Ransom Posted May 22, 2004 Share Posted May 22, 2004 Ok I was working on this buddy of mine's computer and it had lots of adware crap, so I downloaded adaware and did the routine scan, yadda yadda. I get the "you must restart so adaware can remove these processes on startup". So I shut down and when I get back in, I'm on the login screen, I try to login but it says some kinda parse error or else it just looks messed up. After the failed login with error messages, theres nothing left to click so all I can do is shut it down and try again. I've tried all the safe mode stuff. Nothing worked. In debugging mode it told me something was trying to close winlogin.exe when I login so obviously thats why I can't get in. Its also obvious adaware found some adware/virus in the file and is trying to delete it on windows startup. So any ideas? He doesn't know yet and I can't reset the shit, no WINXP disc or any of that stuff. I'm wondering if its possible to delete adaware from my computer in dos mode before I startup WINXP? Seems pretty hopeless but if you got an idea on a fix, please do tell. Link to comment
Dgtadude Posted May 22, 2004 Share Posted May 22, 2004 well . one thing u could do is take his harddrive . and use ur computer or someone else's to delete the adaware and modifie the window start up options. there was a file name on the registry that controlled everything that started up . i dont know the file name . but im sure its in the windows registry . Link to comment
Prokopis Posted May 22, 2004 Share Posted May 22, 2004 If you can go and work with another PC as well and you're sure his winlogon.exe is infected, you could try copying it from an XP OS (same SP, probly SP1), boot his PC with a disk running NTFSDOS, or some other proggy that can work with such an FS and bypass password protections, drop it inside and hope it works despite the probable ownership/privilege differences. However the chances of that working are realistically not very good. Anyway, ripping his HDD off and working on it from your place would probly be a good thing, but from what I've read I don't think that's an option. You may have to seriously start considering you're gonna have to tell him you broke his comp, although you had the best of intentions... Link to comment
Ransom Posted May 23, 2004 Author Share Posted May 23, 2004 WHOO! Nevermind I did fix it myself. I went over to another friends today (where I made this call for help topic lol) and thought... wait a minute... I can find some DOS commands and info... on their computer (they use MACs so I was havin a hella hard time getting around, but I did find and print some material from the internet). So... I just got back home and looked at safe modes again. I tried rebooting with command prompt again. I accessed the 3rd account instead of mine and the administrator account. I didn't notice the 3rd account before in that mode because it made my screen resolution uber huge and I thought it wasn't available, but an accidental mouse wheel scroll revealed it. This time it worked and I got to CMD! From there I followed the sheets and deleted adaware.exe and of course, it worked. Thx for taking time to help but luckily (very luckily) I dug myself out of the hole I was in this time! p.s. the boot.ini was messed up so I couldn't get into the BIOS. That tells you how lucky I am. If that had not worked I don't even think Windows could have been triggered to reinstall. /me gets ready to greet him like and act as if nothing ever happened Locked by request of myself Link to comment
Recommended Posts