Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 20 Dec 2014, 08:28
All times are UTC - 4
 Forum index » Off-Topic Area » Security
I got wacked real good x 3 (SOLVED)
Post new topic   Reply to topic View previous topic :: View next topic
Page 4 of 8 [120 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8 Next
Author Message
Sylvander

Joined: 15 Dec 2008
Posts: 3551
Location: West Lothian, Scotland, UK

PostPosted: Sun 07 Mar 2010, 05:43    Post subject:  

1. "The 3 files for the boot floppy are just copied to the disk?"
(a) Yes, just follow the instructions given in the webpage.
i.e.
"Format a floppy disk using a Windows NT 4.0, 2000, XP or Server 2003 machine (not windows 9x!)
format a: /u
"
So you are using a formatted floppy.
Then...
"Copy NTDETECT.COM and NTLDR onto the floppy disk"
So you now have 2 of the 3 needed files on the floppy.
Then...
"Download this BOOT.INI file and put it onto the floppy disk"
This boot.ini file is a special customized copy that offers 8 choices of partition to attempt to boot.
Now you have a formatted floppy with the 3 necessary files on it.
SO...

(b) Boot the floppy.

2. "do I right click the boot.ini and it creates the boot floppy?"
No...
Just copy the 3 files to the floppy as above.

3. "Any help there to get to a EBCD?"
I'd need to host somewhere my copy of the [FREE] 1st version of the EBCD.
[If anyone wants it]
The present EBCD version is version 2 I believe = no longer free, and not so comprehensive [lots of things it doesn't do anymore].
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1318

PostPosted: Sun 07 Mar 2010, 12:27    Post subject: progress  

This is indeed progress. At this point, I'm guessing your MBR was clobbered. Malware doing this is not hard to create. It can even get clobbered by accident. Zapping the BIOS is harder.

We are still dealing with suspect machines. If you succeed in booting, via the route Sylvander has suggested, you will still be running a suspect Windows installation, and should exercise caution. Sylvander is probably more experienced than I am with Windows, and operates in your time zone. Listen to him.

If I were there myself, I would start with freedos, because that is the weakest system that would allow me to check the BIOS, and gives any possible malware as little to work with as possible. You could hide an elephant in a typical Windows installation.

All good utilities to flash a BIOS have an option to save the current BIOS before flashing. This can be used for another purpose. If you make a backup file of the current BIOS, and compare it bit-for-bit to the BIOS image file downloaded from the OEM site, you can tell if the BIOS is okay without risking a flash operation. (The BIOS ID you get during POST should allow you to download exactly the right file.)

Once you are sure you have a good BIOS, the next order of business involves recovering data and eliminating infections. When you recover data, I recommend using a non-Windows OS like Puppy first, because the malware was tailored for Windows.

p.s. You haven't stopped anyone from posting. The forum software allows overlapping posts. The apologies are about possible confusion.
Back to top
View user's profile Send private message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Sun 07 Mar 2010, 12:51    Post subject:  

I did make a boot floppy. It didn't boot the hard drive, there was no CD in the tray. I'll type in the text it produced later.

Prehistoric, thanks for the clarification on posting. You folks have been so kind I hated to think I had caused problems.

The same place the computer tells me I can press del to go to bios it gives me a way to awdflash if that helps.

There is rain forecasted for here late today. Today is break the garden day+Jerry likes to eat=little computer time today. Sorry to put this on hold.

Take care
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3551
Location: West Lothian, Scotland, UK

PostPosted: Sun 07 Mar 2010, 13:50    Post subject:  

1. " It didn't boot the hard drive"
(a) Try each of the 8 partitions in turn.
If it fails to boot Windows on each of the 8...
Then, either...
(b) The Windows folder isn't functional.
[Doesn't exist or is corrupted]...
And/or...
(c) The BIOS cannot see the HDD.
[BIOS or its config settings are messed up, or the controller isn't doing its job (configured off?), or some hardware problem]
Make sure the CMOS jumper isn't in the "clear" position.
And/or...
(d) The partition File tables have been messed up [deleted?]
I think perhaps TestDisk.exe run from a bootable floppy may be able to make a non-bootable HDD bootable once again.
I've used it to do just that, and it was amazing.
I think it restored [a good/backup copy of] an improperly deleted, or corrupted, partition or partition file table.
But then [prior to that], I was able to boot Windows using the Windows Universal Boot Floppy to boot Windows...
But it only succeeded in booting Windows after I'd edited the boot.ini file to change the name of the Windows folder [from WINNT] to "WINDOWS".

