AnimeSuki Forums

Register Forum Rules FAQ Members List Social Groups Search Today's Posts Mark Forums Read

Go Back   AnimeSuki Forum > AnimeSuki & Technology > Tech Support

Notices

Reply
 
Thread Tools
Old 2008-01-28, 09:59   Link #1
Chrono Helix
Senior Member
 
 
Join Date: Jan 2008
Com, virus, hdd. That's the gist of my problem.

Around 18/1/2008:
My sis is surfing the net on the computer. She gets an MSN popup from a friend. 'hey is this your pic? (website address)' She somehow thinks it's a good idea to click on it. Nothing seems to happen, so she keeps quiet.

25/1/2008:
I am surfing the net on the computer. My MSN keeps opening windows to random contacts and closing them again immediately. This continues at random intervals. After 10 minutes I get irritated, so I shut down the computer and continue from my laptop.

A few hours later a friend messages me 'hey wtf are you trying to send me a virus? you sent me the folowing message 'hey is this your pic? (website address)'. I sense trouble brewing. Despite this I do not touch the com for the rest of the day.

26/1/2008:
I turn on the com. Windows starts up. I click on my user account. It loads, I catch a glimpse of my wallpaper, and I am logged back out. I try again 2 times, the same thing happens both times. I try logging in to another user account, doesn't help either. In desperation, I turn to google, and I am told to change some registry values. I am also given several methods with which to change the registry values.

Plan A:
http://www.winxptutor.com/wsaremove.htm
Step 1: Boot the system using the Windows XP CD-ROM.
Step 2: In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console.
Step 3:Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)
The rest is not important because step 3 fails.

The prompt to type in a password does not appear. I am brought to a command prompt C:>
I type in 'dir' it gives me 'There is no floppy disk or CD in the drive.' Typing in 'chkdsk' gets me 'The volume appears to contain one or more unrecoverable problems.' This applies to D: and E: and all the other relevant ones as well. Time for plan B.

Plan B:
http://windowsxp.mvps.org/peboot.htm
Step 1: Insert the BartPE CD into the drive, and boot the system from the CD. Once the file loading phase is over, the Bart PE desktop will be visible, as shown in Figure 1.
Step 2: Type Regedit.exe in the prompt, and press Enter. Select the HKEY_USERS hive
Step 3: From the File menu, choose the Load Hive option. Browse to your Windows installation drive, for example the following location:
The rest is not important because step 3 fails.

Once again, the computer fails to recognise its own hard disk. Time for plan C.

Plan C:
http://www.informationweek.com/share...leID=189400897
Blah blah blah until:
"Next, the XP setup process will show another screen that you may recall from your initial setup of XP. It searches for "a previous version of Microsoft Windows." In our case, we're not replacing a previous version of Windows, but rather repairing the very same version that's on the setup CD--but that's OK; it's just another poorly worded screen."

The computer thinks it's hard disk has been replaced by removable disks, and disks are not inserted.

tl;dr: I'm facing some login/logout problems on Windows. To fix it, I need to change some registry values. To change those registry values, I need my com to know it has a hard disk. Some help please?
Chrono Helix is offline   Reply With Quote
Old 2008-01-28, 11:15   Link #2
Nutcracker262000
Junior Member
*IT Support
 
 
Join Date: May 2007
Location: South of Canada
Send a message via MSN to Nutcracker262000
Try system restore on safe mode if you can, its a temporary solution to get windows back to work.

Here's the steps:

0. When booting your computer, press F8 to bring up a boot menu

1. Select Safe Mode with Command Prompt

2. Select the operating system to start (if you have multiple operating systems installed)

3. Log on with an account that is a member of the administrators group

4. At the command prompt, type %systemroot%\system32\restore\rstrui.exe

Press Enter, this will start the "Welcome to System Restore" screen.

5. Go through the steps of the Wizard and follow the instructions to restore your system to a previous restore point
__________________
Nutcracker262000 is offline   Reply With Quote
Old 2008-01-28, 22:01   Link #3
Myname
Senior Member
 
Join Date: Feb 2006
Oh, I had that virus.

You keep trying to log-in, but you automatically get logged back out.

I got in through safe-mode but even that was short-lived, after a while, even in safe mode it won't let you log back in.

