Options

Please Help!!!!

Unknown
edited June 2009 in Spyware & Virus Removal
OK here is the problem...About a week ago a virus got past my windows live one care program called Ursnif.A and Ursnif.B from what I found out its just a password stealing trojan it doesn't cause any kind of destruction to system files however what does cause serious problems is calling one care technical support I allowed them to remotely access my system and when they did they accessed the system32 folder and did something to the winlogon.exe file afterwords they ran the online safety scan they have on their site and disconnected the remote assistance I had to leave for a few hours but when I returned my computer was stuck in an endless restart loop none of the options in the f8 menu are helping safe mode- restarts safe mode with networking- restarts last known good config- restarts disable automatic restart- bluescreen etc etc etc one care says i need a new xp disc...xp division of microsoft says the disc is no longer in production but I might be able to get a copy of vista is there any way to fix this without having microsoft give me further "geek squad" quality assistance? http://icrontic.com/forum/images/smilies/facepalm.gif

Comments

  • KatanaKatana
    edited June 2009
    Wow, it sounds like Onecare did a good job on your machine !!!!

    A couple of questions ...

    Do you have, or can you borrow, an XP disc ?
    Do you have a Recovery disc ?
    Does your machine have a recovery partition ?
  • Azrael Bane
    edited June 2009
    I think I can borrow an xp disc but it will probably only be home and not pro however after numerous days on the phone and eventually coming to the understanding that this will get done faster if I confuse them as much as they are trying to confuse me I now have a copy of vista home premium on the way on one care's dime and it should be here in a few days...im not sure if it has a recovery partition when i went to change to it in the f8 menu it said the only os installed was xp pro however I do remember seeing it on the drive at one point and the recovery disc was lost some years ago :(
  • KatanaKatana
    edited June 2009
    That's good news about the Vista disc :)

    The only problem is that you may lose any data on your machine.

    What make of machine do you have ?
    I think an XP pro disc should work just to access recovery console.
  • Azrael Bane
    edited June 2009
    i got my hands on a copy of xp home which has the recovery console it says its on drive I:
    the comp i started with was a hp pavillion a705w but i've made more than a few hardware upgrades and its more of the shell of what it used to be :)... after restoring the version of windows i was running it should be possible to switch to vista without losing all my files right or is vista just that lame? cuz i know its pretty lame but if its that lame i might just wanna stick with xp
  • KatanaKatana
    edited June 2009
    What drive is you main OS on ?
  • Azrael Bane
    edited June 2009
    c:
  • KatanaKatana
    edited June 2009
    A quick thought,

    When you boot from the XP disc, does it give you an option to "Repair Install" ?

    If yes, then that should sort the problem.
    the only things you will lose are Windows updates.
  • Azrael Bane
    edited June 2009
    it says "to repair a Windows XP installation using recovery console press R when i go to it my 3 options are
    1: I:\MiniNT
    2: I:\I386
    3: C:Windows

    do i use fixboot and if so on which one
  • Azrael Bane
    edited June 2009
    when it boots up it also mentions something about the Bios being shadowed
  • KatanaKatana
    edited June 2009
    Azrael Bane wrote:
    "to repair a Windows XP installation using recovery console press R"

    do i use fixboot and if so on which one

    That is a different option, Repair Install should also be on the same screen.

    You don't need Fixboot, that isn't your problem
    You could try option 3 and then type Chkdsk
  • Azrael Bane
    edited June 2009
    unfortunately im not seeing that option anywhere

    I tried chkdsk it said the volume appears to be in good condition and was not checked use /p if you want to check the volume anyway but for some reason typing that by itself or with the chkdsk command doesnt seem to work
  • KatanaKatana
    edited June 2009
    Azrael Bane wrote:
    I tried chkdsk it said the volume appears to be in good condition and was not checked .

    Sorry, my fault I gave you the wrong command.

    Start the recovery console and select option 3 (3: C:Windows)

    At the C:\Windows> prompt type the following

    SFC /scannow

    ( Note the space between C and / )
    now press enter.
    When it has finished type Exit and press enter.
  • Azrael Bane
    edited June 2009
    it says it not a valid or recognized command for a list of commands type help
  • KatanaKatana
    edited June 2009
    Of course it does ..... :grumble:
    SFC isn't available from the recovery console.

    OK, we are getting to the end of the easy options.

    Without having seen any logs, we are flying blind as to where a copy of Winlogon is stored.
    Try these commands one at a time until it says "One File Copied"


    Copy C:\WINDOWS\SYSTEM32\DLLCACHE\winlogon.exe C:\WINDOWS\SYSTEM32\winlogon.exe

    Copy C:\WINDOWS\ServicePackFiles\i386\winlogon.exe Copy C:\WINDOWS\SYSTEM32\winlogon.exe


    Copy C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe C:\WINDOWS\SYSTEM32\winlogon.exe

    Copy C:\I386\winlogon.exe C:\WINDOWS\SYSTEM32\winlogon.exe

    If you get the "File Copied" message, type Exit >Enter<
Sign In or Register to comment.