(e) A BootIT NG bootable floppy is a great tool [I have it but don't use it lots].
I believe it automatically fixes certain basic problems, so that people are astonished that just running it fixed their problem.
All hopes of a fix by such as these depend on the BIOS being able to see the drive.
This may confirm whether the drive [and its parts] can be seen.
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1318

PostPosted: Sun 07 Mar 2010, 16:09    Post subject: award flash utility  

The normal award flash utility does have options to save the current BIOS without programming the BIOS with any new binary data. On the command line, this uses the /Pn and /Sy options. If you have the checksum, from the manufacturer's site, you can check for BIOS corruption without either flashing or saving the existing BIOS code, using /CKSxxxx, where xxxx is the hexadecimal value of the checksum. How this works with awardflash in the BIOS depends on the manufacturer. You will need to download the manual.

This may be wasted effort, but I'm being extremely cautious.

If, as we suspect, the MBR has been clobbered without any other damage to the Windows installation, the NT bootloader will still be installed on the partition with the OS. (You can also install GRUB to the partition holding Puppy, in addition to installing it to the MBR, so it can be used if the MBR gets zapped.) The problem is that the partition table was likely clobbered along with the MBR. In that case, you need the recovery tool suggested above. Hopefully, you won't need more advanced methods, though you should know these exist, if needed.

That still leaves the problems of recovering your important personal files, and removing any possible malware which caused the problem, but things are now moving in the right direction.
Back to top
View user's profile Send private message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Sun 07 Mar 2010, 18:43    Post subject:  

I was fooling with the computer during a water break. I booted D Small Linux. I found a place to mount the hard drive. I can't find much but I did find a list of DSL system stats. The last line says /dev/hda1 size 9.5G used 8.5G available 1.1G use 89% /mnt/hda1

The first disk I made wasn't exactly as prescribed. I couldn't find NTLDR and NTDETECT on my computer so I found them online. I also had problems with boot.ini I found instructions online that said to cut and paste to notepad and name and install the file to the floppy. They gave the file that would be used for W*****s on a partition by itself. It was handy so I took it.

Later when I reread posts in the forum I saw I should try all the options so I burned another disk. That one is partly in French. If I chose first disk, first partition it gives me the boot option page in French. Normal boot takes me to a blue screen I haven't seen before that says Microsoft (R) Windows (R) Version 5.1 (Build 2600: Service Pack 2) 1 System Processor [256 MB Memory] That holds about half a minute then reboot. The next 7 options give me 7 lines of text in French that I'm pretty sure says there's a problem.

The first disk I made ends up with about a half page of text. I can type that in if needed.

I'm going to have to reread the 2 posts preceding this one a few more time before I understand them.

Thanks
Back to top
View user's profile Send private message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Sun 07 Mar 2010, 18:45    Post subject:  

Sorry Double Post
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1318

PostPosted: Sun 07 Mar 2010, 19:25    Post subject: over to Sylvander  

Jerry,

If DSLinux says the file system is 89% full, it is accessing the partition. This suggests your machine might not be in bad shape at all, but we still need to be cautious about malware. I'm a little uncertain about that boot disk you describe.

As I said before, I can't easily test boot floppies on Windows machines. Maybe Sylvander can help.

His suggestion about bootITng sounds good. (Check the link.) I can download that without buying it, even if I can't test. I'm not sure what the download will do, but they say there is a free 30 day trial. This could be enough to get you back to where you were.
Back to top
View user's profile Send private message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Sun 07 Mar 2010, 20:36    Post subject:  

I've reread the 2 posts.

The computer is a custom build. The motherboard has AK75 REV A printed on it but I haven't found a manufacturer name. From what I've seen online AK75 could be made by DFI, Aopen, Free, ect. Is there a way to find out who made the board so I know where to look for a manual?

Prehistoric, You mentioned something about Puppy on a partition. I know when I am discussing 5 computers there is bound to be confusion. This computer is XP only.

I checked out BootIt ng. I'll have to weigh my options before I shell out $35 for software. I can see that in the case of recovering valuable data it would be well worth it. Am I wrong in thinking I may be able to easily format the drives and install Linux. At this point being rid of W*****s and all it's problems sounds great.

Take care
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3551
Location: West Lothian, Scotland, UK

PostPosted: Sun 07 Mar 2010, 20:57    Post subject:  

Click here to be taken to the download page for the ebcd061p.iso file that can be used to make the full PRO version of the EBCD bootable CD.
Anyone who wants a copy is free to download it I believe; it was originally given as a FREE disk.