I'd advise you take the the hard drive out, get one of those IDE/SATA to USB connectors and transfer whatever important stuff to your laptop then proceed to format it. Reinstall windows.

Probably a better idea to really clean it out (and teach your sister some common sense).
Myname is offline   Reply With Quote
Old 2008-01-29, 00:04   Link #4
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
I can't really find any information about the virus online, so perhaps it's a new one. Either way, you can try the safe mode login as mentioned above.

I do have one question - you're mentioning that the system doesn't recognize its own hard disk. If you just turn the computer on, does it load Windows? If it doesn't then the issue is probably that something, possibly the virus, screwed over your partition.

My own advice would be to try performing a Windows repair install. Basic steps to get into this: from the installer, choose to set up Windows XP (I believe this is the ENTER key). Accept the license agreement, and then select your Windows install and press R to perform a repair install.

The repair install will replace your system files but won't touch any of your other files. I don't remember if it wipes your registry - if it does, you'll need to reinstall your programs. If you can boot, you're good, but you'll probably want to run some virus scans anyway to remove the remains of the virus. Either way, just as a precaution you'll probably want to back up your data and then format your system. Malware has become such a pain these days that you can never be sure that you've removed all of it unless you wipe the entire drive.

Quote:
Originally Posted by Myname View Post
Oh, I had that virus.
...
(and teach your sister some common sense).


What I'd recommend for everyone is that if your computer will be used by anyone who isn't computer-savvy (or if you're a bit more paranoid like me, anyone who isn't you or who isn't being watched by you), set up a guest account for them to use. Enable fast-user switching so that your programs won't shut down, and tell them to use the other account (which should be a very restricted, non-admin account). That'll at least limit the amount of damage they can pull on your system.

It's too bad Windows doesn't have something OSX does - a guest account. Basically, someone can use it, and when they log out the entire thing is wiped. That way no garbage sticks around your system.
__________________
Ledgem is offline   Reply With Quote
Old 2008-01-29, 02:12   Link #5
jpwong
Senior Member
 
 
Join Date: Mar 2004
Your issue with it not asking for a password is in all likelyhood that your "Administrator" account does not have a password set on it. Ergo, it's not asking for one when you use the recovery CD.

While the no drive problem seems a bit wierd, in Recovery Console you are only allowed to access C:\Windows (assuming that's where windows is installed) and any subdirectories of your windows folder. Anything located on other directories and/or drives is not accessible in recovery console mode. I believe you can get to the root of the drive, but it will otherwise block you from doing anything outside the windows directory.
__________________
jpwong is offline   Reply With Quote
Old 2008-01-29, 03:14   Link #6
Chrono Helix
Senior Member
 
 
Join Date: Jan 2008
Quote:
Originally Posted by Ledgem View Post
I do have one question - you're mentioning that the system doesn't recognize its own hard disk. If you just turn the computer on, does it load Windows? If it doesn't then the issue is probably that something, possibly the virus, screwed over your partition.
Yes, that's the thing I find very very strange. The computer is able to start up Windows, I can click on my user account, and I can even see my wallpaper (for a split-second before I'm logged out again). Taking these 3 things into account, it must mean the computer is able to recognise its own hard disk.

But when I try to access the contents of the hard disk via other methods (Recovery Console from XP CD, BartPE) it isn't seen at all!

Quote:
Originally Posted by jpwong View Post
Your issue with it not asking for a password is in all likelyhood that your "Administrator" account does not have a password set on it. Ergo, it's not asking for one when you use the recovery CD.

While the no drive problem seems a bit wierd, in Recovery Console you are only allowed to access C:\Windows (assuming that's where windows is installed) and any subdirectories of your windows folder. Anything located on other directories and/or drives is not accessible in recovery console mode. I believe you can get to the root of the drive, but it will otherwise block you from doing anything outside the windows directory.
From the descriptions I've read, the Recovery Console is supposed ask me for a password even if I have not set one, and I can just press Enter to pass that screen. Secondly the command prompt in the Recovery Console is supposed to bring me directly to C:\Windows. In my case, it only brings me to C:>

This probably means very bad news for me, but I ran the advanced scan from this program http://www.hitachigst.com/hdd/support/download.htm
and got the 0x72 error. On the bright side though, the quick test got me 0x00.
Chrono Helix is offline   Reply With Quote
Old 2008-01-29, 10:36   Link #7
jpwong
Senior Member
 
 
Join Date: Mar 2004
Well, that's the other wierd thing, if it drops you to C:\ at all in the first place, it must be detecting the drive at some point regardless of how borked it's working.

