Locked out of Windows, will THIS work...

Discussion in 'Malware Help (A Specialist Will Reply)' started by Phlegmbot, Aug 23, 2006.

  1. Phlegmbot

    Phlegmbot Private First Class

    This idea was suggested to me based on:
    1. a registry log I posted (after MalWare infestation)
    and
    2. a .dll file I deleted which I'm 99% certain was part of one of the Trojans I was cleaning off my computer...

    The goal is to get back into Windwos W/out losing any files (sans a boot disk [my Toshiba did not come w/one]):


    I Download BartPE here :
    http://www.nu2.nu/download.php?sFile=pebuilder3110a.exe

    I Burn it to a CD, which will then BECOME my boot CD? (I have to change the BIOS to make sure the computer boots from the CD-ROM drive 1st).

    When the computer asks for Windows files, I should put my recovery CD in the CD drive and remove the Boot CD mentioned just above.

    At this point I should be able to get into some (stripped down?) version of Windows.

    I open Notepad.

    I save a random Notepad file as winemv32.dll (the .dll file I deleted)

    Using Explorer, I move it to C:\Windows\system32 where this same DLL file was and then reboot normally (removing the recovery CD prior) and cross my fingers.
    ---------

    So, anyone know if it'll work? Obviously I do not want the Recovery Disc to accidentally wipe my HD.

    Thanks!


    p.s. if you want to see the original postings, they're at Geekstogo.com -- just search for Phlegmbot!
     
    Phlegmbot, Aug 23, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Deleting the winemv32.dll file should not make your PC unbootable. It is just part of the Winlogonhook/conhook infection. Recently it often appears at the same time as Virtumonde infections. If fact just deleting this file without deleting all the other components of the infections (winlogonhook and virtumonde) will just make it typically come back. Thus you may have deleted something else.

    Perhaps you should read the below:

    XP's No-Reformat, Nondestructive Total-Rebuild Option


    That is assuming you have WinXP since you did not even tell us your OS.

    If you are working at geekstogo, why are you posting here.
     
    Last edited: Aug 23, 2006
    chaslang, Aug 23, 2006
    #2
  3. Phlegmbot

    Phlegmbot Private First Class

    The above reply aside, does anyone know if the idea I originally posted WILL WORK?

    Chaslang's link is great; I will check it out, but it requeires an XP setup or boot cd -- of which I have none. My laptop did not come w/one, which is why i need to know if the above will work.

    And Chas, you sound like you're pissed at something in your post. I'm not "working at Geeks to go" -- never said that. I posted there...like I posted here. I'm looking for a second opinion on the suggestion I was given.

    That's all.
     
    Phlegmbot, Aug 23, 2006
    #3
  4. Phlegmbot

    Phlegmbot Private First Class

    one more thing: by "will it work" I mean will it NOT wipe my HD...I'm nervous putting the Recovery Disc in as part of the above process.

    um...okay, I'm done.
     
    Phlegmbot, Aug 23, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No I'm not! It is just a fact that working in multiple forums at the same time results in confusion for all involved. If you start working in one forum, your really should finish working in that forum. The only reason you should not finish there would be if they say that they cannot help you. You did say you posted your problem there.

    And no I don't believe creating a dummy DLL file is going to help you because I don't think that deleting that file will cause this problem. We work on hundreds of these every week and there are many cases where that file has been deleted by a user or by a scanner. It never results in the PC not being bootable. Something else is probably wrong besides that.
     
    chaslang, Aug 23, 2006
    #5
  6. Phlegmbot

    Phlegmbot Private First Class

    Thanks for the explanation...

    Can you tell me, however, will this process erase my HD? I'm afraid to use the recovery CD as part of this process...it won't be able to wipe the HD, right?

    So, ultimately, it couldn't hurt? Or could it?
     
    Phlegmbot, Aug 23, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It will not wipe the hard disk unless you run commands to do that.
     
    chaslang, Aug 23, 2006
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds