Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Windows 64bit > Bogus Boot

Reply
Thread Tools

Bogus Boot

 
 
krakr
Guest
Posts: n/a
 
      01-27-2009
I have a major issue. Despite editing my boot.ini manually and thru msconfig,
there are 2 boot options. The default IS NOT a valid install and does not
appear on the .ini.
I recently had a nasty trojan horse on my system that I've been attempting
to root out. The scripts in it created admin level accounts while revoking
rights to my own admin level acoount.
However, I didn't have this issue until I swapped out my mobo.

I have no idea what on earth could override boot.ini, but it's on my hdd.
Any input is welcome
 
Reply With Quote
 
 
 
 
krakr
Guest
Posts: n/a
 
      01-27-2009


"krakr" wrote:

> I have a major issue. Despite editing my boot.ini manually and thru msconfig,
> there are 2 boot options. The default IS NOT a valid install and does not
> appear on the .ini.
> I recently had a nasty trojan horse on my system that I've been attempting
> to root out. The scripts in it created admin level accounts while revoking
> rights to my own admin level acoount.
> However, I didn't have this issue until I swapped out my mobo.
>
> I have no idea what on earth could override boot.ini, but it's on my hdd.
> Any input is welcome


PH< OS is XP64 . I'm confused because I didn't have the problem until
tonight when I upped my mobo.
 
Reply With Quote
 
 
 
 
krakr
Guest
Posts: n/a
 
      01-27-2009
I need to clarify. I had a trojan. It's been removed. The accounts it
created were removed. Now I just have the Admin, my compromised account (that
I don't log into but need to take the My docs & stuff from) and my new
account.

I'm virus free and ready to move on for the past 2 days. Just installed a
new Asus M3n72-d mobo this evening and a killer heat sink as well. After
configuring the boot sequence again in BIOS. I had the issue. No other HDD
has a boot.ini on it and I didn't have the issue on the old mobo.

It's terribly confusing, especially after reading the security logs that
allowed a script to remove rights from my own account while adding more to
it's own when it was in the "user" group. Talk about security flaws
 
Reply With Quote
 
Charlie Russel - MVP
Guest
Posts: n/a
 
      01-27-2009
Personally, I'd pull off any data files you absolutely positively trust, and
then do a complete wipe of the system, booting off the XP x64 disk and
deleting all partitions, recreating and formatting them. Whatever is going
on, it feels more like a root kit than a simple trojan, and I'd say you
still have problems.

--
Charlie.
http://msmvps.com/blogs/xperts64
http://mvp.support.microsoft.com/profile/charlie.russel

"krakr" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
>I need to clarify. I had a trojan. It's been removed. The accounts it
> created were removed. Now I just have the Admin, my compromised account
> (that
> I don't log into but need to take the My docs & stuff from) and my new
> account.
>
> I'm virus free and ready to move on for the past 2 days. Just installed a
> new Asus M3n72-d mobo this evening and a killer heat sink as well. After
> configuring the boot sequence again in BIOS. I had the issue. No other HDD
> has a boot.ini on it and I didn't have the issue on the old mobo.
>
> It's terribly confusing, especially after reading the security logs that
> allowed a script to remove rights from my own account while adding more to
> it's own when it was in the "user" group. Talk about security flaws


 
Reply With Quote
 
philo
Guest
Posts: n/a
 
      01-27-2009

"Charlie Russel - MVP" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Personally, I'd pull off any data files you absolutely positively trust,
> and then do a complete wipe of the system, booting off the XP x64 disk and
> deleting all partitions, recreating and formatting them. Whatever is going
> on, it feels more like a root kit than a simple trojan, and I'd say you
> still have problems.
>
>



I recently had to repair a machine with a root kit
and fdisk/mbr from a win9x boot floppy did the trick

of course it was an IDE drive


for an SATA drive one would need to use the repair console and isse the
fixmbr command

however, the fixmbr command does not over-write quite as much as fdisk/mbr


> Charlie.
> http://msmvps.com/blogs/xperts64
> http://mvp.support.microsoft.com/profile/charlie.russel
>
> "krakr" <(E-Mail Removed)> wrote in message
> news(E-Mail Removed)...
>>I need to clarify. I had a trojan. It's been removed. The accounts it
>> created were removed. Now I just have the Admin, my compromised account
>> (that
>> I don't log into but need to take the My docs & stuff from) and my new
>> account.
>>
>> I'm virus free and ready to move on for the past 2 days. Just installed a
>> new Asus M3n72-d mobo this evening and a killer heat sink as well. After
>> configuring the boot sequence again in BIOS. I had the issue. No other
>> HDD
>> has a boot.ini on it and I didn't have the issue on the old mobo.
>>
>> It's terribly confusing, especially after reading the security logs that
>> allowed a script to remove rights from my own account while adding more
>> to
>> it's own when it was in the "user" group. Talk about security flaws

>



 
Reply With Quote
 
krakr
Guest
Posts: n/a
 
      01-27-2009
many thx, though I'm not looking forward to it.