It does look like you may have to re-install the whole OS, so if you have any way of moving your important data off that drive, you should do so ASAP.

Have you tried Safe Mode with Command Prompt mode? It just loads the dos window rather than the whole GUI, so maybe you'll get better luck with that.
__________________
jpwong is offline   Reply With Quote
Old 2008-01-29, 19:01   Link #8
Chrono Helix
Senior Member
 
 
Join Date: Jan 2008
Forgot to make this clear in my earlier post, the program I was referring to is the Drive Fitness Test.

Quote:
Originally Posted by jpwong View Post
Well, that's the other wierd thing, if it drops you to C:\ at all in the first place, it must be detecting the drive at some point regardless of how borked it's working.

It does look like you may have to re-install the whole OS, so if you have any way of moving your important data off that drive, you should do so ASAP.

Have you tried Safe Mode with Command Prompt mode? It just loads the dos window rather than the whole GUI, so maybe you'll get better luck with that.
I have tried safe mode with command prompt, but it's loading the GUI instead of the command prompt (in other words, no difference from normal safe mode).

I tried to install Windows XP onto an external HDD and then booting from there (to salvage my data), but the install seems to be missing a 'hal.dll' file or something.
Chrono Helix is offline   Reply With Quote
Old 2008-01-29, 21:12   Link #9
Myname
Senior Member
 
Join Date: Feb 2006
Well, you're not suppose to install an OS on an external HDD.

Get your HDD out and plus it into your laptop and transfer files from there.

Since you have an external HDD, just open it up and take that HDD out and replace it with your virus infected HDD. Plug into laptop and transfer files.
Myname is offline   Reply With Quote
Old 2008-01-30, 02:26   Link #10
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
Quote:
Originally Posted by Chrono Helix View Post
I tried to install Windows XP onto an external HDD and then booting from there (to salvage my data), but the install seems to be missing a 'hal.dll' file or something.
Windows wasn't designed to be booted from an external drive, unfortunately. Microsoft denies that it's even possible, but people have managed to do it with external USB drives. It requires creating a special install CD and can be a bit glitchy, depending on your system. It'd probably work for your purposes, though.

If you're up for it, here's a page with instructions on how to perform the process.
__________________
Ledgem is offline   Reply With Quote
Old 2008-01-30, 07:43   Link #11
Chrono Helix
Senior Member
 
 
Join Date: Jan 2008
I've downloaded an OS called Knoppix and booted it from CD. It's now able to see my hard drive! I'm now trying to change the registry. According to http://windowsxp.mvps.org/peboot.htm, I have to navigate to:
HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon

New problem: when I go to
HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \
there isn't a Winlogon folder

Furthermore I have accidentally downloaded the German version of Knoppix, a language I do not understand in the slightest.

EDIT: According to the link I gave above, I need to type in the following command in the command prompt:
COPY USERINIT.EXE WSAUPDATER.EXE
After that, then I may change the registry. Does the command replace the 'userinit.exe' on my com with the 'wsaupdater.exe' from the CD? Or is it vice versa? Or something else entirely?
More importantly, I cannot use the Windows XP installation CD, because it doesn't recognise my hard drive when I do so (and furthermore I'm booting Knoppix from a CD so there's no place for me to put the CD). BUT, I have an external HDD. Could I copy the relevant file (and please tell me which is the relevant file) from the CD to the HDD, and then copy the file from the HDD to the computer?

EDIT: OK I've figured out that I need to leave the userinit.exe within C:\Windows\system32 alone, and I need to make a copy of it, and it has to be named wsaupdater.exe, and both files have to be placed in the system32 folder. I have the userinit.exe file, and I've made a copy of it, and I've named the copy wsaupdater.exe as required. However, I am unable to put wsaupdater.exe into the system32 folder. In fact, I'm unable to copy anything into my C: (which is renamed sda2 while I'm using Knoppix). Using command prompt to access sda2 gets me the message 'Ist kein Verzeichnis', which Babelfish translates as 'is no listing'.

Last edited by Chrono Helix; 2008-01-30 at 09:16.
Chrono Helix is offline   Reply With Quote
Old 2008-01-30, 09:18   Link #12
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
OK, I'm not sure I can straighten all this out, but let me give it a shot.

