Re: Fixing broken XP install on XPS machine
- From: retsuhcs@xxxxxxxxx (Mike S.)
- Date: Fri, 13 Mar 2009 18:45:59 +0000 (UTC)
In article <gookic$ofe$1@xxxxxxxxxxxxxxxxx>,
Mike S. <retsuhcs@xxxxxxxxx> wrote:
My nephew asked me to look at his XP-MCE XPS machine after a "friend of a
friend who's an IT tech" messed with it after an apparent virus attack.
As he describes, the problems started when he tried to play an downloaded
video and WMP (apparently) requested permission to download a new codec;
followed by his Trend Micro virus alarm going off. His "friend of a
friend" apparently removed said virus (he doesn't remember which) but the
machine (which DOES boot and run) has been very unstable since.
He has a ton of music and video files on it, and I suggested that he back
them all up on an external HD (which he did, after I booted the system
from a Live CD for safety).
So then we were faced with either a wipe and full reinstall, or something
more conservative.
Some symptoms are as follows (besides general crashes and instability):
1. The NTFS file system on the C: drive seems to be messed up. When the
system boots, the pre-desktop screen displays a text message saying that
AUTOCHK is not available for disk type RAW. Running Norton Disk Doctor
from a Live CD, it complains that neither NTFS boot sector is readable
(how, then can the system boot and run?)
2. The system freezes if you try to open a command window or any console
application (for instance, chkdsk). So I ran chkdsk from the Live CD.
Astonishingly if finds very little wrong, exexpt for some unallocated
space which it fixes. Also ran the quick test with the Western Digital
diagnostic, and it found nothing wrong.
3. His antivirus cannot connect to the Internet to do a signature file
update, although web browsers, his torrent client, etc still hum merrily
along transferring stuff back and forth.
We decided to first try a conservative strategy, doing a repair install
using his Dell XP-MCE install DVD. The install proceeded to completion,
but only clicking through some errors I've never seen before:
1. Prompt to locate the Intel storage driver (dialog box was pointing to a
non-existent folder). I manually navigated to the Dell drivers folder on
the C: drive and it carried on.
2. Error while calling mscoree.dll (isn't this a .NET component?)
3. A huge string of errors related to some "get version" function of a
system DLL.
On first reboot, the AUTOCHK error is still there. DOS prompt and chkdsk
now run, and finds lots of errors in the volume map which are supposedly
fixed. Antivirus still cannot connect, but other programs have access.
It was getting late so I told him to reinstall his antivirus and see if it
updates, run another virus scan, and check for general stability before
deciding whether to wipe the machine clean.
Does this scenario suggest anything in particular?
Thanks again to all who contributed suggestions. In the end ... and a few
moments before I was ready to delete and reinstall the Windows partition,
I found the answer.
The "install missing codec" prompt was an inducement to manually install
the freshplay (gaopdx, DNS changer) rootkit. Sysinternals Rootkit Revealer
found it almost instantly, and I used Combofix from GeeksToGo to remove
the files and hidden registry entries.
This explains why Firefox gets out to the Internet but PC-Cillin can't.
Autochk is still running after the first clean reboot, and it's busy
checking all files. When the dust clears we'll see whether the system is
still salvageable, and try to run an updated scan running from his C:
drive rather than a LiveCD.
.
- References:
- Fixing broken XP install on XPS machine
- From: Mike S.
- Fixing broken XP install on XPS machine
- Prev by Date: Re: XP XPS 420 Install...BIG Problem Now
- Next by Date: Re: Dim 8300 - Replace Video Card
- Previous by thread: Re: Fixing broken XP install on XPS machine
- Next by thread: How in God's name do I open a Dim3000??
- Index(es):
Relevant Pages
|