Boot the EBCD...
At the 1st menu hit <Enter> to be taken to the 2nd menu...
The "Create Boot Floppy" program is on the 2nd menu.
Hit the down arrow key to get the the "Create Boot Floppy" [or something similar], and hit <Enter> with a floppy disk in the FDD.
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1318

PostPosted: Sun 07 Mar 2010, 22:12    Post subject: Oops!  

Jerry, I don't know where I got the idea you were in the UK. Sorry for any extra confusion. I usually find enough without trying.

On bootITng, the $35 is only if you keep it after the 30 day free trial. I was suggesting it might repair your installation to the point you would no longer need help. You can install something else long before the free trial ends. Sylvander has another good suggestion.

I've used AK75 boards from Aopen, and that would be my choice for the company most likely to have the correct BIOS. Go by the full BIOS version number shown at the bottom left of your POST screen. If you match that, you will have the correct BIOS.

If that Windows system is like most old systems I have seen filling 89% of the partition, it is infested with malware. If you are able to recover any files you want from the suspect machine, I would say you can wipe Windows and install Puppy without problems. On a home-built machine, there aren't likely to be any sneaky bits of code hidden in dark corners of the disk.

Do you have a Puppy CD already burned, or is that a problem at this stage? If you have the CD, it is simply a matter of using the boot floppy you already have to get to the CD, then doing a repartition (with Gparted) and install according to normal instructions. If you finish up by installing GRUB to boot Puppy, you will have a complete stand-alone system without needing any commercial software.
Back to top
View user's profile Send private message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Sun 07 Mar 2010, 23:47    Post subject:  

Thanks Sylvander. I'm downloading it now. I'm not sure when I'll get it burned to cd. I'd think surely in the next day or two. I'm thinking my son had an external CD writer a few years ago.

I don't see how my son has had XP, I know for 7 years, contained to a 10gb hard drive. My wife and I have a hard time keeping ours contained to 40gb. I have no idea what all that data is.

It's still his computer. I don't know what he wants to do with it. A good friend of his built it as his personal computer so it may have some sentimental value.

I have 2 Puppy CDs. The laptop wouldn't run 4.3.1. I had to burn a version for older hardware for it. When the computers crashed I was working on getting Kmymoney2 to replace Quicken.

The download is finished. One more step toward my destination.

Thanks folks
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3551
Location: West Lothian, Scotland, UK

PostPosted: Mon 08 Mar 2010, 03:23    Post subject:  

md5sum = bdacb69f384af3ab50f2ad716b4f3460 EBCD061P.ISO

Forgot to supply that. Embarassed

My copy here is 60.4MB

By-the-way...
If you make and boot a BootIT-NG bootable floppy...
When asked if you want to install to the HDD...
DON'T do that, but skip that instead.
Can't remember the exact wording.
You then go to "Working with partitions".
If you're thinking of trying to see what it can do, I'd need to boot my copy and remind myself of its features.
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3551
Location: West Lothian, Scotland, UK

PostPosted: Mon 08 Mar 2010, 05:19    Post subject:  

Thread = Free download: I made Bootable floppy [ptedit+partinfo+edit.com+DOSprompt+info.txt]
File = pteditSE.zip

I made this way back in 2002!
partinfo displays the HDD's partition info, which is automatically saved to the info.txt file on the floppy disk.
ptedit displays the HDD partition info, which can be edited [to fix problems?]
You'd need the help of an expert if [like me] you're not one yourself. Very Happy

This might tell you:
Whether your HDD can be seen...
And whether the partitions look good or not.
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3551
Location: West Lothian, Scotland, UK

PostPosted: Mon 08 Mar 2010, 06:21    Post subject:  

1. FYI:
When at the 2nd menu in the EBCD...
Do NOT be tempted to use "Recover MBR" if your Windows OS is XP or later.

It works fine on Win2000 [the only Windows I have installed], so I've used it a lot on my own PC.
It writes a generic MBR in less than a second.
Great for recovering a working MBR [that will boot Win2000, but] that doesn't include GRUB.

-----------------------------------------------------------------------------------------------

2. I'm reading my BiNG quickstart pdf file and it says that BiNG will [at "view MBR"], write a "Std MBR".
Not sure if that's the same as the EBCD [but I think it is], or different.
The bootitng.pdf says:
"Std MBR is equivalent to fdisk/mbr which creates the small program to boot the active partition. "
Which I believe isn't suitable for use with XP and later. [Same as the EBCD?]
But then my BiNG is an older copy.

3. Useful floppies.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 4 of 8 [120 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0997s ][ Queries: 12 (0.0051s) ][ GZIP on ]