Requirements to burn a CD
An image file (We’ll use our custom Linux liveCD for these instructions)
- Custom Puppy Linux iso ‘puppy-431-NOP_wine-1.1.35′ ‘sPCpup-431_wine138.iso‘ found in the Downloads section
CD-RW (to burn the downloaded iso)
Windows ISO burning application:
Provided you have all of the required resources available (if not bother a friend) we can begin by downloading both the ISO as well as your choice of burning application. Note: You will need to register an account to download the Linux ISO. I prefer BurnCDCC myself as it is a light-weight standalone application (a small application that does not require an installation to run). For these direction we’ll assume you have chosen BurnCDCC as well.
Open BurnCDCC by extracting the zip file and double-clicking on the application named BURNCDCC.exe.
Click on the ‘Browse’ button for the label ‘File Image:’ and locate the Linux ISO (puppy-431-NOP_wine-1.1.35.iso) (sPCpup-431_wine138.iso) you acquired from the Downloads section and double-click on it.
Click the ‘Start’ button at the bottom of the dialog window. Your cd/dvd-rw tray should open. Insert a blank CD, close the drive and click the OK button. After a minute or so you should have a Linux liveCD.
UPDATE – Monday, December 6th, 2010
I have good news… I think. I haven’t had a chance to run a full battery of tests yet, but I do know that Malwarebytes is now at least installing, loading, updating, and scanning properly. Granted this was run under Windows XP within a virtual terminal… I will post more as soon as I have time.
I apologize for the delay, work is holding me up! I have had a chance to do some further testing and there seem to be some issues, but nothing that prevents Malwarebytes from being utilized though.
What I’ve noticed so far:
Switching tabs within the main GUI creates rapid flickering within the GUI itself and the only way to get the updates to take is by clicking the Updates tab, clicking back on the Scanner tab, then clicking the Check for Updates button. The GUI then needs to be exited and restarted to begin a scan. Scanning proceeds as it should, deletions seem to work fine as well. As with the previous versions, you will have at least 1 infection claimed within wine itself… I will post details later when I get a chance to put together a complete package… Should be later this evening.
I have uploaded both the ISO (sPCpup-431_wine138.iso) as well as the latest wine build (wine-1.3.8.pet). The directions below still apply… Let me know if you find any issues.
…the wine file c:\windows\system32\winnls32.dll is found to be infected with Trojan.Tracur. This, of course, is a false positive and can be safely ignored.
—————————————
Good day to you all, this is Ted from slighPC’s and I wanted to comment about the drastic increase in harmful malware (malicious software). Recently I have been subjected to an incline of issues pertaining to Windows malware infections and the numerous major issues stemming from them. In this article I plan on portraying a worst-case-scenario and discussing the methods to resurrect a Windows machine from the dead so to speak.
Windows will not boot no matter what is done. All suggested fixes and resolutions have been implemented and the machine is still non-functional. This is becoming more and more prevalent in my experiences and for me personally… I feel defeated if I have to resort to a clean install to rectify any issue.
That said, most computer shops would recommend a reformat and clean install at this point… but what about my Programs and Data, you ask? Most if not all data could theoretically be saved to external media and re-populated after a clean install. This though, has been the case in very few of my experiences. The main problem seems to be following software data backup procedures prior to issue occurrences. For example, Outlook by default saves data in an OST file which cannot be restored without additional resources or 3rd party application(s). This data would need to be saved as a PST file from within Outlook itself, which can be restored. Programs or applications are an entirely different story due to their use of the underlying Windows components such as the registry… sadly I have never found a sure-fire, completely successful path to restoring single applications after a clean OS install. Due to these setbacks I have always made it a point to investigate every avenue to performing a full repair, leaving the reformat as the ultimate last resort. …Enough with the technical jargon, let’s get on with the fixing!
