Win Xp trojans - Page 7

Jaytee · #91 July 9th, 2012, 11:27 AM

This chdsk /r is taking a long time.......
While the c/d setup was loading I noticed a prompt to press (f2) to autorecover is this the same as a repair?

Jaytee · #92 July 9th, 2012, 12:12 PM

OK
CHKDSK /r has run its course and claimed to have fixed one or more errors. I do not see a significant improvement in the machines performance as yet...

**Jintan** · #93 July 10th, 2012, 12:50 AM

Good, now go back and try the Repair Install. That may have corrected the file system enough for the CD to recognize your Windows install.

Jaytee · #94 July 10th, 2012, 02:02 AM

If that is not the case do you want me to press F2 when the c/d setup is loading to get to "autorestore" Yes???

**Jintan** · #95 July 10th, 2012, 02:21 AM

This scenario again please.

Jaytee · #96 July 10th, 2012, 11:16 AM

I did as you suggested but we are not in good shape here:
Partition 1 F: inactive o/s two
Partition 2 C: [unknown]
Partition 3 E: Backup (NTFS)

john29 · #97 July 10th, 2012, 02:27 PM

s that all since running ComboFix? The userinit settings aren't loading. Did you do the AVG uninstall step?

Going to need something to point us to whatever service the ZA bootkit is hijacking there.

Open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Jaytee · #98 July 10th, 2012, 10:28 PM

John
Thanks for your input but you need to be a member of the malware team before you can give advise on this board

**Jintan** · #99 July 11th, 2012, 01:07 AM

As Jaytee mentioned John29, please be aware of these forum guidelines about posting in threads here. Thanks.

Jaytee, can you help me out with what this means?

Partition 1 F: inactive o/s two

What is F, that indicates that info?

C drive shows as unknown, which still says the file system is not being recognized. These folks are looking at an OS reinstall, to be square about it.

Jaytee · #**100** July 11th, 2012, 07:07 AM

Hi Tom;
I think that the os/2 partion is a small Unix/Minix system 6000 odd bytes so I guess it was a special purpose app from when it was a leased machine.
It appears that Windows has assigned a drive letter F: to the system even though Windows can't recognise it..

Jaytee · #**101** July 11th, 2012, 11:09 AM

I am going to begin retrieving the my documents data to a seperate hard drive with a view to clean installing Windows XP on the weekend.

My own feeling is that the four bad blocks on the hard drive will not cause significant problems.
What do you think???

**Jintan** · #**102** July 12th, 2012, 01:29 AM

I think the hard drive is failing John. If a reinstall then shows no issues, I am wrong.

Jaytee · #**103** July 18th, 2012, 03:35 AM

Hi Tom,
I am probably going off topic here a bit so maybe I need to start a new thread in Win XP
Here is my problem:
Copy paste does not work under any circumstance so I had to run the drive up on my machine. My disk utility shows 1 hidden HP FAT32 partition 8 gigabytes. Disk analysys shows it to be clean. The other two partitions both NTFS Windows and the back up are shown to be NOT clean for unspecified reasons.
I have copied most of the files onto my desktop and now have the problem of trying to identify the worthwhile data from the cruft and duplicates ( in some cases five copies of the same file exist.
I do not wish to transfer the problem to a new install but finding the rubbish is a monumental task. Any handy hints or pointers would be welcome.
I intend burning a large number of DVD's in order to clear the stuff from my (Linux) machine.
.
!

**Jintan** · #**104** July 19th, 2012, 12:23 AM

I don't think we discussed this here yet. The steps are a quickly modded version of the malware removal steps, so may be a tad awkward to read.

You will need a USB (flash/thumb) drive.

Download http://unetbootin.sourceforge.net/un...ows-latest.exe & http://noahdfear.net/downloads/boota...xpud-0.9.2.iso to the desktop of your clean computer
[list][*]Insert your USB drive[*]Press Start > My Computer > right click your USB drive > choose Format > Quick format[*]Double click the unetbootin-xpud-windows-387.exe that you just downloaded[*]Press Run then OK[*]Select the DiskImage option then click the browse button located on the right side of the textbox field.[*]Browse to and select the xpud-0.9.2.iso file you downloaded[*]Verify the correct drive letter is selected for your USB device then click OK[*]It will install a little bootable OS on your USB device[*]Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface[*]After it has completed do not choose to reboot the clean computer simply close the installer

Place the usb drive into the problem computer, and boot from it. You will likely need to access the Boot Menu (many systems show which key option that is during bootup), or make a change in the BIOS.
[*]Boot the infected computer[*]Press F12 and choose to boot from the USB[*]Follow the prompts[*]A Welcome to xPUD screen will appear[*]Press File[*]Expand mnt[*]sda1,2...usually corresponds to your HDD

That mnt folder is where all your drive's partitions and files will be. xPUD at this time will be loaded into RAM, so you can feel free to remove that xPUD usb drive, and insert a different one to offload files to.

**Jintan** · #**105** July 19th, 2012, 12:23 AM

Man those steps are a mess - written for a different forum. Sorry.