|
Bogus Boot
I have a major issue. Despite editing my boot.ini manually and thru msconfig,
there are 2 boot options. The default IS NOT a valid install and does not appear on the .ini. I recently had a nasty trojan horse on my system that I've been attempting to root out. The scripts in it created admin level accounts while revoking rights to my own admin level acoount. However, I didn't have this issue until I swapped out my mobo. I have no idea what on earth could override boot.ini, but it's on my hdd. Any input is welcome |
RE: Bogus Boot
"krakr" wrote: > I have a major issue. Despite editing my boot.ini manually and thru msconfig, > there are 2 boot options. The default IS NOT a valid install and does not > appear on the .ini. > I recently had a nasty trojan horse on my system that I've been attempting > to root out. The scripts in it created admin level accounts while revoking > rights to my own admin level acoount. > However, I didn't have this issue until I swapped out my mobo. > > I have no idea what on earth could override boot.ini, but it's on my hdd. > Any input is welcome PH< OS is XP64 . I'm confused because I didn't have the problem until tonight when I upped my mobo. |
RE: Bogus Boot
I need to clarify. I had a trojan. It's been removed. The accounts it
created were removed. Now I just have the Admin, my compromised account (that I don't log into but need to take the My docs & stuff from) and my new account. I'm virus free and ready to move on for the past 2 days. Just installed a new Asus M3n72-d mobo this evening and a killer heat sink as well. After configuring the boot sequence again in BIOS. I had the issue. No other HDD has a boot.ini on it and I didn't have the issue on the old mobo. It's terribly confusing, especially after reading the security logs that allowed a script to remove rights from my own account while adding more to it's own when it was in the "user" group. Talk about security flaws :( |
Re: Bogus Boot
Personally, I'd pull off any data files you absolutely positively trust, and
then do a complete wipe of the system, booting off the XP x64 disk and deleting all partitions, recreating and formatting them. Whatever is going on, it feels more like a root kit than a simple trojan, and I'd say you still have problems. -- Charlie. http://msmvps.com/blogs/xperts64 http://mvp.support.microsoft.com/profile/charlie.russel "krakr" <krakr@discussions.microsoft.com> wrote in message news:DC33DB99-8988-4C4D-A3DC-6744296503BC@microsoft.com... >I need to clarify. I had a trojan. It's been removed. The accounts it > created were removed. Now I just have the Admin, my compromised account > (that > I don't log into but need to take the My docs & stuff from) and my new > account. > > I'm virus free and ready to move on for the past 2 days. Just installed a > new Asus M3n72-d mobo this evening and a killer heat sink as well. After > configuring the boot sequence again in BIOS. I had the issue. No other HDD > has a boot.ini on it and I didn't have the issue on the old mobo. > > It's terribly confusing, especially after reading the security logs that > allowed a script to remove rights from my own account while adding more to > it's own when it was in the "user" group. Talk about security flaws :( |
Re: Bogus Boot
"Charlie Russel - MVP" <charlie@mvKILLALLSPAMMERSps.org> wrote in message news:e7XTyZEgJHA.2384@TK2MSFTNGP04.phx.gbl... > Personally, I'd pull off any data files you absolutely positively trust, > and then do a complete wipe of the system, booting off the XP x64 disk and > deleting all partitions, recreating and formatting them. Whatever is going > on, it feels more like a root kit than a simple trojan, and I'd say you > still have problems. > > I recently had to repair a machine with a root kit and fdisk/mbr from a win9x boot floppy did the trick of course it was an IDE drive for an SATA drive one would need to use the repair console and isse the fixmbr command however, the fixmbr command does not over-write quite as much as fdisk/mbr > Charlie. > http://msmvps.com/blogs/xperts64 > http://mvp.support.microsoft.com/profile/charlie.russel > > "krakr" <krakr@discussions.microsoft.com> wrote in message > news:DC33DB99-8988-4C4D-A3DC-6744296503BC@microsoft.com... >>I need to clarify. I had a trojan. It's been removed. The accounts it >> created were removed. Now I just have the Admin, my compromised account >> (that >> I don't log into but need to take the My docs & stuff from) and my new >> account. >> >> I'm virus free and ready to move on for the past 2 days. Just installed a >> new Asus M3n72-d mobo this evening and a killer heat sink as well. After >> configuring the boot sequence again in BIOS. I had the issue. No other >> HDD >> has a boot.ini on it and I didn't have the issue on the old mobo. >> >> It's terribly confusing, especially after reading the security logs that >> allowed a script to remove rights from my own account while adding more >> to >> it's own when it was in the "user" group. Talk about security flaws :( > |
Re: Bogus Boot
many thx, though I'm not looking forward to it.
