FakeAlert Trojan-Can't Log on to computer

View previous topic View next topic Go down

FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 27th January 2010, 1:31 pm

It seems my computer became infected with the FakeAlert Trojan (Internet Security 2010) several days ago. It had prevented me from running Taskmgr and initially seemed to prevent me from using regedit to change settings for taskmgr. After a few attempt to run regedit I was finally able to. Before discovering this site I located a site that gave directions on how to manually delete files associated with it and edit Registry settings. I followed the directions and was able to locate and delete everything except helper32.dll file. I decided to disable helper32.dll before rebooting the computer in safe mode. My attempts to re-boot have failed. When I re-boot in safe mode I cannot use my mouse or keyboard. When I re-boot normally, I get logged off immediately after trying to log on to my user account or others on my machine. I assume my next step is to re-boot from a re-boot disk if possible. I do have the reinstallation CD from when I bought the computer but i'm not sure I can use it to boot up the computer without losing all my data on the computer. What do I do??? Once I am on the infected computer I will then run Hijack This for additional help removing the virus.

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 27th January 2010, 3:11 pm

While I have been waiting for a response, I have been reading about similar problems others are having - in particular Robyn1112's issue. I have tried booting from my XP-CD that came with the computer when I bought it. I can reach the setup screen. When I "press R" to enter the Recovery Console, I get no response. Any suggestions?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 27th January 2010, 3:18 pm

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the [You must be registered and logged in to see this link.] file format. Avira uses an EXE that has built-in CD burning capability.
If you are not sure how to burn an image, please read [You must be registered and logged in to see this link.]. If you need a FREE utility to burn the ISO image, download and use [You must be registered and logged in to see this link.].

Let me know how it goes.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 28th January 2010, 1:50 pm

Thanks you for helping.

I first tried to scan with Kaspersky RescueDisk but was unable to update it before scanning so I then used F-secure Rescue CD (which was updated). My scan came back saying that no malware was detected. I then tried to re-boot my computer normally. When I tried to log on to my user account, I could see my desktop background image for about 10 secs before I was logged off. When I tried a second time, I was logged off immediately.

What do I do next please?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 28th January 2010, 4:43 pm

Try the Avira Rescue disc, please. It will fix some system files.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 28th January 2010, 5:12 pm

I downloaded Avira AntiVir RescueSystem and re-booted the computer to run the disk. It began to load but after about 10 secs my monitor went black and the indicator light turned yellow. I tried this twice.

Now what?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 28th January 2010, 5:30 pm

Do you have your XP disc?

We need to do a Recovery for a system file, a safe process involving no data loss.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 28th January 2010, 5:37 pm

I have the re-installation CD. What do you want me to do?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 28th January 2010, 6:36 pm


  1. Insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer. Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted to do so.
  2. When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
  3. If you have a dual-boot or multiple-boot computer, select the installation that you want to access from the Recovery Console.
  4. When you are prompted to do so, type the Administrator password. If the administrator password is blank, just press ENTER.
  5. At the Recovery Console command prompt,

Type cd system~1\_resto~1 and press "Enter".

Type dir and press "Enter".

After
you press enter you will see a list of folders (like rp1, rp2) If the
list of restore points has more than one page then press the "Enter" key until you reach the end of the list


Type cd rp {number of the second to last folder in the list} and press "Enter".
Note: Example: cd rp9 if the last restore point is rp10

Type cd snapshot and press "Enter".

Type copy _registry_machine_system c:\windows\system32\config\system and press "Enter".

Type copy _registry_machine_software c:\windows\system32\config\software and press "Enter".

Type exit and press "Enter".

Your PC will reboot. Let me know if it boots. If not, then try the process again but choose a lower restore point (ex rp6)

=======================

If you get an access denied error when doing the above, then do the following at the recovery console:

Type cd \ and press "Enter".

Type cd windows\system32\config and press "Enter".

Type ren system system.bak and press "Enter".

Type exit and press "Enter".

Your PC will reboot, go back into the Recovery Console and start from the beginning.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 28th January 2010, 6:51 pm

I have booted from the disk and pressed R for recovery console. I see:

1: C:\windows

Which Windows installation would you like to log onto
(to cancel, press ENTER)?

I enter 1?? Is that correct?

15 minutes later...
I entered 1 and got the prompt for the administrator PW. I tried not entering one and I couldn't get in as Administrator. I don't remember what the PW is (bought the computer about 6 yrs ago).

What can I do to continue from here?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 28th January 2010, 7:30 pm

I was able to guess at my password and get onto the system. When I did I saw:

"C:\windows"

I typed in cd system~1\_resto~1 and hit enter. I got the message:

"The system cannot find the file or directory specified."

I then followed your other directions and went back in to Recovery Console. When I when I type in cd system~1\_resto~1 and hit enter, I get the same message.

"The system cannot find the file or directory specified."

BTW, I should mention that I have to leave for work in about 15 minutes. I will be back online in 6-8 hours. I really appreciate the help so if you don't get a prompt response from me, that is the reason.

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 29th January 2010, 4:12 am

Back online. What can I do next?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 29th January 2010, 11:23 am

Please download and make a BART PE: [You must be registered and logged in to see this link.]

That page will give you all the information needed to build and run it. Let me know of any questions and I will try to answer them.

This PE environment helps with computers that can no longer boot, so they can be disinfected and fixed without the hassle of the Recovery Console.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 29th January 2010, 12:57 pm

All set.

I created the PEBuilder CD and booted up the computer with it. I now have a Bart PE screen up with a go menu in the lower left hand corner. During the load up when it asked about network support I clicked on dynamic but it tried to establish a connection and came back saying it couldn't do it, then finished loading the Bart PE environment.

What's next?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 29th January 2010, 3:20 pm

See if you can find the virus scanner built in. If so, please run the scan. Let me know of results.

It looks like this: [You must be registered and logged in to see this link.]


====

Then you will see a file manager, right? Looks like this: [You must be registered and logged in to see this link.]

We need to delete some files in the Windows folder of the C drive.

Let me know if you were able to run the virus scan, and if you were able to see the file manager.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 29th January 2010, 3:49 pm

I am not sure where to find the virus scanner. Under the GO menu I see:

Programs>
System>
Command Prompt (CMD)
Run...
About>
Shut Down>
---------------------------------------------
Under Programs> I see:

Accessories>
System Tools>
A43 File Management Utility
Startup>
Bart Stuff Test
Remote Desktop Connection
Drive Snapshot
----------------------------------
Under About> I see (among other stuff):
[You must be registered and logged in to see this link.]

