DESPERATE for Help - Computer crash

[kf]

I'm at a local library with the clock ticking - I have one hour of use. It's 12:38 here - and I have about 45 minutes.

My system has crashed. Here's the background:

I've been trying to remove malware for the last few days. Had run various scans, etc. Have been waiting on someone to help me with a HiJack This Log.

And then last night, this: an auto update of wp service pack 3. Install stopped halfway and I got error message: access denied. It then un-installed.

This morning, I got only the following message (and same message when I tried safe mode):
STOP: C0000218 {Registry File Failure} System can't load hive (file:
\systemroot\system32\config\software
or its log or alternate. It is corrupt, absent or not writable.
Beginning dump of physical memory
Physical memory dump complete
Contact system admin... etc.

I do have the windows CD. I also have a full back-up image (Acronis and Maxtor HD) from 2 weeks ago.

I need to know how to proceed from here. I don't want to risk losing the information that I have on the back-up image. I'm not sure if the system is clean enough to start a re-install.

Should I re-install windows and then work on restoring with acronis?

Please -- any help, links, suggestions you can give me would be so much appreciated.

Thank you.

[howudoin]

Quote:

This morning, I got only the following message (and same message when I tried safe mode):
STOP: C0000218 {Registry File Failure} System can't load hive (file:
systemrootsystem32configsoftware
or its log or alternate. It is corrupt, absent or not writable.
Beginning dump of physical memory
Physical memory dump complete
Contact system admin... etc.

I'm not an expert with this........But are you getting this message on a blue screen?

If yes, then I guess you have to do a full Windows Reinstall (From the CD) instead of using the Back-up image.

Also, turn OFF the auto-Update feature of WIN XP after doing this reinstallation. It is known to give several problems and you can do the update MANUALLY (By just doing it once a WEEK)

Bhupinder

[kf]

Okay. Thanks Bhupinder. Yes, it's against the blue screen.

I just changed to auto-update as a result of the malware removal advice given ...

The question remains though ... is the system wiped 'clean' now. If I'm going to re-install I want to be sure I'm starting with a clean slate so the malware is gone, too.

Color me: Sitting at the library hitting refresh on this thread.

[lrjd]

What OS are you using?

[Adaptive]

I recommend you use a friend's computer to download knoppix and burn a CD. Also, borrow an external usb hard drive or buy one at an office supply store.

You'll then boot your computer from this CD.
Knoppix is a version of Linux that includes file recovery tools that work with Windows files.

You can use these tools to copy your documents to an external hard drive.

Once that is done you can then reinstall Windows if needed.

Knoppix is a lifesaver for Windows file recovery, because it boots from CD and it doesn't matter if Windows won't start. Best of all it's free.

Regards,
Allen

[kf]

Allen, Thank you. Golden.

OS - Windows XP Home

[howudoin]

Quote:

The question remains though ... is the system wiped 'clean' now. If I'm going to re-install I want to be sure I'm starting with a clean slate so the malware is gone, too.

If you reinstall the OS from CD, You will start from a clean slate...Also, Don't use the Image Backup.

Bhupinder

[kf]

Allen - By USB hard drive you mean a thumb drive - or actual HD? How large am I looking for? I have several on hand.

[kf]

Quote:

Originally Posted by howudoin

If you reinstall the OS from CD, You will start from a clean slate...Also, Don't use the Image Backup.

Bhupinder

Bhupinder. Thanks. That's clear.

Is there a specific reason to *not* use the Image Backup?

Looks like I will try the Knoppix route to recover files and then re-install.

Open to other ideas. Anyone use Acronis?

[Adaptive]

Once you have backed up your data files, the next step will be to ask at both Knoppix sites and Windows sites for help with "can't load hive." This is a Windows registry file error. It might be possible to delete, fix or replace the problem registry file; doing this might or might not mean you have to reinstall your Windows applications software. But get your own files off first!

Either USB hard drive or thumb drive should work fine, the more free space the better. Otherwise you will need to copy a few files, put them on a working computer, then copy a few more files, etc. Bucket brigade service is easier when you have a bigger bucket.

Regards,
Allen

P.S. voice of experience here... a co-worker at a previous job used Knoppix to get files off a crashed Windows machine.

[anth.elias]

If you do have your Windows disk and your license key, then you should do reinstall. (BUT ONLY IF YOU KNOW FOR SURE YOU HAVE YOU IMPORTANT FILES BACKUPED AND YOU CAN RESTORE THEM TO YOUR NEWLY REINSTALLED WINDOWS.) But I'm surprised that you we need to go that far, there are a lot of powerful adware/spyware removers out there, Malwarebytes being one of the best. None the less when you insert you Windows disk in you should get a message saying that you have windows installed already, and you should see an option to reinstall and you want the full reinstall. Once you have reinstalled Windows 30-50 minutes depending on your system go out and get all you updates another 30-40 minutes if not more, than restore you backup files.