First, if you want the English version of Knoppix, you can get it by starting at the download home page: http://www.knopper.net/knoppix-mirrors/index-en.html
I'd use the University of Wisconsin mirror near the bottom of the page if you're in R1. After following the links and accepting the license agreement, you'll see a number of files. Pick the most recent (1/4/08 at the moment), then make sure you choose an image with "EN" in the filename. You'll get the English version.

Now for the more difficult part. Knoppix is a Linux "distribution," a package of programs including the Linux operating system and a variety of applications. Unless there's some trick I don't know of (always a good possibility), you can't edit your Windows registry from Linux. What program are you using when you said you navigated to "HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon"?

The link you pointed to discusses using a different recovery CD: "Bart's PE is a bootable live Windows CD that can be used to recover your system when in a disaster." Notice that this one boots Windows, not Linux like Knoppix does.

The fact that Knoppix can see your hard drive generally rules out any hardware issues. If I were you, I'd use the opportunity to back up your hard drive to another device because a Windows reinstall may be in your future.

Edit:
Quote:
However, I am unable to put wsaupdater.exe into the system32 folder. In fact, I'm unable to copy anything into my C: (which is renamed sda2 while I'm using Knoppix). Using command prompt to access sda2 gets me the message 'Ist kein Verzeichnis', which Babelfish translates as 'is no listing'.
If you double-click the desktop icon for sda2, does it open up into a "Konqueror" window and show you the folders? If not, my optimism about the health of the drive is reduced. If you open the Konsole (which you should be able to do by right-clicking the desktop) and type the command "mount" at the prompt, you'll see all the mounted filesystems. The Windows drive should appear in the list like this: "/dev/sda1 on /mnt/windows type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096)." The key is "type fuseblk," which means the software for mounting NTFS partitions is installed, and "rw," which means you can read and write to the filesystem.

Quote:
Originally Posted by Chrono Helix View Post
I've downloaded an OS called Knoppix and booted it from CD. It's now able to see my hard drive! I'm now trying to change the registry. According to http://windowsxp.mvps.org/peboot.htm, I have to navigate to:
HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon

New problem: when I go to
HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \
there isn't a Winlogon folder

Furthermore I have accidentally downloaded the German version of Knoppix, a language I do not understand in the slightest.

EDIT: According to the link I gave above, I need to type in the following command in the command prompt:
COPY USERINIT.EXE WSAUPDATER.EXE
After that, then I may change the registry. Does the command replace the 'userinit.exe' on my com with the 'wsaupdater.exe' from the CD? Or is it vice versa? Or something else entirely?
More importantly, I cannot use the Windows XP installation CD, because it doesn't recognise my hard drive when I do so (and furthermore I'm booting Knoppix from a CD so there's no place for me to put the CD). BUT, I have an external HDD. Could I copy the relevant file (and please tell me which is the relevant file) from the CD to the HDD, and then copy the file from the HDD to the computer?
__________________
SeijiSensei is offline   Reply With Quote
Old 2008-01-30, 11:31   Link #13
Chrono Helix
Senior Member
 
 
Join Date: Jan 2008
Sorry I think I gave the wrong link for where I got information on this method I'm trying.
http://www.winxptutor.com/wsaremove.htm
http://www.ntcompatible.com/thread31505-1.html
Quote:
Originally Posted by SeijiSensei View Post
Now for the more difficult part. Knoppix is a Linux "distribution," a package of programs including the Linux operating system and a variety of applications. Unless there's some trick I don't know of (always a good possibility), you can't edit your Windows registry from Linux. What program are you using when you said you navigated to "HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon"?
I click the Konsole button near the bottom of the screen(looks like a monitor with a >_ on it)
Command prompt appears. I type in regedit.
Quote:
knoppix@Knoppix:~$ regedit
wine: creating configuration directory '/home/knoppix/.wine'
wine: '/home/knoppix/.wine' created successfully
Registry Editor appears.
I navigate to "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion "
I do not see the "Winlogon" folder, but I suspect that's because I have not done the step that's supposed to come before this. (The one about copying userinit.exe and naming the copy wsaupdater.exe)
Quote:
Originally Posted by SeijiSensei View Post
The link you pointed to discusses using a different recovery CD: "Bart's PE is a bootable live Windows CD that can be used to recover your system when in a disaster." Notice that this one boots Windows, not Linux like Knoppix does.

