TechSpot

Unable To Run Preliminary Scans

By Help-Please-13
Apr 19, 2013
  1. Hello. Before posting, I tried to run the programs in the instruction guide. They both told me I had to have administrator rights to do so.

    That is the same point the problem with this XP Pro (SP3) system started a few days ago. I lost administrator rights, and some services were changed. Unable to do anything at this point. Have no discs to use and this Latitude D420 does not even have a cd drive to use.

    How to I proceed getting help when cannot run preliminary scans. Thank you.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    You will need a USB flash drive.

    Download GETxPUD.exe to the desktop of your clean computer
    • Run GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Next download rst.sh to your USB flash drive
    • Remove the USB & CD and insert it in the sick computer
    • Boot the Sick computer with the CD you just burned
    • The computer must be set to boot from the CD
    • Gently tap F12 and choose to boot from the CD
    • Follow the prompts
    • A Welcome to xPUD screen will appear
    • Press File
    • Expand mnt
    • sda1,2...usually corresponds to your HDD
    • sdb1 is likely your USB
    • Click on the folder that represents your USB drive (sdb1 ?)
    • Confirm that you see rst.sh that you downloaded there
    • Press Tool at the top
    • Choose Open Terminal
    • Type bash rst.sh
    • Press Enter
    • After it has finished a report will be located on your USB drive named enum.log
    • Remove the USB drive and insert it back in your working computer and navigate to enum.log

      Please note - all text entries are case sensitive
    Copy and paste the enum.log for my review
     
  3. Help-Please-13

    Help-Please-13 TS Rookie Topic Starter

    Thank you. Your above post says to use a clean comjputer to download the program. There are no "clean" computers left in this house. Can I use this infected computer to get the program onto the USB drive? Also, I cannot boot from the USB drive at this time. The bios says only hdd and cd (no cd). Is it possible to change the bios to make the usb bootable? Thank you.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    That's strange but we better leave BIOS alone.

    Let's try something else...

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  5. Help-Please-13

    Help-Please-13 TS Rookie Topic Starter

    Cannot do above. I lookd at BIOS earlier, and only HDD and CD bootable (even though there is not CD drive in here). This is my only computer and the one infected. Thank you.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I'm not sure if I'll be able to help because you don't give me any options.
    We can't use USB, we can't use CD and you can't run anything from Windows.
    We need magic...
    You can try system restore but if you're not an administrator it probably won't work.
    Even if you wanted to reinstall Windows you'll need CD drive.
     
  7. Help-Please-13

    Help-Please-13 TS Rookie Topic Starter

    Can I restore from command prompts? What would command lines be? Thank you .
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You could try to do it from Recovery Console...

    If you have Windows XP CD... (if you don't have Windows CD, scroll down)

    1. Boot from the CD.
    2. When the text-based part of Setup begins, follow the prompts. Select the repair or recover option by pressing R:

    [​IMG]

    3. You'll find yourself at this screen:

    [​IMG]

    4. Once you are at the Recovery Console you will be given at least one choice of Windows installations. Normally the choice you want is the number 1 choice. Click the number 1 key at the "top" of the keyboard and click enter.

    NOTE: at this point your numbers to the right of your keyboard are turned off. If you insist on using these keys for your numbers remember to hit the Numbers Lock key before clicking a number over there or your computer will automatically reboot and you will have to wait through the previous steps to get back to the console.

    5. You will be given a message asking for the administrator password. Unless someone or something has messed with your computer there is no password so you just click the Enter key.

    6. This will bring you to a prompt that says:

    C:\WINDOWS>

    7. Type:

    cd \

    Press Enter

    Note: between "cd" and "\" there should be a "blank space" otherwise the command won't work

    8. The prompt should now say:

    C:\>

    9. Type:

    cd system~1\_resto~1

    Press Enter.

    ===============================================================================

    Note: If it gives an error "Access Denied" while accessing the folder, follow the method below

    Type: cd \

    Press Enter

    Type: cd windows\system32\config

    Press Enter

    Type: ren system system.bak

    Press Enter

    (note the spaces between ren and system, and then between system and system.bak)

    Type: exit

    Press Enter

    now the computer should restart, then follow steps 1-9


    ===============================================================================

    10. Type:

    dir

    Press Enter

    NOTE: When you hit enter it will list all the restore points folders like "rp1", "rp2" we have to see the last restore point to copy the file from a recent backup. If the restore points have more than one page then you have keep on hitting the key to view the last restore point folder.