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 30th January 2010, 3:27 am

I have been looking for the built in virus scanner as you suggested and can not find it. I have looked at the log from when I built the PE Builder CD and don't see anything looking like the "Bart's McAfee VirusScan GUI Wrapper v1.0.2". Below is the log from the build. Do I have to add it as a plug-in?

I do see the file manager as in the image.


PE Builder 3.1.10a
Copyright (c) 2002-2006 Bart Lagerweij. All rights reserved.
Running OS Version: 5.1.2600 (Service Pack 3)
Source product is: Windows XP Professional
CD-Rom name is: Windows XP Professional Service Pack 1 CD
Microsoft Product Code: 55274
Product channel ID is: OEM
Warning: building from an OEM version of Windows can mean trouble...
Source build: 2600
Build process started
Removing directory: c:\pebuilder3110a\BartPE
Directory removed: c:\pebuilder3110a\BartPE
Building registry
Directory created: C:\PEBUILDER3110A\BARTPE\I386
Directory created: C:\PEBUILDER3110A\BARTPE\I386\SYSTEM32
Directory created: C:\PEBUILDER3110A\BARTPE\I386\SYSTEM32\CONFIG
Copying file "d:\I386\setupreg.hiv" to "C:\PEBUILDER3110A\BARTPE\I386\SYSTEM32\SETUPHIV"
Opening/creating the registry hives
Removing existing hive files
Loading: C:\PEBUILDER3110A\BARTPE\I386\SYSTEM32\setuphiv
Processing INF file "d:\I386\hivesft.inf" section "AddReg"
Processing INF file "d:\I386\hivecls.inf" section "AddReg"
Processing INF file "d:\I386\hivedef.inf" section "AddReg"
Processing INF file "c:\pebuilder3110a\pebuilder.inf"
Processing INF file: c:\pebuilder3110a\pebuilder.inf. section: SetupReg.AddReg
Processing INF file: c:\pebuilder3110a\pebuilder.inf. section: SetupReg.AddReg.2600
Processing INF file: c:\pebuilder3110a\pebuilder.inf. section: Software.AddReg
Processing INF file: c:\pebuilder3110a\pebuilder.inf. section: Default.AddReg
Processing INF file "c:\pebuilder3110a\plugin\!custom\custom.inf"
Processing INF file: c:\pebuilder3110a\plugin\!custom\custom.inf. section: SetupReg.AddReg
Processing INF file: c:\pebuilder3110a\plugin\!custom\custom.inf. section: Default.AddReg
Processing INF file "c:\pebuilder3110a\plugin\a43\a43.inf"
Processing INF file "c:\pebuilder3110a\plugin\autorun\autorun.inf"
Processing INF file "c:\pebuilder3110a\plugin\bartpe\bartpe.inf"
Processing INF file "c:\pebuilder3110a\plugin\bst5\bst5.inf"
Processing INF file "c:\pebuilder3110a\plugin\chkdsk\chkdsk.inf"
Processing INF file "c:\pebuilder3110a\plugin\keyboard\keyboard.inf"
Processing INF file: c:\pebuilder3110a\plugin\keyboard\keyboard.inf. section: SetupReg.AddReg
Processing INF file: c:\pebuilder3110a\plugin\keyboard\keyboard.inf. section: Default.AddReg
Processing INF file "c:\pebuilder3110a\plugin\mstsc\mstsc.inf"
Processing INF file "c:\pebuilder3110a\plugin\nu2menu\nu2menu.inf"
Processing INF file: c:\pebuilder3110a\plugin\nu2menu\nu2menu.inf. section: SetupReg.AddReg
Processing INF file "c:\pebuilder3110a\plugin\peinst\peinst.inf"
Processing INF file "c:\pebuilder3110a\plugin\penetcfg\autorun-penetcfg.inf"
Processing INF file "c:\pebuilder3110a\plugin\penetcfg\penetcfg.inf"
Processing INF file "c:\pebuilder3110a\plugin\ramdisk\ramdisk.inf"
Processing INF file: c:\pebuilder3110a\plugin\ramdisk\ramdisk.inf. section: SetupReg.AddReg
Processing INF file "c:\pebuilder3110a\plugin\sermouse\sermouse.inf"
Processing INF file: c:\pebuilder3110a\plugin\sermouse\sermouse.inf. section: SetupReg.AddReg
Processing INF file "c:\pebuilder3110a\plugin\snapshot\snapshot.inf"
Processing INF file "c:\pebuilder3110a\plugin\zz5\nu2shell\nu2shell.inf"
Processing INF file: c:\pebuilder3110a\plugin\zz5\nu2shell\nu2shell.inf. section: SetupReg.AddReg
Closing/saving the registry hives
Saving hive: C:\PEBUILDER3110A\BARTPE\I386\SYSTEM32\SETUPREG.HIV
Saving hive: C:\PEBUILDER3110A\BARTPE\I386\SYSTEM32\CONFIG\SOFTWARE
Saving hive: C:\PEBUILDER3110A\BARTPE\I386\SYSTEM32\CONFIG\DEFAULT
Closing hive: C:\PEBUILDER3110A\BARTPE\I386\SYSTEM32\CONFIG\petmphive
Creating file: default.log
Creating file: sam
Creating file: sam.log
Creating file: security
Creating file: security.log
Creating file: software.log
Cleanup temporarily files
Collecting files
Processing INF file "d:\I386\layout.inf"
Section: WinntDirectories
Section: SourceDisksFiles
Section: SourceDisksFiles.x86
Processing INF file "c:\pebuilder3110a\pebuilder.inf"
Section: SourceDisksFiles
Adding shared assemblies (WinSxS)
Processing (ASMS)
1133 out of 10120 files selected
Processing INF file "c:\pebuilder3110a\plugin\!custom\custom.inf"
Processing INF file "c:\pebuilder3110a\plugin\a43\a43.inf"
Section: WinntDirectories
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\autorun\autorun.inf"
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\bartpe\bartpe.inf"
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\bst5\bst5.inf"
Section: WinntDirectories
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\chkdsk\chkdsk.inf"
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\keyboard\keyboard.inf"
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\mstsc\mstsc.inf"
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\nu2menu\nu2menu.inf"
Section: WinntDirectories
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\peinst\peinst.inf"
Section: WinntDirectories
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\penetcfg\autorun-penetcfg.inf"
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\penetcfg\penetcfg.inf"
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\ramdisk\ramdisk.inf"
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\sermouse\sermouse.inf"
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\snapshot\snapshot.inf"
Section: WinntDirectories
Section: SourceDisksFiles
Processing INF file "c:\pebuilder3110a\plugin\zz5\nu2shell\nu2shell.inf"
Section: SourceDisksFiles
Collecting files done
Directory created: c:\pebuilder3110a\BartPE
Copying files
Creating file "\WIN51IP"
Creating file "\WIN51IP.SP1"
Processing CAB index "d:\I386\drvindex.inf"
Section: Cabs
Checking CAB Section: driver
Checking CAB Section: SP1
Creating directory tree
Directory already exists: c:\pebuilder3110a\BartPE
Directory already exists: c:\pebuilder3110a\BartPE\I386
Directory already exists: c:\pebuilder3110a\BartPE\I386\SYSTEM32
Directory created: c:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS
Directory created: c:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ETC
Directory created: c:\pebuilder3110a\BartPE\I386\INF
Directory created: c:\pebuilder3110a\BartPE\I386\FONTS
Directory created: c:\pebuilder3110a\BartPE\I386\WINSXS
Directory created: c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS
Directory created: c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13
Directory created: c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8