External OS Scan Procedure (Use at your own discretion as these directions are provided without warranty and we cannot be held liable for any damages as a result of using these directions… We are here to help though, so please keep us posted with any success or failure information and we will be more than happy to provide our assistance and expertise.)
Requirements to run an external OS scan
Broken Windows box with:
CD-ROM boot capabilities
392MB RAM minimum (512MB recommended)
First you’ll need to burn our custom Linux liveCD by following the post “How to burn an ISO file to CD from within Windows“.
Boot from your Linux liveCD
Insert the CD in your CD or DVD-ROM and reboot your computer. You may have the option to select your boot device without changing the BIOS (e.g. Dell machine boot device selection is typically tied to the F12 key). As the OS is booting you will be asked to select your keyboard and video settings (keyboard layout is self-explanatory and the video selection should work fine under Xorg… if you have issues choose Xvesa).
Setup the Network connection
Click on Menu (bottom left corner) -> Setup -> Network Wizard
Depending on your interfaces, you selection may vary. For most will select eth0 by clicking the button conveniently labeled eth0; click the Auto DHCP button to acquire an IP address. You will have the option to save the settings to automatically establish a connection on the next boot (so long as your on the same machine). Click Done and if all went well, you now have Internet access.
Download and Install Malwarebytes’ Anti-Malware from within Linux
Use the default browser to download Malwarebytes’ Anti-Malware free version.
Click on Menu -> Internet -> Opera Browser/Mail/Chat
Ok the Opera update pop-up dialog box and replace the URL bar contents:
file://localhost/usr/share/docs/home.htm
with the Malwarebytes’ Anti-Malware site URL below:
http://malwarebytes.org
and then press the Enter key on your keyboard.
Locate and click on the button “Download free version” on the left hand side of the page.
Save the file to the default location (/root) for ease of use with these directions.
Click on Menu -> Utility -> Terminal
In the Terminal window type the following command to begin the Malwarebytes’ Anti-Malware installation:
wine ~/mbam-setup.exe
Follow the prompts and take the defaults as you would in any Windows environment. You will notice a bit of output in the Terminal window as your installation is taking place. This is strictly informational unless of course any issues arise, in which case I would recommend posting your errors to allow us to get you back on track. After the installation is complete and the database is updated you should see the Malwarebytes’ Anti-Malware window appear. Before we begin the scan we will need to mount as well as add our Windows drive to wine. So at this point we will want to close Malwarebytes’ Anti-Malware by clicking on ‘Exit” in the bottom right corner of the window.
Mounting and Adding your Windows partition to Linux
To mount your Windows partition we will first need to locate it. Depending on the make and model of your machine you will most likely have multiple partitions. For example, newer Dell models typically house three separate partitions (a tiny utility partition, a Windows partition, and an image restore partition). The easiest way to locate the correct partition is by mounting each drive labeled sda1, sda2, sda3, etc. (for IDE drives your labels would be represented as hda1, hda2, hda3, etc.) from your desktop and searching for the ‘OS’, ‘Program Files’, and ‘User Profiles’ folders. For Windows XP and Windows Vista installs we would generally be searching for a ‘Windows’ OS (Operating System) folder. For Windows upgrades this may be labeled as Winnt. The ‘Program Files’ directory should be housed in the same location for both XP and Vista. The User Profiles directory should be labeled ‘Documents and Settings’ for XP and ‘Users’ under Vista. Once you have located these three folders you more than likely have the correct partition mounted and ready to go.
From here we will need to add our partition to the wine configuration. First we will need the correct path to the mount. You will need to note the drive label you found the ‘OS’, ‘Program Files’, and “User Profiles’ directories under. In this case we’ll use ‘sda2′.