"Charlie Russel - MVP" wrote:

> Personally, I'd pull off any data files you absolutely positively trust, and
> then do a complete wipe of the system, booting off the XP x64 disk and
> deleting all partitions, recreating and formatting them. Whatever is going
> on, it feels more like a root kit than a simple trojan, and I'd say you
> still have problems.
>
> --
> Charlie.
> http://msmvps.com/blogs/xperts64
> http://mvp.support.microsoft.com/profile/charlie.russel
>
> "krakr" <(E-Mail Removed)> wrote in message
> news(E-Mail Removed)...
> >I need to clarify. I had a trojan. It's been removed. The accounts it
> > created were removed. Now I just have the Admin, my compromised account
> > (that
> > I don't log into but need to take the My docs & stuff from) and my new
> > account.
> >
> > I'm virus free and ready to move on for the past 2 days. Just installed a
> > new Asus M3n72-d mobo this evening and a killer heat sink as well. After
> > configuring the boot sequence again in BIOS. I had the issue. No other HDD
> > has a boot.ini on it and I didn't have the issue on the old mobo.
> >
> > It's terribly confusing, especially after reading the security logs that
> > allowed a script to remove rights from my own account while adding more to
> > it's own when it was in the "user" group. Talk about security flaws

>
>

 
Reply With Quote
 
Charlie Russel - MVP
Guest
Posts: n/a
 
      01-27-2009
I didn't suggest it would be fun. But I strongly suggest it is necessary.

--
Charlie.
http://msmvps.com/blogs/xperts64
http://mvp.support.microsoft.com/profile/charlie.russel

"krakr" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> many thx, though I'm not looking forward to it.
>
> "Charlie Russel - MVP" wrote:
>
>> Personally, I'd pull off any data files you absolutely positively trust,
>> and
>> then do a complete wipe of the system, booting off the XP x64 disk and
>> deleting all partitions, recreating and formatting them. Whatever is
>> going
>> on, it feels more like a root kit than a simple trojan, and I'd say you
>> still have problems.
>>
>> --
>> Charlie.
>> http://msmvps.com/blogs/xperts64
>> http://mvp.support.microsoft.com/profile/charlie.russel
>>
>> "krakr" <(E-Mail Removed)> wrote in message
>> news(E-Mail Removed)...
>> >I need to clarify. I had a trojan. It's been removed. The accounts it
>> > created were removed. Now I just have the Admin, my compromised account
>> > (that
>> > I don't log into but need to take the My docs & stuff from) and my new
>> > account.
>> >
>> > I'm virus free and ready to move on for the past 2 days. Just installed
>> > a
>> > new Asus M3n72-d mobo this evening and a killer heat sink as well.
>> > After
>> > configuring the boot sequence again in BIOS. I had the issue. No other
>> > HDD
>> > has a boot.ini on it and I didn't have the issue on the old mobo.
>> >
>> > It's terribly confusing, especially after reading the security logs
>> > that
>> > allowed a script to remove rights from my own account while adding more
>> > to
>> > it's own when it was in the "user" group. Talk about security flaws

>>
>>


 
Reply With Quote
 
Charlie Russel - MVP
Guest
Posts: n/a
 
      01-27-2009
Boot from the install media, press F6 during initial read of the media when
prompted, and the wipe the partitions before installing.

--
Charlie.
http://msmvps.com/blogs/xperts64
http://mvp.support.microsoft.com/profile/charlie.russel

"philo" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>
> "Charlie Russel - MVP" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Personally, I'd pull off any data files you absolutely positively trust,
>> and then do a complete wipe of the system, booting off the XP x64 disk
>> and deleting all partitions, recreating and formatting them. Whatever is
>> going on, it feels more like a root kit than a simple trojan, and I'd say
>> you still have problems.
>>
>>

