Last night, I found a virus on my laptop. The strange thing is, I haven't used my laptop for a long time and so I have no idea how it possibly got infected. It's only one of those annoying viruses that keep opening pop-up windows and it doesn't corrupt any data, so normally, it shouldn't be that hard to clean up. But damn, it took me the whole night to get rid of it... (partly due to my own stupidity).
- the Norton on my laptop was outdated, I should have just updated it to a newer version right from the start, but for some bizarre reason I decided to go download some spyware doctor program instead.
- spyware doctor told me I had a virus (duh!), but the stupid trial version only scans and doesn't allow you to fix the problem (#$@&!&$!!). What's kind of trial program is that? What a completely useless piece of dog poo...
- ok fine, I uninstalled spyware doctor, uninstalled Norton and put on a new version. The scan came up with 3 infected dll files. 2 of them Norton was able to delete, but the 3rd one it left it alone (what da heck...) Well, no big deal, probably the dll is in memory so it can't be deleted.
- so I go in safe mode with command line, and tried to delete the malicious file manually. To my surprise and dismay, the file is locked even in safe mode.
- I need to use the recovery console, I figured. Stuck my winxp CD into the laptop and rebooted. Hey, how come it's not booting from the CD?? Fine, I need to change the boot sequence. Rebooted again, and held down the del button thinking that'll take me into the BIOS... no luck.
- *sigh*, spent another 10 - 15 minutes figuring out how to change the boot sequence on Toshiba laptops. It turns out it can be done in the control panel. grr...
- Finally booting into the recovery console now, and I am staring at the prompt for the administrator password. Uh oh, what is the password? My usual passwords don't work and I have to reboot after 3 unsuccessful tries... annoying.
- Logged back into Windows. I am trying to switch to the administrator account, and the winxp login screen doesn't usually show the administrator login icon (I forget under what conditions it shows it). In any case, I had to switch back to classical login so that I can type in administrator directly
- After fidgetting at the login screen for another 5 - 10 minutes, I finally figured out that I had NO administrator password set (I am kicking myself at this point). That's not a good thing, so I changed it to my usual password.
- Back in recovery console, typed in my password, tada!! It didn't work... what the... When I set the password, there was a warning that my password was too long for older versions of Windows to handle. Could that be the problem?? Logged back into Windows as administrator again, changed the password to something simple. Reboot!
- Back in recovery console... again. Typed in the simple password and it STILL doesn't accept it. I am about to throw my laptop out the window.
- Googled around, and came across this page (it's a godsend). Turns out that winxp's recovery console, for whatever stupid reason will not recognize your password. The workaround is to disable the password prompt by setting the following registry value to 1:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel
- Back in recovery console, true enough, the password prompt is gone. And finally, I was able to delete the infected dll file. All this trouble I went through just to delete this one file... *sigh*. I logged back into Windows and everything is fine once again. I am starting to wonder if formatting my laptop would have been less troublesome.
Subscribe to:
Post Comments (Atom)
2 comments:
ha ha ha... that sounds quite like a jorney to understand... ahem, ur computer and OS instead of cleaning up a virus... lols
Such a long blog entry to read.. For me, I probably would have:
*Format*
=)
Post a Comment