The fact that Knoppix can see your hard drive generally rules out any hardware issues. If I were you, I'd use the opportunity to back up your hard drive to another device because a Windows reinstall may be in your future.
I am finding it strange that the Windows boot can't see my hard disk but the Linux one can, but whatever works, I guess. I do intend to back up my important files, thanks for the advice.
Quote:
Originally Posted by SeijiSensei View Post
If you double-click the desktop icon for sda2, does it open up into a "Konqueror" window and show you the folders?
Yes, thankfully.
Quote:
Originally Posted by SeijiSensei View Post
If you open the Konsole (which you should be able to do by right-clicking the desktop) and type the command "mount" at the prompt, you'll see all the mounted filesystems. The Windows drive should appear in the list like this: "/dev/sda1 on /mnt/windows type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096)." The key is "type fuseblk," which means the software for mounting NTFS partitions is installed, and "rw," which means you can read and write to the filesystem.
Quote:
knoppix@Knoppix:~$mount
/dev/root on / type ext2(rw)
/ramdisk on /ramdisk type tmpfs (rw,size=411808k,mode=755)
/UNONFS on /UNIONFS type aufs (rw,br:/ramdisk:?KNOPPIX)
/dev/hda on /cdrom type iso9660(ro)
/dev/cloop on /KNOPPIX type iso9660 (ro)
/proc/bus/usb on /proc/bus/usb type usbfs (rw,devmode=0666)
/dev/pts on /dev/pts type devpts (rw)
/dev/sda2 on /media/sda2 type vfat (ro,nosuid,nodev,umask=000,shortname=winnt,uid=1000,g id=1000)
I suppose that means it's read-only. I'd try to change it in properties (German word: "Eigenschaften") but I don't know what's the german word for 'read-only', so I'll have to let it be until I get the english version.

I have a D: that's represented on the Knoppix desktop as sda5, similar to how C: is represented as sda2. I also have an sda1, but I don't remember having any other drives. Should I be concerned that neither of these showed up when I typed in mount?
Chrono Helix is offline   Reply With Quote
Old 2008-01-30, 11:45   Link #14
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Quote:
Originally Posted by Chrono Helix View Post
I click the Konsole button near the bottom of the screen(looks like a monitor with a >_ on it)
Command prompt appears. I type in regedit.
That's what I thought you might be doing.

Linux includes software called "Wine" that enables you to run some Windows software under Linux. The regedit you're using is editing the Wine configuration in the home directory of the "knoppix" Linux user. You're not editing the registry on the Windows drive at all.

The commands you listed show what's happening:
Code:
wine: creating configuration directory '/home/knoppix/.wine'
wine: '/home/knoppix/.wine' created successfully
Quote:
/dev/sda2 on /media/sda2 type vfat (ro,nosuid,nodev,umask=000,shortname=winnt,uid=100 0,g id=1000)
Hmm. It's mounting the drive as vfat (or FAT32 in Windows-speak), not NTFS. The "ro" does mean read-only, but if you can see the files in Konqueror you should be able to copy them to another medium. Linux has had issues with NTFS because parts of the NTFS filesystem are patented by Microsoft in the US which made totally-free support for NTFS difficult to redistribute. If the drive is "ro" you won't be able to write to it, which is probably a limitation these patent rules impose. (There are well-established (though potentially illegal) methods for reading and writing to NTFS under Linux, but perhaps the Knoppix disc you're using doesn't implement them.)

Quote:
I have a D: that's represented on the Knoppix desktop as sda5, similar to how C: is represented as sda2. I also have an sda1, but I don't remember having any other drives. Should I be concerned that neither of these showed up when I typed in mount?
Linux names drives with the convention of using letters to represent the drives themselves and number to represent the partitions on those drives. So:

/dev/sda1 = first partition on first drive
/dev/sda5 = fifth partition on the first drive

You can view the drive from the prompt using the "fdisk" tool. Just type "/sbin/fdisk /dev/sda" to see the partition structure of the drive. Don't touch anything, though, unless you know what you're doing