Directory created: c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7
Directory already exists: c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7
Directory already exists: c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7
Directory already exists: c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7
Directory created: c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a
Directory created: c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805
Directory created: c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a
Directory already exists: c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a
Directory created: c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3
Directory already exists: c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3
Directory created: c:\pebuilder3110a\BartPE\I386\SYSTEM32\LANG
Directory created: c:\pebuilder3110a\BartPE\Programs
Directory created: c:\pebuilder3110a\BartPE\Programs\A43
Directory created: c:\pebuilder3110a\BartPE\Programs\bst5
Directory created: c:\pebuilder3110a\BartPE\Programs\Nu2Menu
Directory created: c:\pebuilder3110a\BartPE\Programs\peinst
Directory created: c:\pebuilder3110a\BartPE\Programs\snapshot
Total number of files to be copied: 1213
Extracting "d:\I386\driver.cab\TOS4MO.SYS" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\TOS4MO.SYS"
.
. (Extracting files from my reinstallation CD)
. (DecompressOrCopy files from my reistallation CD)
.
DecompressOrCopy file "C:\PEBUILDER3110A\BARTPE.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\BARTPE.EXE"
DecompressOrCopy file "C:\PEBUILDER3110A\BARTPE.TXT" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\BARTPE.TXT"
DecompressOrCopy file "d:\I386\BIOSINFO.INF" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\BIOSINFO.INF"
DecompressOrCopy file "d:\I386\NETMSCLI.INF" to "c:\pebuilder3110a\BartPE\I386\INF\NETMSCLI.INF"
DecompressOrCopy file "d:\I386\NETNB.INF" to "c:\pebuilder3110a\BartPE\I386\INF\NETNB.INF"
DecompressOrCopy file "d:\I386\NETTCPIP.INF" to "c:\pebuilder3110a\BartPE\I386\INF\NETTCPIP.INF"
DecompressOrCopy file "C:\PEBUILDER3110A\BARTPE.BMP" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\BARTPE.BMP"
DecompressOrCopy file "d:\I386\SETUPLDR.BIN" to "c:\pebuilder3110a\BartPE\I386\SETUPLDR.BIN"
DecompressOrCopy file "d:\I386\TXTSETUP.SIF" to "c:\pebuilder3110a\BartPE\I386\TXTSETUP.SIF"
DecompressOrCopy file "d:\I386\VGA850.FON" to "c:\pebuilder3110a\BartPE\I386\FONTS\VGA850.FON"
DecompressOrCopy file "d:\I386\VGAOEM.FON" to "c:\pebuilder3110a\BartPE\I386\FONTS\VGAOEM.FON"
DecompressOrCopy file "d:\I386\NSLOOKUP.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\NSLOOKUP.EXE"
DecompressOrCopy file "d:\I386\TRACERT.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\TRACERT.EXE"
DecompressOrCopy file "d:\I386\[You must be registered and logged in to see this link.] to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\[You must be registered and logged in to see this link.]
DecompressOrCopy file "d:\I386\NETPLWIZ.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\NETPLWIZ.DLL"
DecompressOrCopy file "d:\I386\DISKCOPY.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\DISKCOPY.DLL"
DecompressOrCopy file "d:\I386\FMIFS.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\FMIFS.DLL"
DecompressOrCopy file "d:\I386\RICHED32.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\RICHED32.DLL"
DecompressOrCopy file "d:\I386\EXPLORER.EXE" to "c:\pebuilder3110a\BartPE\I386\EXPLORER.EXE"
DecompressOrCopy file "d:\I386\CACLS.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\CACLS.EXE"
DecompressOrCopy file "d:\I386\COMP.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\COMP.EXE"
DecompressOrCopy file "d:\I386\COMPACT.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\COMPACT.EXE"
DecompressOrCopy file "d:\I386\CONVERT.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\CONVERT.EXE"
DecompressOrCopy file "d:\I386\FC.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\FC.EXE"
DecompressOrCopy file "d:\I386\FIND.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\FIND.EXE"
DecompressOrCopy file "d:\I386\FINDSTR.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\FINDSTR.EXE"
DecompressOrCopy file "d:\I386\FINGER.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\FINGER.EXE"
DecompressOrCopy file "d:\I386\HOSTNAME.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\HOSTNAME.EXE"
DecompressOrCopy file "d:\I386\LABEL.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\LABEL.EXE"
DecompressOrCopy file "d:\I386\LPQ.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\LPQ.EXE"
DecompressOrCopy file "d:\I386\LPR.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\LPR.EXE"
DecompressOrCopy file "d:\I386\MAKECAB.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\MAKECAB.EXE"
DecompressOrCopy file "d:\I386\MOUNTVOL.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\MOUNTVOL.EXE"
DecompressOrCopy file "d:\I386\NBTSTAT.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\NBTSTAT.EXE"
DecompressOrCopy file "d:\I386\PATHPING.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\PATHPING.EXE"
DecompressOrCopy file "d:\I386\TRAFFIC.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\TRAFFIC.DLL"
DecompressOrCopy file "d:\I386\PRINT.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\PRINT.EXE"
DecompressOrCopy file "d:\I386\REPLACE.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\REPLACE.EXE"
DecompressOrCopy file "d:\I386\ROUTE.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\ROUTE.EXE"
DecompressOrCopy file "d:\I386\SORT.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\SORT.EXE"
DecompressOrCopy file "d:\I386\SUBST.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\SUBST.EXE"
DecompressOrCopy file "d:\I386\TFTP.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\TFTP.EXE"
DecompressOrCopy file "d:\I386\FSUTIL.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\FSUTIL.EXE"
DecompressOrCopy file "d:\I386\MSFTEDIT.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\MSFTEDIT.DLL"
DecompressOrCopy file "d:\I386\WORDPAD.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\WORDPAD.EXE"
DecompressOrCopy file "d:\I386\MSPAINT.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\MSPAINT.EXE"
DecompressOrCopy file "d:\I386\CALC.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\CALC.EXE"
DecompressOrCopy file "d:\I386\COURE.FON" to "c:\pebuilder3110a\BartPE\I386\FONTS\COURE.FON"
DecompressOrCopy file "d:\I386\SERIFE.FON" to "c:\pebuilder3110a\BartPE\I386\FONTS\SERIFE.FON"
DecompressOrCopy file "d:\I386\SSERIFE.FON" to "c:\pebuilder3110a\BartPE\I386\FONTS\SSERIFE.FON"
DecompressOrCopy file "d:\I386\SMALLE.FON" to "c:\pebuilder3110a\BartPE\I386\FONTS\SMALLE.FON"