"Charlie Russel - MVP" wrote: > Personally, I'd pull off any data files you absolutely positively trust, and > then do a complete wipe of the system, booting off the XP x64 disk and > deleting all partitions, recreating and formatting them. Whatever is going > on, it feels more like a root kit than a simple trojan, and I'd say you > still have problems. > > -- > Charlie. > http://msmvps.com/blogs/xperts64 > http://mvp.support.microsoft.com/profile/charlie.russel > > "krakr" <krakr@discussions.microsoft.com> wrote in message > news:DC33DB99-8988-4C4D-A3DC-6744296503BC@microsoft.com... > >I need to clarify. I had a trojan. It's been removed. The accounts it > > created were removed. Now I just have the Admin, my compromised account > > (that > > I don't log into but need to take the My docs & stuff from) and my new > > account. > > > > I'm virus free and ready to move on for the past 2 days. Just installed a > > new Asus M3n72-d mobo this evening and a killer heat sink as well. After > > configuring the boot sequence again in BIOS. I had the issue. No other HDD > > has a boot.ini on it and I didn't have the issue on the old mobo. > > > > It's terribly confusing, especially after reading the security logs that > > allowed a script to remove rights from my own account while adding more to > > it's own when it was in the "user" group. Talk about security flaws :( > > |
Re: Bogus Boot
I didn't suggest it would be fun. But I strongly suggest it is necessary.
-- Charlie. http://msmvps.com/blogs/xperts64 http://mvp.support.microsoft.com/profile/charlie.russel "krakr" <krakr@discussions.microsoft.com> wrote in message news:8072E99C-F525-4275-BE21-1D8DF9F7B129@microsoft.com... > many thx, though I'm not looking forward to it. > > "Charlie Russel - MVP" wrote: > >> Personally, I'd pull off any data files you absolutely positively trust, >> and >> then do a complete wipe of the system, booting off the XP x64 disk and >> deleting all partitions, recreating and formatting them. Whatever is >> going >> on, it feels more like a root kit than a simple trojan, and I'd say you >> still have problems. >> >> -- >> Charlie. >> http://msmvps.com/blogs/xperts64 >> http://mvp.support.microsoft.com/profile/charlie.russel >> >> "krakr" <krakr@discussions.microsoft.com> wrote in message >> news:DC33DB99-8988-4C4D-A3DC-6744296503BC@microsoft.com... >> >I need to clarify. I had a trojan. It's been removed. The accounts it >> > created were removed. Now I just have the Admin, my compromised account >> > (that >> > I don't log into but need to take the My docs & stuff from) and my new >> > account. >> > >> > I'm virus free and ready to move on for the past 2 days. Just installed >> > a >> > new Asus M3n72-d mobo this evening and a killer heat sink as well. >> > After >> > configuring the boot sequence again in BIOS. I had the issue. No other >> > HDD >> > has a boot.ini on it and I didn't have the issue on the old mobo. >> > >> > It's terribly confusing, especially after reading the security logs >> > that >> > allowed a script to remove rights from my own account while adding more >> > to >> > it's own when it was in the "user" group. Talk about security flaws :( >> >> |
Re: Bogus Boot
Boot from the install media, press F6 during initial read of the media when
prompted, and the wipe the partitions before installing. -- Charlie. http://msmvps.com/blogs/xperts64 http://mvp.support.microsoft.com/profile/charlie.russel "philo" <philo@privacy.net> wrote in message news:%2363UmOGgJHA.2384@TK2MSFTNGP04.phx.gbl... > > "Charlie Russel - MVP" <charlie@mvKILLALLSPAMMERSps.org> wrote in message > news:e7XTyZEgJHA.2384@TK2MSFTNGP04.phx.gbl... >> Personally, I'd pull off any data files you absolutely positively trust, >> and then do a complete wipe of the system, booting off the XP x64 disk >> and deleting all partitions, recreating and formatting them. Whatever is >> going on, it feels more like a root kit than a simple trojan, and I'd say >> you still have problems. >> >> > > > I recently had to repair a machine with a root kit > and fdisk/mbr from a win9x boot floppy did the trick > > of course it was an IDE drive > > > for an SATA drive one would need to use the repair console and isse the > fixmbr command > > however, the fixmbr command does not over-write quite as much as > fdisk/mbr > > >> Charlie. >> http://msmvps.com/blogs/xperts64 >> http://mvp.support.microsoft.com/profile/charlie.russel >> >> "krakr" <krakr@discussions.microsoft.com> wrote in message >> news:DC33DB99-8988-4C4D-A3DC-6744296503BC@microsoft.com... >>>I