Click Menu -> Utility -> Wine Config, then click on the ‘Drives’ tab in the Wine Configuration window. You should see the current ‘Drive mappings’ listed as:
C: ../drive_c Z: /Click the button labeled ‘Add…’, leave the default drive letter as ‘D:’ and click OK. Now with ‘D:’ highlighted blue click ‘Browse…’ to the right of ‘Path:’, then click the ‘+’ next to ‘mnt’ in the Browse for Folder window. Click on the the folder we noted from the steps above. In our case we would click on the folder sda2 and click OK. At this point the ‘Path:’ should be populated properly (in our case ‘/mnt/sda2/’). Click ‘Apply’, then ‘OK’ and now we have added our Windows partition to wine.
Running the scan
Open Malwarebytes’ Anti-Malware by clicking Menu -> Other -> Malwarebytes’ Anti-Malware.
Leave the default method ‘Perform quick scan’ and click on the ‘Scan’ button.
Viewing and Removing the infections
After the scan has completed a new dialog box will appear stating The scan completed successfully. Click ‘Show Results’ to display all objects found. Click OK, then click ‘Show Results’ in the bottom right corner. A list of all infections should appear. At this point we are ready to remove all of the infections found by clicking on ‘Remove Selected’ in the bottom left corner and a log file will appear at focus on your desktop.
I would recommend saving the log file to the Windows partition by clicking on ‘File’ -> ‘Save as…’. In the new window click the drop-down arrow to the right of ‘Save in:’ and click on ‘My Computer’. You should now see ‘(C:)’, ‘(D:)’, and ‘(Z:)’ listed, double-click on ‘(D:)’ and give your log a name by filling in the ‘File Name’ text box with ‘mbam-todaysDate’ (Eg. mbam-01-04-10). Then click on the ‘Save’ button and your log file will be located at the root of your Windows partition.
I will assume after you have saved the log file that you will be looking at a Malwarebytes’ dialog window stating ‘All selected item removed successfully… Your computer needs to be restarted to complete the removal process. Would you like to continue?’. From here we want to click on the ‘Yes’ button. If your machine does not initiate a restart automatically you will want to click Menu -> Log Out, and then click on the ‘Restart’ button in the middle of the dialog window. At this point you will be asked if you’d like to Save your Session. For the purpose of simplicity will will select ‘DO NOT SAVE’ by using the right arrow key to select and the enter key to acknowledge. Just after your machine powers down remove the CD-ROM and let Windows (with fingers crossed) boot normally.
Back in Windows (Hopefully…)
Once the machine boots into Windows we should be able to access the Internet to download a copy of Malwarebytes’ Anti-Malware to finish the disinfecting process.
Hello all. Kevin here from slighPC’s, and I want to take a moment to address a rather huge headache that I’ve come across on-site recently. I’ve run into this sort of thing working on people’s home systems quite a few times, but this was most certainly far and beyond the most annoying and time-consuming variant that I’ve run into.
As the title suggests, I’m talking about ATI’s Catalyst drivers and software for Windows platforms.
Now, anyone who is an avid gamer is quite familiar with ATI’s driver package woes. Several of today’s most popular games have at one point or another had troubles directly relating to the poorly-coded implementation of Catalyst packages. Flash back to 2006, when half of my guild (a group of players) could not play World of Warcraft in the specific dungeon we were working on beating at the time (Blackwing Lair) because the current version of ATI’s abomination that passes as a driver would cause constant crashes when it encountered specific architectures in the game. Ask any gaming company’s tech support about Catalyst drivers and likely you’ll elicit a series of groans and eye-rollings followed by a tirade about how much of a pain they are. There’s a reason the vast majority of today’s hottest PC titles brandish an NVIDIA (ATI’s competition in the graphics card industry) logo.
However, up to this point I’d never run into any problems in terms of ATI with anyone who wasn’t a gamer or a 3D modeler. That is, until recently.
Pinpointing the Problem
About a week and a half ago, I was called out to a client site to investigate a series of errors occuring on a workstation running Windows Vista 64-bit edition. The user was experiencing error messages and blue screen crashes on a fairly regular basis. Thankfully, he had written down the errors he was receiving for me to check into. My first instinct, based on experience, was that this was a hardware conflict of some sort; in this day and age programs are rarely so poorly-written as to cause BSOD crashes. After investigating the error code and checking the given memory address of the problem against the device IRQs in Device Manager, sure enough it was related to the ATI Radeon 4800 series card the user had installed.