DecompressOrCopy file "d:\I386\SYMBOLE.FON" to "c:\pebuilder3110a\BartPE\I386\FONTS\SYMBOLE.FON"
DecompressOrCopy file "d:\I386\RSHX32.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\RSHX32.DLL"
DecompressOrCopy file "D:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.MAN" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.0.0.0_X-WW_8D353F13.MANIFEST"
DecompressOrCopy file "D:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.CAT" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.0.0.0_X-WW_8D353F13.CAT"
DecompressOrCopy file "d:\I386\asms\1000\MSFT\WINDOWS\GDIPLUS\GdiPlus.dll" to "c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll"
DecompressOrCopy file "D:\I386\ASMS\10100\MSFT\WINDOWS\GDIPLUS\GDIPLUS.MAN" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.0.10.0_X-WW_712BEFD8.MANIFEST"
DecompressOrCopy file "D:\I386\ASMS\10100\MSFT\WINDOWS\GDIPLUS\GDIPLUS.CAT" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.0.10.0_X-WW_712BEFD8.CAT"
DecompressOrCopy file "d:\I386\asms\10100\MSFT\WINDOWS\GDIPLUS\GdiPlus.dll" to "c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll"
DecompressOrCopy file "D:\I386\ASMS\10100\POLICY\MSFT\WINDOWS\GDIPLUS\GDIPLUS.MAN" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_POLICY.1.0.MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.0.10.0_X-WW_7EF38638.MANIFEST"
DecompressOrCopy file "D:\I386\ASMS\10100\POLICY\MSFT\WINDOWS\GDIPLUS\GDIPLUS.CAT" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_POLICY.1.0.MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.0.10.0_X-WW_7EF38638.CAT"
DecompressOrCopy file "D:\I386\ASMS\5100\MSFT\WINDOWS\SYSTEM\DEFAULT\DEFAULT.MAN" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.SYSTEMCOMPATIBLE_6595B64144CCF1DF_5.1.0.0_X-WW_FC342B0B.MANIFEST"
DecompressOrCopy file "D:\I386\ASMS\5100\MSFT\WINDOWS\SYSTEM\DEFAULT\DEFAULT.CAT" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.SYSTEMCOMPATIBLE_6595B64144CCF1DF_5.1.0.0_X-WW_FC342B0B.CAT"
DecompressOrCopy file "D:\I386\ASMS\6000\MSFT\VCRTL\VCRTL.MAN" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.TOOLS.VISUALCPLUSPLUS.RUNTIME-LIBRARIES_6595B64144CCF1DF_6.0.0.0_X-WW_FF9986D7.MANIFEST"
DecompressOrCopy file "D:\I386\ASMS\6000\MSFT\VCRTL\VCRTL.CAT" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.TOOLS.VISUALCPLUSPLUS.RUNTIME-LIBRARIES_6595B64144CCF1DF_6.0.0.0_X-WW_FF9986D7.CAT"
DecompressOrCopy file "d:\I386\asms\6000\MSFT\VCRTL\mfc42u.dll" to "c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll"
DecompressOrCopy file "d:\I386\asms\6000\MSFT\VCRTL\mfc42.dll" to "c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll"
DecompressOrCopy file "d:\I386\asms\6000\MSFT\VCRTL\atl.dll" to "c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll"
DecompressOrCopy file "d:\I386\asms\6000\MSFT\VCRTL\msvcp60.dll" to "c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll"
DecompressOrCopy file "D:\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\CONTROLS.MAN" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.0.0_X-WW_1382D70A.MANIFEST"
DecompressOrCopy file "D:\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\CONTROLS.CAT" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.0.0_X-WW_1382D70A.CAT"
DecompressOrCopy file "d:\I386\asms\6000\MSFT\WINDOWS\COMMON\CONTROLS\comctl32.dll" to "c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll"
DecompressOrCopy file "D:\I386\ASMS\60100\MSFT\WINDOWS\COMMON\CONTROLS\CONTROLS.MAN" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.10.0_X-WW_F7FB5805.MANIFEST"
DecompressOrCopy file "D:\I386\ASMS\60100\MSFT\WINDOWS\COMMON\CONTROLS\CONTROLS.CAT" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.10.0_X-WW_F7FB5805.CAT"
DecompressOrCopy file "d:\I386\asms\60100\MSFT\WINDOWS\COMMON\CONTROLS\comctl32.dll" to "c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll"
DecompressOrCopy file "D:\I386\ASMS\60100\POLICY\60100\COMCTL\COMCTL.MAN" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_POLICY.6.0.MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.10.0_X-WW_3B30EA6A.MANIFEST"
DecompressOrCopy file "D:\I386\ASMS\60100\POLICY\60100\COMCTL\COMCTL.CAT" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_POLICY.6.0.MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.10.0_X-WW_3B30EA6A.CAT"
DecompressOrCopy file "D:\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSWINCRT.MAN" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.CPLUSPLUSRUNTIME_6595B64144CCF1DF_7.0.0.0_X-WW_2726E76A.MANIFEST"
DecompressOrCopy file "D:\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSWINCRT.CAT" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.CPLUSPLUSRUNTIME_6595B64144CCF1DF_7.0.0.0_X-WW_2726E76A.CAT"
DecompressOrCopy file "d:\I386\asms\7000\MSFT\WINDOWS\MSWINCRT\msvcrt.dll" to "c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll"
DecompressOrCopy file "d:\I386\asms\7000\MSFT\WINDOWS\MSWINCRT\msvcirt.dll" to "c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll"
DecompressOrCopy file "D:\I386\ASMS\70100\MSFT\WINDOWS\MSWINCRT\MSWINCRT.MAN" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.CPLUSPLUSRUNTIME_6595B64144CCF1DF_7.0.10.0_X-WW_D8862BA3.MANIFEST"
DecompressOrCopy file "D:\I386\ASMS\70100\MSFT\WINDOWS\MSWINCRT\MSWINCRT.CAT" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_MICROSOFT.WINDOWS.CPLUSPLUSRUNTIME_6595B64144CCF1DF_7.0.10.0_X-WW_D8862BA3.CAT"
DecompressOrCopy file "d:\I386\asms\70100\MSFT\WINDOWS\MSWINCRT\msvcrt.dll" to "c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll"
DecompressOrCopy file "d:\I386\asms\70100\MSFT\WINDOWS\MSWINCRT\msvcirt.dll" to "c:\pebuilder3110a\BartPE\I386\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcirt.dll"
DecompressOrCopy file "D:\I386\ASMS\70100\POLICY\MSFT\MSWINCRT\MSWINCRT.MAN" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_POLICY.7.0.MICROSOFT.WINDOWS.CPLUSPLUSRUNTIME_6595B64144CCF1DF_7.0.10.0_X-WW_F586DE6B.MANIFEST"
DecompressOrCopy file "D:\I386\ASMS\70100\POLICY\MSFT\MSWINCRT\MSWINCRT.CAT" to "c:\pebuilder3110a\BartPE\I386\WINSXS\MANIFESTS\X86_POLICY.7.0.MICROSOFT.WINDOWS.CPLUSPLUSRUNTIME_6595B64144CCF1DF_7.0.10.0_X-WW_F586DE6B.CAT"
DecompressOrCopy file "C:\PEBUILDER3110A\LANG\ENGLISH.LNG" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\LANG\DEFAULT.LNG"
DecompressOrCopy file "C:\PEBUILDER3110A\LANG\ENGLISH.LNG" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\LANG\MASTER.LNG"
DecompressOrCopy file "c:\pebuilder3110a\plugin\a43\files\a43.exe" to "c:\pebuilder3110a\BartPE\Programs\A43\a43.exe"
DecompressOrCopy file "c:\pebuilder3110a\plugin\a43\files\a43.dat" to "c:\pebuilder3110a\BartPE\Programs\A43\a43.dat"
DecompressOrCopy file "c:\pebuilder3110a\plugin\a43\files\a43.ini" to "c:\pebuilder3110a\BartPE\Programs\A43\a43.ini"
DecompressOrCopy file "c:\pebuilder3110a\plugin\a43\files\a43help.txt" to "c:\pebuilder3110a\BartPE\Programs\A43\a43help.txt"