[howudoin]

Quote:

I recommend you use a friend's computer to download knoppix and burn a CD. Also, borrow an external usb hard drive or buy one at an office supply store.

You'll then boot your computer from this CD.
Knoppix is a version of Linux that includes file recovery tools that work with Windows files.

Kf...I don't know you experience level of working with computers but anything related to Linux is bound to be technical, So I'll suggest if you're a complete "Just get By" attitude with Linux then don't go this path.

Instead do a reinstall, but before doing that Upload an antivirus software, (I use Kaspersky, you can get a trial copy from their website) into your (External) USB Drive

Once the reinstall is done then DON"T open any of your Drives (C,D, E...) but rather Go straight to your USB Drive and install the Kaspersky antivirus. After that do a FULL system scan, this is because by reinstalling only the malware in your C drive will be removed but NOT from other drives. But by running a full system SCAN, your other drives will also be taken care of.

Make sure you do this Scan BEFORE you enter any of the other drives.
Do tell us how it went through

Bhupinder

[kf]

Malware was mal/behav-160. Spy sweeper caught it but couldn't quarantine it. I scanned with malwarebytes, superantispy (something, spyblaster. Did online scans w Trend Micro, Kapersky, Eset. Spy sweeper was still coming up with the malware on a full scan.

I've been in Computer h*ll since Friday.

I have 7 minutes. Thank you all for your help and advice. I'll try to get back to this thread in a few hours. (Still here for a few minutes...)

[askloz]

Quote:

Originally Posted by howudoin

I'm not an expert with this........But are you getting this message on a blue screen?

If yes, then I guess you have to do a full Windows Reinstall (From the CD) instead of using the Back-up image.

No you don't have to do a re-install.

he just needs to reboot, and he'll be fine.

if he removed the mailware, then he'll be ok.

in regards to the update that caused the problem, he's better off going to MScommunity forums and seeking help there by identifying the error number for a fix

[askloz]

do me a favor..

find the name of the malware, and I'll guide you from there to completely remove it manually

Quote:

Originally Posted by kf

Malware was mal/behav-160. Spy sweeper caught it but couldn't quarantine it. I scanned with malwarebytes, superantispy (something, spyblaster. Did online scans w Trend Micro, Kapersky, Eset. Spy sweeper was still coming up with the malware on a full scan.

I've been in Computer h*ll since Friday.

I have 7 minutes. Thank you all for your help and advice. I'll try to get back to this thread in a few hours. (Still here for a few minutes...)

[kf]

Quote:

Originally Posted by askloz

do me a favor..

find the name of the malware, and I'll guide you from there to completely remove it manually

askloz - the malware is mal/behav-160. see post up one or two, for all scans i have done. i have to go now. my time is up on this system - i got a 15 min. extension but i can get back here in a few hours.

[askloz]

you time is up on this system? huh?

how can that be?

find the location of the malware, it should tell you where it is.

let me know what the name of the program is, that's what I asked for last time, the malware program name, it has an executable, and folder where it resides.

[kf]

My time is up b/c my computer is inoperable ... and I'm at the public library. I'm back now for an hour. Apparently I can only log on twice/day ... for an hour each time. So I'm here now ...

I don't know where the malware is. If I did, I could have gotten rid of it.

Please see my post above --- I have scanned with every top-rated and recommended program available. I have spent HOURS scanning since Friday.

NONE of them find this malware --- and say I have a clean system.

The only program finding it is my anti-virus Spy Sweeper --- and it keeps finding it (during full sweep, not quick sweep), despite scans/fixes by other programs and giving me message 'Quarantine Failed'. So after all the other scans (see previous post for details), which say my system is clean, Spy Sweeper is still showing this malware.

Malware is called: Mal/Behav-160.

Meanwhile, I cannot get on my computer. The OP states that clearly. I can't get on. Even in safe mode, I only get as far as the message that I have quoted above.

I appreciate your offer for help, but do you understand that I can't just go in and take out the malware b/c I can no longer operate or access my system.

Quote:

Originally Posted by askloz

you time is up on this system? huh?

how can that be?

find the location of the malware, it should tell you where it is.

let me know what the name of the program is, that's what I asked for last time, the malware program name, it has an executable, and folder where it resides.

[kf]

Here is my thought for how to go forward. I'd appreciate feedback on this:

- Do a restore using Acronis - it's a full image of my system - that *should* restore my system and give me access to all my files

- Back up only my data files

- Wipe the system

- Re-install following Bhupinder's instructions above, loading virus before opening drives.

If there's a better option, bring it on. My thought on this is, applying my full-image restore, will give me a chance to save things before it is wiped clean w the re-install.

Clearly... my knowledge of hardware and software leaves much to be desired .. and I appreciate your help and patience with my questions.

[jsb1022]

Go download Hiren's Boot CD. Simply Google Hirens Boot disk and you 'll find it.

This CD has tons of tools. Boot up with it and browse the menus. It even has programs that will allow you to get your data off the drive. This tool save my life many times - even a few weeks ago on my work laptop.