[PLUG] Edit Windows Registry from Linux LiveCD?

JP Vossen on 9 Jan 2010 14:29:51 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Edit Windows Registry from Linux LiveCD?

From: JP Vossen <jp@jpsdomain.org>

To: plug@lists.phillylinux.org

Subject: [PLUG] Edit Windows Registry from Linux LiveCD?

Date: Sat, 09 Jan 2010 17:29:29 -0500

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0

A cousin has gotten "Internet Security 2010" and our initial t-shooting has failed. The malware is still resident in Safe Mode, and it will not allow a DOS prompt, regedit or even notepad to run. We tried: Start, Run, Notepad; Start, Progs, Accessories, Notepad; And browsing to C:\Windows and double-clicking notepad.exe. All failed. So I'm going to have him burn an Ubuntu LiveCD, install SSH server and I'll SSH in and delete files per http://www.2-spyware.com/remove-internet-security-2010.html. Something like (untested): mount /dev/sda1 /mnt # Assuming his Windows XP is on /dev/sda1 rm -rf /mnt/c rm -rf /mnt/Program?Files/InternetSecurity2010 find /mnt -iname 'IS2010.exe' \ -o -iname '41.exe' \ -o -iname 'winhelper86.dll' \ -o -iname 'winlogon86.exe' \ -o -iname 'winupdate86.exe' \ -o -iname 'Internet Security 2010.lnk' | xargs echo rm cd windows/system32/config/ cp -av default REG_BACKUP.default cp -av security REG_BACKUP.security cp -av software REG_BACKUP.software cp -av system REG_BACKUP.system cp -av sam REG_BACKUP.sam I'd also like to clean up the registry a bit, so any ideas how to do that from the LiveCD? Various places found via Google suggest running a Windows-based third-party RegEdit tool under Wine, and this looks promising (worked in a VM anyway, though I didn't test writing): http://www.pcregedit.com/ PCRegedit is a Linux Live CD based, easy-to-use tool to create, delete, edit the windows registry key-values without booting from Windows. Any other ideas for cleaning up the malware? (I haven't seen the PC but it's old, running XP, and he has no CDs for it, I suspect it's some old whitebox. I doubt he updates it, and he was using IE and Outlook Express. He did have Comcast's Macafee A/V on it.) Thanks, JP ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| http://bashcookbook.com/ My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Edit Windows Registry from Linux LiveCD?
From: "John Karr" <brainbuz@brainbuz.org>

Re: [PLUG] Edit Windows Registry from Linux LiveCD?
From: James Barrett <jadoba@jadoba.net>

Re: [PLUG] Edit Windows Registry from Linux LiveCD?
From: LeRoy <ldc@lrcressy.com>

Re: [PLUG] Edit Windows Registry from Linux LiveCD?
From: Edmond Rodriguez <erodrig_97@yahoo.com>

Re: [PLUG] Edit Windows Registry from Linux LiveCD?
From: Drew Lehman <dlehman@digitatech.com>

Prev by Date: Re: [PLUG] Advice for Web Application Framework

Next by Date: Re: [PLUG] Edit Windows Registry from Linux LiveCD?

Previous by thread: [PLUG] What's wrong with moving parts? [Was: Running Linux, from a USB key?]

Next by thread: Re: [PLUG] Edit Windows Registry from Linux LiveCD?

Index(es):

Date

Thread