DecompressOrCopy file "c:\pebuilder3110a\plugin\a43\files\unrar.dll" to "c:\pebuilder3110a\BartPE\Programs\A43\unrar.dll"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\AUTORUN\AUTORUN.CMD" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\AUTORUN.CMD"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\AUTORUN\DEBUGRUN.CMD" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\DEBUGRUN.CMD"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\AUTORUN\KEYDOWN.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KEYDOWN.EXE"
DecompressOrCopy file "d:\I386\NETPLWIZ.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\NETPLWIZ.DLL"
DecompressOrCopy file "d:\I386\SRVSVC.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\SRVSVC.DLL"
DecompressOrCopy file "d:\I386\HNETCFG.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\HNETCFG.DLL"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\BARTPE\NETCONFIG.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\NETCONFIG.EXE"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\BARTPE\NETCONFIG.TXT" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\NETCONFIG.TXT"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\BARTPE\MSCLIENT.CMD" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\MSCLIENT.CMD"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\BARTPE\MSSERVER.CMD" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\MSSERVER.CMD"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\BARTPE\MSCLISRV.CMD" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\MSCLISRV.CMD"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\BARTPE\RUN.CMD" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\RUN.CMD"
Copying file "c:\pebuilder3110a\plugin\bst5\bst5.exe" to "c:\pebuilder3110a\BartPE\Programs\bst5\bst5.exe"
Copying file "c:\pebuilder3110a\plugin\bst5\bst5.txt" to "c:\pebuilder3110a\BartPE\Programs\bst5\bst5.txt"
Copying file "c:\pebuilder3110a\plugin\bst5\bstfelic.txt" to "c:\pebuilder3110a\BartPE\Programs\bst5\bstfelic.txt"
Copying file "c:\pebuilder3110a\plugin\bst5\bstpelic.txt" to "c:\pebuilder3110a\BartPE\Programs\bst5\bstpelic.txt"
DecompressOrCopy file "d:\I386\CHKDSK.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\CHKDSK.EXE"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\CHKDSK\CHKDSK.CMD" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\CHKDSK.CMD"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\KEYBOARD\KEYBOARD.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KEYBOARD.EXE"
DecompressOrCopy file "d:\I386\KBDBE.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDBE.DLL"
DecompressOrCopy file "d:\I386\KBDUK.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDUK.DLL"
DecompressOrCopy file "d:\I386\KBDCZ.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDCZ.DLL"
DecompressOrCopy file "d:\I386\KBDDA.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDDA.DLL"
DecompressOrCopy file "d:\I386\KBDNE.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDNE.DLL"
DecompressOrCopy file "d:\I386\KBDFI.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDFI.DLL"
DecompressOrCopy file "d:\I386\KBDFR.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDFR.DLL"
DecompressOrCopy file "d:\I386\KBDGR.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDGR.DLL"
DecompressOrCopy file "d:\I386\KBDHU.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDHU.DLL"
DecompressOrCopy file "d:\I386\KBDIC.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDIC.DLL"
DecompressOrCopy file "d:\I386\KBDIT.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDIT.DLL"
DecompressOrCopy file "d:\I386\KBDNO.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDNO.DLL"
DecompressOrCopy file "d:\I386\KBDPL.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDPL.DLL"
DecompressOrCopy file "d:\I386\KBDPO.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDPO.DLL"
DecompressOrCopy file "d:\I386\KBDRU.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDRU.DLL"
DecompressOrCopy file "d:\I386\KBDSL.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDSL.DLL"
DecompressOrCopy file "d:\I386\KBDSP.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDSP.DLL"
DecompressOrCopy file "d:\I386\KBDSW.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDSW.DLL"
DecompressOrCopy file "d:\I386\KBDSF.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDSF.DLL"
DecompressOrCopy file "d:\I386\KBDSG.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDSG.DLL"
DecompressOrCopy file "d:\I386\KBDUS.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDUS.DLL"
DecompressOrCopy file "d:\I386\KBDBR.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDBR.DLL"
DecompressOrCopy file "d:\I386\KBDLA.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDLA.DLL"
DecompressOrCopy file "d:\I386\KBDFC.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDFC.DLL"
DecompressOrCopy file "d:\I386\KBDCR.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\KBDCR.DLL"
DecompressOrCopy file "d:\I386\MSTSC.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\MSTSC.EXE"
DecompressOrCopy file "d:\I386\MSTSCAX.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\MSTSCAX.DLL"
Copying file "c:\pebuilder3110a\plugin\nu2menu\nu2go.bmp" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2go.bmp"
Copying file "c:\pebuilder3110a\plugin\nu2menu\nu2menu.exe" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.exe"
Copying file "C:\PEBUILDER3110A\PLUGIN\NU2MENU\NU2MENUMSG.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\NU2MENUMSG.EXE"
Copying file "c:\pebuilder3110a\plugin\nu2menu\nu2menu.lic" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.lic"
Copying file "c:\pebuilder3110a\plugin\nu2menu\nu2menu.xml" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.xml"
Copying file "c:\pebuilder3110a\plugin\nu2menu\setres.exe" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\setres.exe"
Copying file "c:\pebuilder3110a\plugin\nu2menu\autorun-inf.txt" to "c:\pebuilder3110a\BartPE\autorun.inf"
DecompressOrCopy file "d:\I386\MAIN.CPL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\MAIN.CPL"
DecompressOrCopy file "d:\I386\TIMEDATE.CPL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\TIMEDATE.CPL"
DecompressOrCopy file "d:\I386\ACCESS.CPL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\ACCESS.CPL"
Copying file "c:\pebuilder3110a\plugin\peinst\peinst.cmd" to "c:\pebuilder3110a\BartPE\Programs\peinst\peinst.cmd"
Copying file "c:\pebuilder3110a\plugin\peinst\peinst.txt" to "c:\pebuilder3110a\BartPE\Programs\peinst\peinst.txt"
Copying file "c:\pebuilder3110a\plugin\peinst\mkbt.exe" to "c:\pebuilder3110a\BartPE\Programs\peinst\mkbt.exe"