I think Knoppix mounts drives on an as-needed basis. So if you never opened /dev/sda5, it probably won't be mounted.
__________________
SeijiSensei is offline   Reply With Quote
Old 2008-01-30, 22:27   Link #15
Chrono Helix
Senior Member
 
 
Join Date: Jan 2008
I've got the english version of Knoppix, and I used it to boot the system. I realised that I can mount the sda2 drive, then change it's read/write properties such that it can be written to. As instructed on http://www.winxptutor.com/wsaremove.htm and http://www.ntcompatible.com/thread31505-1.html, I have done the following:
1. Go to sda\Windows\system32
2. Copy the userinit.exe
3. Rename the copy wsaupdater.exe
4. Place the copy inside sda\Windows\system32

With the above done, I should be able to remove the Knoppix cd, restart the computer, login to my normal Windows user account, access the registry editor and finally get rid of the problem.

Except for the fact that I'm still getting logged out immediately after logging in.

If it makes any difference, I did the 4 steps from the Knoppix GUI instead of from Konsole, because the copy command doesn't exist in Konsole and I'm not sure what the equivalent command is.
Chrono Helix is offline   Reply With Quote
Old 2008-01-30, 23:12   Link #16
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
Maybe the virus is programmed to do it. Seiji, does Knoppix come with Clamwin? The virus may be too new and wouldn't be detected, but if he did a scan and removed it with that then it might fix the issue.
__________________
Ledgem is offline   Reply With Quote
Old 2008-01-31, 09:30   Link #17
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
There's something called "knoppicillin" out there which bundles some antivirus programs with Knoppix, but after a Google search, I can't find it anywhere, or the torrents I see have zero seeds/peers. Also most of the material I see is in German.

I don't know about how one installs software not on the CD/DVD. I think Knoppix is based on Debian, so it might support apt/get. Try "apt-get clamav" from the prompt and see what happens. You could build ClamAV from source, but I don't think the CD version of Knoppix has all the needed development tools like the gcc compiler. I'm guessing the Knoppix DVD has stuff like that in spades, though.

Frankly, I think using Knoppix for this task must be harder than booting from one of those Windows rescue CDs like Bart's, mentioned in the OP's original link.
__________________
SeijiSensei is offline   Reply With Quote
Old 2008-02-02, 01:50   Link #18
Chrono Helix
Senior Member
 
 
Join Date: Jan 2008
'apt-get clamav' gets me the message 'E: invalid operation clamav'.

I was told that there's a possiblity that the virus I got doesn't change the registry to 'wsaupdater.exe', and instead points to some other filename.
Quote:
I'm going to reiterate my suggestion that you attempt to use a hex editor, just to see what the value is currently at. For one, I'm curious if it'll work, and two, it really seems like a good bet. Try

Code:

--------------------------------------------------------------------------------
apt-get install hexer
hexer /sda/Windows/System32/config/software
--------------------------------------------------------------------------------

hexer looks like this:
line_number: 16 double-digit hex numbers 16_human_readable_characters
scroll through with 'j', use '/' to search, and type :q to exit.
I type the suggested code into Konsole, and I get the following message:
E: Could not open lock file /var/lib/dpkg/lck - open (13 {ermission denied)
E: Unable to lock the administration dirctory (/var/lib/dpkg/), are you root?
Chrono Helix is offline   Reply With Quote
Old 2008-02-02, 13:50   Link #19
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Oops, I forgot the "install" part. (I don't use apt-get since I use RedHat-flavored distributions that use a different package manager.) How about "apt-get install clamav"?

"Are you root?" means that you're trying to run an administrator-only program (like apt-get) with ordinary user rights. By default, Knoppix boots up with you as the "knoppix" user. But you can become the "root" (administrative) user by typing "su" at a console prompt. There's no root password as I recall. You'll notice that your prompt changes from "$" to "#" when you're root.
__________________
SeijiSensei is offline   Reply With Quote
Old 2008-02-04, 06:24   Link #20
Chrono Helix
Senior Member
 
 
Join Date: Jan 2008
I type 'sudo apt-get install clamav', and I'm told
Quote:
clamav is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
A clamscan of my C:> gets 0 infections found. The same goes for my C:\Windows>, C:\Windows\system32, and C:\Windows\system32\config>

Is there a way to clamscan the entirety of the hard drive? Having to scan folder by folder's a real hassle.
Chrono Helix is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 13:57.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
We use Silk.