|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Edit Windows Registry from Linux LiveCD?
|
Trinity Rescue Kit has a registry editing utility.
-----Original Message-----
From: plug-bounces@lists.phillylinux.org
[mailto:plug-bounces@lists.phillylinux.org] On Behalf Of JP Vossen
Sent: Saturday, January 09, 2010 5:29 PM
To: plug@lists.phillylinux.org
Subject: [PLUG] Edit Windows Registry from Linux LiveCD?
A cousin has gotten "Internet Security 2010" and our initial t-shooting
has failed. The malware is still resident in Safe Mode, and it will not
allow a DOS prompt, regedit or even notepad to run. We tried: Start,
Run, Notepad; Start, Progs, Accessories, Notepad; And browsing to
C:\Windows and double-clicking notepad.exe. All failed.
So I'm going to have him burn an Ubuntu LiveCD, install SSH server and
I'll SSH in and delete files per
http://www.2-spyware.com/remove-internet-security-2010.html. Something
like (untested):
mount /dev/sda1 /mnt # Assuming his Windows XP is on /dev/sda1
rm -rf /mnt/c
rm -rf /mnt/Program?Files/InternetSecurity2010
find /mnt -iname 'IS2010.exe' \
-o -iname '41.exe' \
-o -iname 'winhelper86.dll' \
-o -iname 'winlogon86.exe' \
-o -iname 'winupdate86.exe' \
-o -iname 'Internet Security 2010.lnk' | xargs echo rm
cd windows/system32/config/
cp -av default REG_BACKUP.default
cp -av security REG_BACKUP.security
cp -av software REG_BACKUP.software
cp -av system REG_BACKUP.system
cp -av sam REG_BACKUP.sam
I'd also like to clean up the registry a bit, so any ideas how to do
that from the LiveCD? Various places found via Google suggest running a
Windows-based third-party RegEdit tool under Wine, and this looks
promising (worked in a VM anyway, though I didn't test writing):
http://www.pcregedit.com/
PCRegedit is a Linux Live CD based, easy-to-use tool to create, delete,
edit the windows registry key-values without booting from Windows.
Any other ideas for cleaning up the malware? (I haven't seen the PC but
it's old, running XP, and he has no CDs for it, I suspect it's some old
whitebox. I doubt he updates it, and he was using IE and Outlook
Express. He did have Comcast's Macafee A/V on it.)
Thanks,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP |:::======| http://bashcookbook.com/
My Account, My Opinions |=========| http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|