Copying file "c:\pebuilder3110a\plugin\peinst\nt2peldr.exe" to "c:\pebuilder3110a\BartPE\Programs\peinst\nt2peldr.exe"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\PENETCFG\AUTORUN0PENETCFG.CMD" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\AUTORUN0PENETCFG.CMD"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\PENETCFG\PENETCFG.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\PENETCFG.EXE"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\PENETCFG\PENETCFG.INI" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\PENETCFG.INI"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\PENETCFG\PENETCFG-DHCP.INI" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\PENETCFG-DHCP.INI"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\PENETCFG\PENETCFG-STATIC.INI" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\PENETCFG-STATIC.INI"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\PENETCFG\README.TXT" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\PENETCFG.TXT"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\PENETCFG\LICENSE.TXT" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\PENETCFG.LIC"
DecompressOrCopy file "d:\I386\SRVSVC.DLL" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\SRVSVC.DLL"
DecompressOrCopy file "C:\PEBUILDER3110A\PLUGIN\RAMDISK\RAMDRIV.SYS" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\RAMDRIV.SYS"
Copying file "c:\pebuilder3110a\plugin\snapshot\snapshot.exe" to "c:\pebuilder3110a\BartPE\Programs\snapshot\snapshot.exe"
Copying file "C:\PEBUILDER3110A\PLUGIN\ZZ5\NU2SHELL\NU2SHELL.EXE" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\NU2SHELL.EXE"
Copying file "C:\PEBUILDER3110A\PLUGIN\ZZ5\NU2SHELL\NU2SHELL.TXT" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\NU2SHELL.TXT"
Copying file "C:\PEBUILDER3110A\PLUGIN\ZZ5\NU2SHELL\SHUTDOWN.CMD" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\SHUTDOWN.CMD"
Copying file "C:\PEBUILDER3110A\PLUGIN\ZZ5\NU2SHELL\REBOOT.CMD" to "c:\pebuilder3110a\BartPE\I386\SYSTEM32\REBOOT.CMD"
Getting CD-Rom bootstrap loader
File copy done
Appending files
Processing INF file: "c:\pebuilder3110a\pebuilder.inf"
Section: DelLine
Section: AddLine
Section: SetValue
Section: SetValue.2600
Processing INF file: "c:\pebuilder3110a\plugin\!custom\custom.inf"
Processing INF file: "c:\pebuilder3110a\plugin\a43\a43.inf"
Section: Append
Append file "c:\pebuilder3110a\plugin\a43\A43_nu2menu.xml" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.xml"
Processing INF file: "c:\pebuilder3110a\plugin\autorun\autorun.inf"
Section: Append
Append file "c:\pebuilder3110a\plugin\autorun\autorun_nu2menu.xml" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.xml"
Processing INF file: "c:\pebuilder3110a\plugin\bartpe\bartpe.inf"
Section: Append
Append file "c:\pebuilder3110a\plugin\bartpe\bartpe_nu2menu.xml" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.xml"
Processing INF file: "c:\pebuilder3110a\plugin\bst5\bst5.inf"
Section: Append
Append file "c:\pebuilder3110a\plugin\bst5\bst5_nu2menu.xml" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.xml"
Processing INF file: "c:\pebuilder3110a\plugin\chkdsk\chkdsk.inf"
Section: Append
Append file "c:\pebuilder3110a\plugin\chkdsk\chkdsk_nu2menu.xml" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.xml"
Processing INF file: "c:\pebuilder3110a\plugin\keyboard\keyboard.inf"
Section: Append
Append file "c:\pebuilder3110a\plugin\keyboard\keyboard_nu2menu.xml" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.xml"
Processing INF file: "c:\pebuilder3110a\plugin\mstsc\mstsc.inf"
Section: Append
Append file "c:\pebuilder3110a\plugin\mstsc\mstsc_nu2menu.xml" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.xml"
Processing INF file: "c:\pebuilder3110a\plugin\nu2menu\nu2menu.inf"
Processing INF file: "c:\pebuilder3110a\plugin\peinst\peinst.inf"
Section: Append
Append file "c:\pebuilder3110a\plugin\peinst\peinst_nu2menu.xml" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.xml"
Processing INF file: "c:\pebuilder3110a\plugin\penetcfg\autorun-penetcfg.inf"
Processing INF file: "c:\pebuilder3110a\plugin\penetcfg\penetcfg.inf"
Section: Append
Append file "c:\pebuilder3110a\plugin\penetcfg\penetcfg_nu2menu.xml" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.xml"
Processing INF file: "c:\pebuilder3110a\plugin\ramdisk\ramdisk.inf"
Section: Append
Append file "c:\pebuilder3110a\plugin\ramdisk\ramdmenu.xml" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.xml"
Processing INF file: "c:\pebuilder3110a\plugin\sermouse\sermouse.inf"
Processing INF file: "c:\pebuilder3110a\plugin\snapshot\snapshot.inf"
Section: Append
Append file "c:\pebuilder3110a\plugin\snapshot\snapshot.xml" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.xml"
Processing INF file: "c:\pebuilder3110a\plugin\zz5\nu2shell\nu2shell.inf"
Section: Append
Append file "c:\pebuilder3110a\plugin\zz5\nu2shell\nu2shell_nu2menu.xml" to "c:\pebuilder3110a\BartPE\Programs\Nu2Menu\nu2menu.xml"
Processing driver IDs
Checking for missing files
Build ISO image
Running external program
c:\pebuilder3110a\mkisofs.exe -iso-level 4 -volid "BartPE" -b bootsect.bin -no-emul-boot -boot-load-size 4 -hide bootsect.bin -hide boot.catalog -o "c:\pebuilder3110a\pebuilder.iso" "c:\pebuilder3110a\BartPE"
Warning: Creating ISO-9660:1999 (version 2) filesystem.
Warning: ISO-9660 filenames longer than 31 may cause buffer overflows in the OS.
Size of boot image is 4 sectors -> No emulation
6.28% done, estimate finish Fri Jan 29 06:37:05 2010
12.54% done, estimate finish Fri Jan 29 06:37:21 2010
18.82% done, estimate finish Fri Jan 29 06:37:53 2010
25.11% done, estimate finish Fri Jan 29 06:37:53 2010
31.36% done, estimate finish Fri Jan 29 06:37:56 2010
37.63% done, estimate finish Fri Jan 29 06:37:56 2010
43.92% done, estimate finish Fri Jan 29 06:37:56 2010
50.19% done, estimate finish Fri Jan 29 06:37:59 2010
56.46% done, estimate finish Fri Jan 29 06:37:59 2010
62.73% done, estimate finish Fri Jan 29 06:38:00 2010
68.99% done, estimate finish Fri Jan 29 06:38:01 2010
75.27% done, estimate finish Fri Jan 29 06:37:59 2010
81.53% done, estimate finish Fri Jan 29 06:38:02 2010
87.81% done, estimate finish Fri Jan 29 06:37:58 2010
94.09% done, estimate finish Fri Jan 29 06:38:02 2010
Total translation table size: 2048
Total rockridge attributes bytes: 0
Total directory bytes: 96532
Path table size(bytes): 832
79724 extents written (155 MB)
Building ISO image done
Getting device information
Device: 'SONY ' - 'CD-RW CRX216E ' - 'PD01' (2097152 bytes cache)
Test unit ready
Enabling Buffer Underrun Protection
Writing speed: 56x (8467 KBps)
Getting disc information
Disc erasable: No
Writing data to CD/DVD
Starting file analyze
Image size: 163274752 bytes
Closing session
Verifying data
Data verified OK
Building done...
There where 0 errors and 1 warnings
Use the [<<] and [>>] buttons to jump to Error/Warning.