The first step I decided to try was, of course, updating the video driver which was several months out of date. Video card drivers typically need frequent updates to remain functional as bugfixes are common and performance issues are improved with each new release. So, after grabbing the newest verion of the Catalyst Control Center package I’d figured the problems would resolve themselves quickly. Wrong. Upon restart, a new error message prevented itself, albeit not a blue-screen related one:
Could not load file or assembly ‘MOM.Implementation, Version=2.0.3257.27085, Culture=neutral, PublicKeyToken=90ba9c70f846762e’ or one of its dependancies. The system cannot find the file specified.
Upon querying the client about the message, his response was that this error had actually been popping up after every single restart. Interesting, to say the least. So, to the web I went to do a little research. As it turns out, this too was related to the ATI card and its interaction with the .NET Framework packages which were a native part of Windows Vista. Recommendations for dealing with the problem included a lengthy series of steps, including uninstalling and reinstalling the ATI drivers, updating and/or installing the .NET Framework to version 3.5 along with its Windows Update-distributed Service Pack 1, and uninstall/reinstall of the Visual C++ 2005 and 2008 Redistributibles. So after setting about to do all this (and waiting for ages for Vista’s molasses-paced Windows Update procedure, but that’s another rant for another blog entry) I’d figured the OS wouldn’t have a problem finding the missing file. However, upon restarts the error persisted.
Into the Breach Once More…
So, I dug a little deeper into my research on the issue, targeting the general nature of the error rather than the specifics. Once again, the documentation found suggested installing all the aforementioned packages. Once again, the error was related to ATI drivers. However, it was also suggested to take a step by step check of the registry and Windows/INF directories to clean out unused installation files and deprecated dependencies before reinstallation of the Catalyst files. As I furrowed my brow, I wondered why this was necessary…didn’t the fine folks at ATI (who was recently acquired by AMD) know how to code driver package updates which properly checked for and cleaned out previous versions of the software?
Then I remembered the gripes from my gaming days with the company’s products, and of course that question turned out to be rhetorical.
After installing CCleaner (http://www.ccleaner.com), a great little program for finding and eliminating unused registry entries which could be causing rogue problems, and running a scan which cleaned out almost 200 antiquated keys, another restart was in order. Of course, the error still persisted even with no ATI drivers presently installed and running, which forced me to roll up my sleeves, run regedit.exe and look for the offending keys myself. What I found simultaneously amazed and disgusted me; every single reinstall of the Catalyst driver package and Control Center had left active registry keys in LOCAL_MACHINE and CURRENT_USER which were not wiped out by the uninstall process or even CCleaner, the latter being a first time occurance for me. After thoroughly deleting these entries, and then scouring through every file in the INF directory to make sure the old install files were properly disposed of, I performed yet another restart.
Boom, the error was gone. After that, I went ahead and reinstalled the latest Catalyst drivers and the error (and associated blue screens) stayed down for the count.
The Final Word
So there you have it. While ATI graphics card have more or less great performance (the gap between the latest generations of ATI and Nvidia cards are nearly negligible), their drivers more or less suck. What can you do to alleiviate this? For starters, there exist alternate drivers for ATI products, the Omega drivers, which have long been used by the gaming community to address specific problems that ATI were either unable or unwilling to fix in any expedient terms. Of course, if you use Linux, you’ll be happy to know that AMD themselves support open-source drivers for that platform. Yet another reason not to use Windows? Indeed, as this whole headache would have been avoided if we’d been using well-coded and thoroughly documented community-supported drivers to begin with.
Categories
Tag Cloud
Blog RSS
Comments RSS
Last 50 Posts
Back
Void 
Life 
Earth 
Wind 
Water 
Fire