last activity: 8.0 years

Posted on 01-06-10 06:05:10 PM Link | Quote
Yea...I'd say bad ISO burn. There's a utility that should come with the package that is circulated via torrent that will burn the disc onto CD or DVD as well. I'm not sure if that's a requisite or not but I used it since it was the only thing I had on-call and I didn't really have anything else available but a spare computer that didn't have crap for burning utilities anyways. I was lucky I had my thumb drive on me or it wouldn't have been fixed. Person was using a live CD for a long time (months) and needed to get into Office in Vista and couldn't and it turned out to be a simple fix with that.
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 164


Posts: 2088/9863
EXP: 56539165
For next: 1163225

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 1 day
Last activity: 5 min.

Posted on 01-06-10 11:40:41 PM (last edited by GabuChickenleg at 01-07-10 12:34 AM) Link | Quote
I got onto Mini XP via the Hiren Boot CD, and I've found some files that were either created or modified at the time just by glossing over the C: drive:

C:\
eddc.exe <- Most likely it
jubfrms.exe
ibbsexlt.exe
wkomr.exe

Internet Logs (All of which I think were made and/or modified by Zone Alarm):
IAMDB.RDB
ZaLog.txt
d5R22961.ldb

Temp folder:
AV991.tmp

\SYSTEM32
net.net
winlogon86.exe
winupdate86.exe
critical_warning.html (the supposed page I got)
kimefeku (no extensions)

This forum seems to have a user that had the exact same issue, and appears to be from Belgium. (The virus first appeared in Belgium) If anyone knows what they're saying and can translate it, that would be a major help.
Hiryuu
Banned (again) for basically trolling and stirring up shit (again)

Level: NaN


Posts: 12585/-14435
EXP: NaN
For next: 0

Since: 07-06-07


Since last post: 8.0 years
Last activity: 8.0 years

Posted on 01-07-10 04:13:08 PM Link | Quote
I'm gonna guess that's part of FakeAlert. That Hi-Ren's CD should have some Anti-Virus tools on it that you should be able to use to get that off that drive.
303darthbobby
Catgirl
I'm the one they warned you about.
Level: 79


Posts: 1515/1810
EXP: 4550902
For next: 28565

Since: 03-02-09

From: North Carolina

Since last post: 66 days
Last activity: 1 day

Posted on 01-07-10 06:47:29 PM Link | Quote
If I'm not mistaken, the location is something like: X:\WinTools\KasperskyAntVir.

Ok, so this post isn't as useful as it was in my head. I swear I had a better one in mind, but you know
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 164


Posts: 2091/9863
EXP: 56539165
For next: 1163225

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 1 day
Last activity: 5 min.

Posted on 01-08-10 12:07:32 AM (last edited by GabuChickenleg at 01-08-10 03:04 PM) Link | Quote
While Hi-ren seems to work, over half of the programs on there refuse to start. I'm thinking this is just a bad burn, so I'm burning a second disc and hopefully have more programs at my disposal.

Also, today I ran Spybot several times and came up with two dreaded trojans: Virtumonde and Win32. Got some instructions on how to beat those things with a virtual hammer, so I might go do that tomorrow.

I GUESS I SHOULD ALSO ADD THIS!:
I was able to load into safe mode yesterday morning, but I have the dreaded logon/logoff loop with it. I applied some changes to the registry, but I'm not sure if that worked just yet, as I am scanning the computer for viruses at the moment. If the changes don't work, would copying explorer.exe and userinit.exe onto a floppy (or whatever) from this computer and replacing the two files on my computer do anything?
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 164


Posts: 2105/9863
EXP: 56539165
For next: 1163225

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 1 day
Last activity: 5 min.

Posted on 01-08-10 07:52:18 PM (last edited by GabuChickenleg at 01-09-10 02:27 AM) Link | Quote
You know what? I'm sick of trying to root around and solve the problem this way. I'm thinking of a repair install at this point, since non-system data won't be deleted.

OF COURSE THERE'S STILL A PROBLEM AS WE ONLY HAVE A BURNT CD OF XP PRO INSTEAD OF HOME. AAAGH.

E- Well, whaddya know? We do have one, and after the repair was able get into Windows, albeit with a shitload of viruses, particularly Vundo and Win32. I got rid of some with ZoneAlarm, then thanks to dad and a very clever trick got MalwareBytes to run, get rid of a bunch more, and got back a whole mess of my computer (Task Manager, executing programs). Things are on the up and up!

(Of course, for some reason, I have over 140 desktop.ini files suddenly everywhere, and a retina piercing wallpaper I don't think I can get rid of just yet)
Rena

Star Mario
Fennel
Level: 128


Posts: 2806/5257
EXP: 24350833
For next: 30867

Since: 07-22-07

Pronouns: he/him/whatever
From: RSP Segment 6

Since last post: 2 days
Last activity: 2 days

Posted on 01-11-10 10:45:26 PM Link | Quote
Back up any files you want to keep to an external drive. Nuke all internal hard drives from orbit. Reinstall. Grab all updates and patches and a good antivirus from another, fully trusted machine on a trusted connection before you ever reconnect this one to a network. Install those. Disable autorun. Connect the external drive. Deep scan it. Restore files. Never use IE again. Skipping any of these steps means you're going to be infected again within minutes. It takes literally about one minute for an unpatched XP install to be compromised upon connecting to the Internet.
Yes, a virus can infect your photos (there have been many JPEG exploits) and potentially videos, music, etc. Scan everything. Ideally, scan with multiple antiviruses - but never install more than one on the same OS install. Use other machines for the other scans.

Alternatively, switch to Ubuntu, but make sure your hardware is compatible before actually installing.

If nuclear bombs are not available, formatting the drive can suffice, but wear gloves when handling it.
Pages: 1 2Next newer thread | Next older thread
Jul - Computers and Technology - OH CRAP I THINK I BROKED IT! New poll - New thread - New reply




Rusted Logic

Acmlmboard - commit 5d36857 [2018-03-03]
©2000-2018 Acmlm, Xkeeper, Inuyasha, et al.

28 database queries, 8 query cache hits.
Query execution time: 0.153935 seconds
Script execution time: 0.031485 seconds
Total render time: 0.185420 seconds
Memory used: 786432