>
>
> I recently had to repair a machine with a root kit
> and fdisk/mbr from a win9x boot floppy did the trick
>
> of course it was an IDE drive
>
>
> for an SATA drive one would need to use the repair console and isse the
> fixmbr command
>
> however, the fixmbr command does not over-write quite as much as
> fdisk/mbr
>
>
>> Charlie.
>> http://msmvps.com/blogs/xperts64
>> http://mvp.support.microsoft.com/profile/charlie.russel
>>
>> "krakr" <(E-Mail Removed)> wrote in message
>> news(E-Mail Removed)...
>>>I need to clarify. I had a trojan. It's been removed. The accounts it
>>> created were removed. Now I just have the Admin, my compromised account
>>> (that
>>> I don't log into but need to take the My docs & stuff from) and my new
>>> account.
>>>
>>> I'm virus free and ready to move on for the past 2 days. Just installed
>>> a
>>> new Asus M3n72-d mobo this evening and a killer heat sink as well. After
>>> configuring the boot sequence again in BIOS. I had the issue. No other
>>> HDD
>>> has a boot.ini on it and I didn't have the issue on the old mobo.
>>>
>>> It's terribly confusing, especially after reading the security logs that
>>> allowed a script to remove rights from my own account while adding more
>>> to
>>> it's own when it was in the "user" group. Talk about security flaws

>>

>
>


 
Reply With Quote
 
Kerry Brown
Guest
Posts: n/a
 
      01-27-2009
I'd go a bit further. Download a utility that will overwrite track 0. Most
drive manufacturer's disk diagnostics will do this. They sometimes call it a
low level format. This effectively sets the drive back to as new from the
factory.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/


"Charlie Russel - MVP" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Personally, I'd pull off any data files you absolutely positively trust,
> and then do a complete wipe of the system, booting off the XP x64 disk and
> deleting all partitions, recreating and formatting them. Whatever is going
> on, it feels more like a root kit than a simple trojan, and I'd say you
> still have problems.
>
> --
> Charlie.
> http://msmvps.com/blogs/xperts64
> http://mvp.support.microsoft.com/profile/charlie.russel
>
> "krakr" <(E-Mail Removed)> wrote in message
> news(E-Mail Removed)...
>>I need to clarify. I had a trojan. It's been removed. The accounts it
>> created were removed. Now I just have the Admin, my compromised account
>> (that
>> I don't log into but need to take the My docs & stuff from) and my new
>> account.
>>
>> I'm virus free and ready to move on for the past 2 days. Just installed a
>> new Asus M3n72-d mobo this evening and a killer heat sink as well. After
>> configuring the boot sequence again in BIOS. I had the issue. No other
>> HDD
>> has a boot.ini on it and I didn't have the issue on the old mobo.
>>
>> It's terribly confusing, especially after reading the security logs that
>> allowed a script to remove rights from my own account while adding more
>> to
>> it's own when it was in the "user" group. Talk about security flaws

>

 
Reply With Quote
 
Bobby Johnson
Guest
Posts: n/a
 
      01-27-2009
I have also seen a couple of references claiming it is best
to do the full format of the hard drive vs the quick format.
Supposedly a full format wipes the previous information
left behind and could cause some errors with the new
install. The quick format only zeros out the MFT.


krakr wrote:
> many thx, though I'm not looking forward to it.
>
> "Charlie Russel - MVP" wrote:
>
>> Personally, I'd pull off any data files you absolutely positively trust, and
>> then do a complete wipe of the system, booting off the XP x64 disk and
>> deleting all partitions, recreating and formatting them. Whatever is going
>> on, it feels more like a root kit than a simple trojan, and I'd say you
>> still have problems.
>>
>> --
>> Charlie.
>> http://msmvps.com/blogs/xperts64
>> http://mvp.support.microsoft.com/profile/charlie.russel
>>
>> "krakr" <(E-Mail Removed)> wrote in message
>> news(E-Mail Removed)...
>>> I need to clarify. I had a trojan. It's been removed. The accounts it
>>> created were removed. Now I just have the Admin, my compromised account
>>> (that
>>> I don't log into but need to take the My docs & stuff from) and my new
>>> account.
>>>
>>> I'm virus free and ready to move on for the past 2 days. Just installed a
>>> new Asus M3n72-d mobo this evening and a killer heat sink as well. After
>>> configuring the boot sequence again in BIOS. I had the issue. No other HDD
>>> has a boot.ini on it and I didn't have the issue on the old mobo.
>>>
>>> It's terribly confusing, especially after reading the security logs that
>>> allowed a script to remove rights from my own account while adding more to
>>> it's own when it was in the "user" group. Talk about security flaws

>>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
boot of "cisco2-C1600" using boot helper "eprom:c1600-boot-r.111-10.AA" failed Pete.Rudolph@gmail.com Cisco 2 06-14-2007 03:41 AM
NTP on a router picking up a bogus server John Caruso Cisco 5 11-26-2005 04:58 PM
bogus questions on PrepLogic Tina MCSD 3 10-11-2004 11:24 PM
Filtering bogus TCP packets David Cisco 5 06-03-2004 12:45 PM
This is such a bogus article George Hester ASP .Net 1 07-31-2003 12:37 PM



Advertisments