From: "Glenn Meadows" 

What would the magic incantation be using Knoppix, to allow me to DELETE
files on the Windows HD?

I successfully created the Knoppix 4.0.2 bootable CD, and the Dell box very
nicely booted.

I clicked on the hd2 link that was on the desktop, and was able to navigate
to the System32 folder, and there, lo and behold, was the offending file,
browseal.dll.  Right click, select DELETE, got the error Unable to delete,
insufficient permissions (or something like that).  Then, I opened the
properties on the file, and attempted to add the appropriate permissions,
but was told that I was unable to change the permissions.  (The icon on the
file was the "gear", which I presume means "system
file".  Very frustrating.

The resolve I reached on this issue, was remove the HD (it was on snap
slides in the Dell box, which had a swing open case), then add it in on
another system, boot that, and then navigate to the offending file, and was
able to delete it.  Put the drive back in the original box, booted right
up, and since I had cleaned out all the "trash" left from the
attack, it didn't reappear.  Cleaned up the remaining registry entries, ran
a couple more virus scans (AVG, SOPHOS, as well as 4 Adware/malware scans
(Ad-Aware, Spybot, Counterspy, and ewido).  Each found a few other
"remnants" that needed to be cleared out.  One, a left behind
keylogger that never was executed (alt.exe), and a couple other remnants of
W32/Loosky-k.

It appears, that he got hit with the very early bleeding edge of a new
Trojan that's in the wild.


--

Glenn M.
"Robert Comer"  wrote in
message news:43b3f22d$1{at}w3.nls.net...
> I've used Knoppix or BartsPE for things like this...
>
> --
> Bob Comer
>
>
> "Glenn Meadows"  wrote in message
> news:43b35cc9{at}w3.nls.net...
>> Thanks.  I think I've got an XPHome full install version, will have to
>> slipstream it.
>>
>> There's also Knoppix as a trial  (downloading now).
>>
>> --
>>
>> Glenn M.
>> "Robert Comer"  wrote in message
>> news:43b35aa3$1{at}w3.nls.net...
>>> You need a WInXP home CD with SP1 slipstreamed into it, there was a
>>> password hashing problem /difference between GA and SP1.
>>>
>>> --
>>> Bob Comer
>>>
>>>
>>> "Glenn Meadows"  wrote in message
>>> news:43b35949$1{at}w3.nls.net...
>>>> Tried that, got a strange situation.  When booting the Recovery
>>>> console, and asking for the Administrator PW, when entered, I get
>>>> "incorrect password", and I'm not allowed in.
>>>>
>>>> I even booted into safe mode, logged into the Administrator account,
>>>> and reset the password to something else, but the Recovery Console
>>>> still says the Password is incorrect.  The OS is XP-Home, using and
>>>> XP-Pro install CD. Incompatible???
>>>>
>>>> --
>>>>
>>>> Glenn M.
>>>> "Gregg N"  wrote in message
>>>> news:43b35847$1{at}w3.nls.net...
>>>>> Glenn Meadows wrote:
>>>>>> I'm seriously thinking of removing the HD,
strapping it in as a
>>>>>> second drive on another system, and deleteing the
file from a
>>>>>> different booted system. Thoughts on that approach?
>>>>>>
>>>>>>
>>>>> Just use a bootable CD that gives you access to a
command prompt. I
>>>>> think you can use the XP installation CD for this purpose.
>>>>>
>>>>> Gregg
>>>>
>>>>
>>>
>>>
>>
>>
>
>

--- BBBS/NT v4.01 Flag-5