    NOTE: It is a good rule of thumb to choose the files from the restore point folder which the second to the last one.

    11. Type:

    cd rp{with the second to the last restore point number }

    Press Enter

    Example: cd rp9. if rp10 is the last restore point

    12. Type:

    cd snapshot

    Press Enter.

    NOTICE: Now the command prompt will look like this:

    c:\system~1\resto~1\rp9\snapshot

    Note : restore point 9 assumed for clarity of the content.


    13. Type:

    copy _registry_machine_system c:\windows\system32\config\system

    Press Enter

    14. Type:

    Exit

    Press Enter.

    Final note : If the above procedure won't solve the problem, repeat all steps, but in step 13 type:

    copy _registry_machine_software c:\windows\system32\config\software

    Alternatively, select different restore point.



    If you don't have Windows CD...

    Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
    Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
    Using Imgburn, burn rc.iso to a CD (use "Write image file to disc" option).
    Boot to the CD...let it finish loading.
    When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

    Follow steps 3 - 14.
     
  9. Help-Please-13

    Help-Please-13 TS Rookie Topic Starter

    Thank you for your patience. I still need more guidance to proceed with above. I cannot install or boot from a cd. Can I do the above steps using a USB flash drive, changing the BIOS to boot from USB or use command prompts to boot directly from USB despite BIOS limitations?
    There is an administrative password in the BIOS which I set. Thank you.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You said there is no option to boot from USB.
    If you can manage to do so follow my very first reply.

    Other than that I really don't see any other options.
    We need to boot somehow from the outside since you can't do anything from within Windows.
     
  11. Help-Please-13

    Help-Please-13 TS Rookie Topic Starter

    I stated earlier that the USB boot option needed to be set from BIOS, but you said to leave alone. Sorry about misunderstanding. So now I have gone and made the USB bootable in the BIOS. However, I put it as #2 boot. I think I should have put it as the first one. Is that correct? If so, it is an easy fix to make the USB bootable first. Do I need to do so, and if so, then where do we go next? Thanks so much. You have the paitence of a saint to deal with this, and I appreciate your expertise :)
     
  12. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Yes, you need to put USB as #1 in boot order.

    Then...

    You will need a USB flash drive.

    Download GETxPUD.exe to the desktop of your clean computer
    • Run GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Next download rst.sh to your USB flash drive
    • Remove the USB & CD and insert it in the sick computer
    • Boot the Sick computer with the CD you just burned
    • The computer must be set to boot from the CD
    • Gently tap F12 and choose to boot from the CD
    • Follow the prompts
    • A Welcome to xPUD screen will appear
    • Press File
    • Expand mnt
    • sda1,2...usually corresponds to your HDD
    • sdb1 is likely your USB
    • Click on the folder that represents your USB drive (sdb1 ?)
    • Confirm that you see rst.sh that you downloaded there
    • Press Tool at the top
    • Choose Open Terminal
    • Type bash rst.sh
    • Press Enter
    • After it has finished a report will be located on your USB drive named enum.log
    • Remove the USB drive and insert it back in your working computer and navigate to enum.log

      Please note - all text entries are case sensitive
    Copy and paste the enum.log for my review
     
  13. Help-Please-13

    Help-Please-13 TS Rookie Topic Starter

    Great. thank you. As I said, I have to use my sick computer to get the log on the USB drive and then run it, but that is all I have to work with. Will post results when get them. When will you be online again? Are you still available tonight and/or tomorrow? Thank you again.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I can't provide you with my schedule.
    I'm just a volunteer.
    I'll always reply as soon as I can.
     
  15. Help-Please-13

    Help-Please-13 TS Rookie Topic Starter

    No problem. thank you for all your help. I could not use my USB for that last program as it only burns to a cd. the portable cd drive I hooked up to this thing did not work to finish it, so I have to figure out another approach. We might as well close up this thread as I am unable to proceed. Thank you for all your help and suggestions. This laptop is just too limited. Have a great weekend:)
     
  16. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Not a problem :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...