Broken WinXP.. Help?

[KurtFF8]

Heres what happened to my computer and where im at now: I had a virus (one that ran "paycheck.exe" I believe) and started it in safe mode, ran norton, adaware, spybot and hijackthis , restarted my computer in normal mode, the virus was still active so I manually turned my computer off and on to get to the "the following files are missing or corrupt: /windows/system32/config"

I searched and found my vendor(emachine)'s restore cd and when i put it in only had 2 options: To reformat and lose all of my data or just run a comand prompt from the cd.

So I cant get into the recovery console because I dont have a windows XP cd.

I was thinking I could either:

-wait and try to get ahold of a windows XP cd and try through the recovery console

-Install Linux and backup my files (although I dont know if id lose my data or not, and if so then this option is pointless)


Other than this I dont know what to do, the big delima is that I dont want to lose any of my data.

Can anyone help?

 

[Db2012]

get ahold of a XP cd, try to go into repair console and type "FIXBOOT" if that doesnt work do a soft repair to the instalation.

 

[mechBgon]

FYI that was probably paytime.exe, which I believe is related to CoolWebSearch (notorious adware/spyware junk). In the future, be careful-er what you run, use a current-generation version of your antivirus software (not old stuff like Norton 2003 or something), and use a Limited account for daily-driver stuff like IM'ing, surfing the Internet, and email.

The Limited account alone, combined with keeping your Windows patched up, will make you nearly invincible as long as you don't go installing warez or other random stuff you got off the Internet. I was deliberately trying to infect a system with some nasty stuff yesterday using a Limited account... no way.

 

[blodhi74]

sorry for hijacking the thread ... nice updates on UR page Mech

 

[mechBgon]

Originally posted by: blodhi74
sorry for hijacking the thread ... nice updates on UR page Mech

Thanks! I did take away most of the click-to-enlarge pics, but that was sort of a bandwidth-burning luxury

 

[dclive]

Originally posted by: KurtFF8
Heres what happened to my computer and where im at now: I had a virus (one that ran "paycheck.exe" I believe) and started it in safe mode, ran norton, adaware, spybot and hijackthis , restarted my computer in normal mode, the virus was still active so I manually turned my computer off and on to get to the "the following files are missing or corrupt: /windows/system32/config"

I searched and found my vendor(emachine)'s restore cd and when i put it in only had 2 options: To reformat and lose all of my data or just run a comand prompt from the cd.

So I cant get into the recovery console because I dont have a windows XP cd.

I was thinking I could either:

-wait and try to get ahold of a windows XP cd and try through the recovery console

-Install Linux and backup my files (although I dont know if id lose my data or not, and if so then this option is pointless)


Other than this I dont know what to do, the big delima is that I dont want to lose any of my data.

Can anyone help?

Wait and get XP and go to the recovery console.

Fixboot won't help you; you don't have a boot problem. Your registry has become corrupt. One way to fix it is to see if you can boot with F8 / safe mode; if not (and I suspect you won't) then get that XP CD, boot from it, make a backup of the four files (sam, software, system, security) from c:\windows\system32\config, and then copy those same files from c:\windows\repair to c:\windows\system32\config.

Once you've done that (did you make that backup FIRST, perhaps to c:\windows\system32\config\old?) reboot (you remember your admin password when you first built your PC, right? If not, find it before you do this), and you should be able to boot your box and log in.

Then open permissions on c:\system volume information to make it everyone-readable.

Then go into that directory, sort by date, open the most recent directory, find the four files with sam\software\system\security in them, and COPY them to c:\windows\system32\config\new; rename them just as sam\software\system\security.

Boot back into recovery console; log in.

Copy the files from c:\windows\system32\config\new to c:\windows\system32\config.

Reboot. You should be all set. Bear in mind your registry will still have entries of the virus, but the virus will actually be gone from your system.

Get a modern antivirus program. Get Microsoft Antispyware (see my .sig for download). Keep both updated.

Cheers.

(PS: You can skip the first steps and go straight to c:\sysvolinfo step with Bart's PE Boot CD, if you have that handy.)

 

[KurtFF8]

I got access to a recovery console cd but when i try to follow the steps at http://support.microsoft.com/?kbid=307545 it says access denied when i try to type md tmp

it says to enter the admin password when prompted to do so but i was never prompted to do so so i dont know what to do, anyone?

 

[dclive]

In RC you can't create a directory anywhere but c:\windows. Make sure that's where you are before you start typing. If not, CD to Windows, then do those steps. Try again, and report back.

If you weren't prompted for a password, your SAM | Security files are hosed. Just follow those steps I listed, and let's see what happens.