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 30th January 2010, 5:47 am

Hello? Anyone still helping me?

I have been reading up on PE Builder and the McAfee virus scanner you are referring to. According to their website, the virus scanner is a plug-in that needs to have some files installed for it to work. The plug-in then needs to be added to PEBuilder before it builds my bootable CD. The link:

[You must be registered and logged in to see this link.]

directs me to

[You must be registered and logged in to see this link.]

which directs me to a Network Associates ftp site where I am supposed to:

Download the latest superdat (sdatxxxx.exe) file from the Network Associates ftp site.
Copy the file sdatxxxx.exe into the files folder located in the mcafee plugin directory (plugin\mcafee\files).
Now you must unpack it using the "/e" parameter. From the mcafee folder, run sdatxxxx.exe /e (where xxxx is the version number, for example sdat4290.exe). When unpacking you don't see anything happen for about 20 seconds, just wait for it.


The problem is that this page seems to be "old". When I take a look at the ftp site, I don't see any file that starts with sdatxxxx.exe.

Any additional help would be greatly appreciated as I have some important data on this computer and don't want to give up the ghost just yet.

Thanks for trying.

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 30th January 2010, 3:40 pm

Please stay patient. The malware experts on here lead busy lives. That includes me.

Now, please wait while I research this today and get back with you ASAP.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 30th January 2010, 4:16 pm

My apologies for sounding impatient. I fully appreciate how busy you and the other experts on this forum are. I can see from the volume of new issues being posted daily that you have a tremendous amount of advice to dispense. And believe me, I truly appreciate all the help I am receiving. I am not a computer expert although I do have a scientific background. I find that I am learning an enormous amount by going through this process that will help me protect myself more intelligently in the future.

To let you know of another issue I am having with my system...
Starting on 1/24/10 I have been having Keyboard errors show up in my event log.

For Event type is says: POST error
For Event Date is says: Keyboard Error

This error was posted twice on 1/24, 12 times on 1/27, 2 times on 1/28, 6 times on 1/29, and once so far today. I believe these are generated when my system freezes up after hitting a key on the keyboard. Is there something I can do with PEBart to remedy this problem. It may help me later on.

Again, my apologies. I am your PATIENT automaton...

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 30th January 2010, 10:06 pm

Unfortunately, this is hardware failure.

With the hardware failure, you will need a new install of Windows, because the current install has damaged drivers, in which the computer cannot boot enough to at least get to Safe Mode and do diagnostics.

We have two possible paths:

1. Ultimate Boot CD (diagnostics and virus scanning)
2. Get Windows disc from a friend (or buy one for cheap) and do a reformat and reinstall.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 31st January 2010, 4:34 pm

If I use the Ultimate Boot CD, will it repair and clean up my computer without me losing all of my data on the hard drive? If so, let's go with that.

I have taken a look at the ultimate boot CD website. Will I need to customize UBCD before burning the CD? If so, with what (for example; driver for the keyboard, up to date virus definitions, ...)? Just tell me what I would need and I can figure out how to do it.

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 1st February 2010, 11:28 pm

No, those are the tools included in the CD.

Please download and burn it: (use a link in Mirror Sites)
[You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 2nd February 2010, 2:02 pm

Looks like I successfully created the UBCD. I am now looking at the main menu. What do I do next?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 2nd February 2010, 2:19 pm

Ok. Look for McAfee antivirus and F-Prot antivirus in the menus. Don't remember, but I think it is under "other tools".