need to clarify. I had a trojan. It's been removed. The accounts it >>> created were removed. Now I just have the Admin, my compromised account >>> (that >>> I don't log into but need to take the My docs & stuff from) and my new >>> account. >>> >>> I'm virus free and ready to move on for the past 2 days. Just installed >>> a >>> new Asus M3n72-d mobo this evening and a killer heat sink as well. After >>> configuring the boot sequence again in BIOS. I had the issue. No other >>> HDD >>> has a boot.ini on it and I didn't have the issue on the old mobo. >>> >>> It's terribly confusing, especially after reading the security logs that >>> allowed a script to remove rights from my own account while adding more >>> to >>> it's own when it was in the "user" group. Talk about security flaws :( >> > > |
Re: Bogus Boot
I'd go a bit further. Download a utility that will overwrite track 0. Most
drive manufacturer's disk diagnostics will do this. They sometimes call it a low level format. This effectively sets the drive back to as new from the factory. -- Kerry Brown MS-MVP - Windows Desktop Experience: Systems Administration http://www.vistahelp.ca/phpBB2/ http://vistahelpca.blogspot.com/ "Charlie Russel - MVP" <charlie@mvKILLALLSPAMMERSps.org> wrote in message news:e7XTyZEgJHA.2384@TK2MSFTNGP04.phx.gbl... > Personally, I'd pull off any data files you absolutely positively trust, > and then do a complete wipe of the system, booting off the XP x64 disk and > deleting all partitions, recreating and formatting them. Whatever is going > on, it feels more like a root kit than a simple trojan, and I'd say you > still have problems. > > -- > Charlie. > http://msmvps.com/blogs/xperts64 > http://mvp.support.microsoft.com/profile/charlie.russel > > "krakr" <krakr@discussions.microsoft.com> wrote in message > news:DC33DB99-8988-4C4D-A3DC-6744296503BC@microsoft.com... >>I need to clarify. I had a trojan. It's been removed. The accounts it >> created were removed. Now I just have the Admin, my compromised account >> (that >> I don't log into but need to take the My docs & stuff from) and my new >> account. >> >> I'm virus free and ready to move on for the past 2 days. Just installed a >> new Asus M3n72-d mobo this evening and a killer heat sink as well. After >> configuring the boot sequence again in BIOS. I had the issue. No other >> HDD >> has a boot.ini on it and I didn't have the issue on the old mobo. >> >> It's terribly confusing, especially after reading the security logs that >> allowed a script to remove rights from my own account while adding more >> to >> it's own when it was in the "user" group. Talk about security flaws :( > |
Re: Bogus Boot
I have also seen a couple of references claiming it is best
to do the full format of the hard drive vs the quick format. Supposedly a full format wipes the previous information left behind and could cause some errors with the new install. The quick format only zeros out the MFT. krakr wrote: > many thx, though I'm not looking forward to it. > > "Charlie Russel - MVP" wrote: > >> Personally, I'd pull off any data files you absolutely positively trust, and >> then do a complete wipe of the system, booting off the XP x64 disk and >> deleting all partitions, recreating and formatting them. Whatever is going >> on, it feels more like a root kit than a simple trojan, and I'd say you >> still have problems. >> >> -- >> Charlie. >> http://msmvps.com/blogs/xperts64 >> http://mvp.support.microsoft.com/profile/charlie.russel >> >> "krakr" <krakr@discussions.microsoft.com> wrote in message >> news:DC33DB99-8988-4C4D-A3DC-6744296503BC@microsoft.com... >>> I need to clarify. I had a trojan. It's been removed. The accounts it >>> created were removed. Now I just have the Admin, my compromised account >>> (that >>> I don't log into but need to take the My docs & stuff from) and my new >>> account. >>> >>> I'm virus free and ready to move on for the past 2 days. Just installed a >>> new Asus M3n72-d mobo this evening and a killer heat sink as well. After >>> configuring the boot sequence again in BIOS. I had the issue. No other HDD >>> has a boot.ini on it and I didn't have the issue on the old mobo. >>> >>> It's terribly confusing, especially after reading the security logs that >>> allowed a script to remove rights from my own account while adding more to >>> it's own when it was in the "user" group. Talk about security flaws :( >> |
| All times are GMT. The time now is 08:35 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.