|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Edit Windows Registry from Linux LiveCD?
|
"chntpw", a GPL, linux-based utility:
http://pogostick.net/~pnh/ntpasswd/
this article states it is available in apt, package name is chntpw (easy enough)
http://www.mydigitallife.info/2009/02/03/reset-and-change-windows-nt2000-administrator-or-user-password-with-chntpw-in-linux/
I've only ever used the utility to change a forgotten password, and I
can say it works flawlessly for that. it also has a registry edit
function. I've never used it for that, and can not attest to its
effectiveness or flawlessness.
HTH,
--
James Barrett
On Sat, Jan 9, 2010 at 5:29 PM, JP Vossen <jp@jpsdomain.org> wrote:
> A cousin has gotten "Internet Security 2010" and our initial t-shooting
> has failed. The malware is still resident in Safe Mode, and it will not
> allow a DOS prompt, regedit or even notepad to run. We tried: Start,
> Run, Notepad; Start, Progs, Accessories, Notepad; And browsing to
> C:\Windows and double-clicking notepad.exe. All failed.
>
> So I'm going to have him burn an Ubuntu LiveCD, install SSH server and
> I'll SSH in and delete files per
> http://www.2-spyware.com/remove-internet-security-2010.html. Something
> like (untested):
>
> mount /dev/sda1 /mnt # Assuming his Windows XP is on /dev/sda1
> rm -rf /mnt/c
> rm -rf /mnt/Program?Files/InternetSecurity2010
> find /mnt -iname 'IS2010.exe' \
> -o -iname '41.exe' \
> -o -iname 'winhelper86.dll' \
> -o -iname 'winlogon86.exe' \
> -o -iname 'winupdate86.exe' \
> -o -iname 'Internet Security 2010.lnk' | xargs echo rm
> cd windows/system32/config/
> cp -av default REG_BACKUP.default
> cp -av security REG_BACKUP.security
> cp -av software REG_BACKUP.software
> cp -av system REG_BACKUP.system
> cp -av sam REG_BACKUP.sam
>
>
> I'd also like to clean up the registry a bit, so any ideas how to do
> that from the LiveCD? Various places found via Google suggest running a
> Windows-based third-party RegEdit tool under Wine, and this looks
> promising (worked in a VM anyway, though I didn't test writing):
>
> http://www.pcregedit.com/
> PCRegedit is a Linux Live CD based, easy-to-use tool to create, delete,
> edit the windows registry key-values without booting from Windows.
>
>
> Any other ideas for cleaning up the malware? (I haven't seen the PC but
> it's old, running XP, and he has no CDs for it, I suspect it's some old
> whitebox. I doubt he updates it, and he was using IE and Outlook
> Express. He did have Comcast's Macafee A/V on it.)
>
> Thanks,
> JP
> ----------------------------|:::======|-------------------------------
> JP Vossen, CISSP |:::======| http://bashcookbook.com/
> My Account, My Opinions |=========| http://www.jpsdomain.org/
> ----------------------------|=========|-------------------------------
> "Microsoft Tax" = the additional hardware & yearly fees for the add-on
> software required to protect Windows from its own poorly designed and
> implemented self, while the overhead incidentally flattens Moore's Law.
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
>
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|