When you find them, please do scans with both of them. Any problems, check back in with me.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 2nd February 2010, 2:32 pm

OK, I ran the McAfee program first. When it's all done it shows me the prompt:

T:\DOSAPPS\MCAFEE>

There is also a message above the prompt that says:
Missing or invalid "T:\DOSAPPS\MCAFEE\MESSAGES.DAT"

What do I do next to run the F-Prot?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 2nd February 2010, 2:40 pm

Was it in the list?

I need to download the latest version and burn it myself and try it. So, let me do some testing. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 2nd February 2010, 2:46 pm

There were three listed. Bughunter was also there (third in the list). I believe that F-prot was there because I decided to run them in the order you mentioned rather than the order in which they were listed. I am not 100% sure though. I could easily re-boot if that would help.

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 2nd February 2010, 4:03 pm

Go back in Choose F-Prot, and allow it to initialize, then at that prompt you had earlier...

Enter this command first:

ubcdvir

Select fprot

Then enter this command:

fprot /hard /auto /delete


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 2nd February 2010, 4:19 pm

After running F-Prot I see:

Volume in drive Q is MS-RAMDRIVE

Directory of Q:\DOSAPPS\FPROT

[.] [..] FPROT.EXE ENGLISH.TX0 MACRO.DEF
3 file(s) 1,035,070 bytes
2 dir(s) 24,600,576 bytes free
Q:\DOSAPPS\FPROT>

This is where I type in fprot /hard /auto /delete?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 2nd February 2010, 7:58 pm

Yes.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 3rd February 2010, 1:24 am

Just got home from work and typed in the command...

I get the message:

Alert!

There is no A: diskette drive defined in the CMOS!!

Some viruses, such as ExeBug use this trick to prevent a "clean" boot from a floppy.

In the event that this computer really does not have a drive A: or has an external floppy drive (as Compaq Aero does), you need to run F-PROT with the /NOFLOPPY command-line switch.

Otherwise you should fix this problem with SETUP, save the changes, turn the computer off and boot from a "clean" diskette before running F-PROT.


Since I don't have a drive A:, do I just follow the directions and add that the /NOFLOPPY to the command sequence?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 3rd February 2010, 3:40 pm

Yes, please add the nofloppy command.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 3rd February 2010, 4:05 pm

I've tried it twice with; with the /nofloppy at the end of the command line or after the /hard. Both times I get the message:

Error: SIGN.DEF not found

Do I re-boot and try again?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 3rd February 2010, 4:17 pm

Let me look in to it. Sorry this is so complicated, but this happens when trying to do diagnostics.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 3rd February 2010, 4:30 pm

No problem. I am extremely appreciative of all the help you are giving me. I will await your response.

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 4th February 2010, 1:46 pm

From what I have been reading F-Prot and about sign.def, this is a signature definition file that is supposed to be downloaded when F-Prot is loaded from the UBCD. When I was loading f-prot I received a message a few times that it was unable to establish an internet connection (I don't recall the exact wording). Is this the problem? I use Comcast as ISP with cable modem and Linksys router to connect.

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 4th February 2010, 4:18 pm

I am aware of that, but I am researching the ability to patch the CD, to include the sign.def, instead of wasting time waiting for it to get the file from the internet...when it won't connect.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 8th February 2010, 4:39 am

#BUMP#

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 8th February 2010, 4:03 pm

Seems that we have reached a dead end.

We have tried what could be done, but unfortunately, this infection could have disabled your network card, and totally infected some of the core system files that are required for Windows to boot.

With these infections, the best thing to do is a reformat and reinstall.

There are options:
1. Get a Windows install disc from a friend, or buy one. (If you don't have it)
2. Get a free operating system, called Ubuntu Linux. It is a fast, friendly OS that is aimed at making computer life easier. It can be found at Ubuntu.com.
A tutorial on installing Ubuntu can be found here: [You must be registered and logged in to see this link.]

=====

We have both been patient, but it seems we are seriously wasting time.

I wish Windows were made to be more stable, but unfortunately it is not.

The good part about Ubuntu Linux is that it has a stable core, which means malware is unable to infect the computer.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 8th February 2010, 4:08 pm

Is there any way I can recover files from the hard drive before re-formatting?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 8th February 2010, 5:53 pm

Yes. You can use Ubuntu as a LiveCD, which means you do not have to install it right away to use it. You can transfer files using the LiveCD.

Here's how:

Burn the disc as the installation says, then use it to boot the computer. The computer should recognize the disc and boot from it.

Now, on boot you will see a language selection screen. Choose the language.

You will see option on the menu. Select the one that says "Try Ubuntu without any change to your computer."

It will then begin loading Ubuntu from the disc.

You will then see a "human" background. Select at the top "Places" and then down to Computer.

It will display all of the drives. You can freely access that data and transfer it to an external drive or flash drive. It will probably be labeled "00 GB Media" - that is the hard drive. If you see another drive in there, like a flash drive then it might say "00 GB Media" as well. Try to tell the difference. (00 is just a generic idea for the number of GB in the drive)

Plug the flash drive in, and copy and paste the files you want from the hard drive on to the flash drive/external drive.

Ask questions if needed. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by DMichael on 9th February 2010, 1:30 pm

First of all, Thank you so much for all of your help. I truly appreciate it.

Second, on to business...

I successfully transferred files to a flash drive using Ubuntu. I have a few questions at this point.

1) what do I need to do to ensure that the files on the flash drive are "clean". The files include a lot of photos, Word and Excel docs, emails and attachments (I use Eudora) and a large database. Is simply scanning using Avira (on this other computer) sufficient?

2) I have a re-installation CD for Windows. Can I use this to re-format and re-install Windows?

3) While checking out Ubuntu, I discovered that I am able to access the internet and reach my email account. Am I able to exploit this to clean up the computer without re-formatting?

DMichael
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25486
# Likes # Likes : 0

View user profile

Back to top Go down

Re: FakeAlert Trojan-Can't Log on to computer

Post by Dr Jay on 9th February 2010, 2:21 pm

1. Scanning using an antivirus is sufficient.

2. Yes that CD can do the job.

3. You are able to use Ubuntu to do your Normal tasks. But, due to the complexity of the issues here, it is hard to tell what system files are infected that are preventing Windows from booting.

Thorough recovery is probably not possible due to how damaged Windows was. The best thing to do is reformat and reinstall to make sure your system files are intact and you have a nice clean feeling.

I rarely ask people to do this task as it is a "final way out" - but if I was able to help disinfect those system files, then I would have to know which ones are damaged. And since your computer cannot boot, except from the LiveCD, you cannot get blue screens which would tell us what is wrong.

Indeed this is a crazy situation, but the feeling of having a totally clean computer with a fresh install is incomparable. Once you get it set up, get a good security load, to further keep yourself safe on the Internet. I promise you, it will not be a bad decision.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum