Can't log in to XP

engineereeyore

Platinum Member
Jul 23, 2005
2,070
0
0
Dang weird problem going on here. I own Star Wars, Empire at War, but lost the key, so I went hunting for a keygen. What I thought was a keygen was actually a trojan. That sucked.

Anyway, McAfee removed it and I've booted a time or two since, but now it just hangs at the blue starting up XP screen. I never get to the login screen. I've tried it in safe mode, same deal. I also have Fedora installed on the computer and I can boot up to it with no problems. I ran diagnostics on the hard drive and ram just to make sure and everything is okay. So I figured the trojan must have just killed something in XP. This being the case, I thought I'd try a simple repair, then reload if necessary. Problem is, the Windows CD won't boot either. I get the "press any key' screen and then the "Setup is checking your current installations' screen, but then nothing. Just blackness. If I pop in a Windows 2000 CD, I can get into setup for that OS.

Just curious if anyone has any thoughts or ideas. My only other thought is to use the 2000 Setup to nuke the drive and then reboot with XP. Hopefully that will work, but I'd prefer not to have to do that. So if anyone has any idea, please let me know.

Thanks for looking.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
How about this approach, assuming you don't want to lose your Fedora (sorry, couldn't help it :D): install Win2000, then upgrade it to XP? This will only work if your XP is a retail-boxed XP Professional Edition, though (OEM XP can't do upgrades, and XP Home can't upgrade 2000 Pro). This also could mess up your bootloader, so back your stuff up from your Fedora installation too.

Out of curiosity, do you remember the name of the Trojan as McAfee called it? Malware is interesting, in a maggots-squirming-in-the-rotten-meat kind of way :evil:
 

engineereeyore

Platinum Member
Jul 23, 2005
2,070
0
0
:laugh: Nice pic!

Took me a bit to find the name. I had to mount my windows partitions in linux. Here's what the log file had.

4/27/2007 5:12:35 PM Deleted MATTS-LAPTOP\Eeyore explorer.exe C:\Documents and Settings\Eeyore\Local Settings\Temp\gfustose.dll Vundo.dll (Trojan)

I think I'll probably have to go the 2000 route, but I hate lossing all my data. I hate viruses.

EDIT: By the way, here's the site. Don't every download anything from here.

http://keygen.name/serial/star_wars_empire_at_war.html
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Originally posted by: engineereeyore
:laugh: Nice pic!

Took me a bit to find the name. I had to mount my windows partitions in linux. Here's what the log file had.

4/27/2007 5:12:35 PM Deleted MATTS-LAPTOP\Eeyore explorer.exe C:\Documents and Settings\Eeyore\Local Settings\Temp\gfustose.dll Vundo.dll (Trojan)
Ewww, Vundo = evil :Q
I think I'll probably have to go the 2000 route, but I hate lossing all my data. I hate viruses.

EDIT: By the way, here's the site. Don't every download anything from here.

hXXp://keygen(DOT)name/serial/star_wars_empire_at_war.html
Actually I like downloading malware, but not so I can run it. I upload it into VirusTotal.com for analysis. VirusTotal analysis of the keygen :camera:

You might want to switch to free Kaspersky antivirus for the next go-around, since they update their virus definitions 24 times per day (at least), versus once per weekday for McAfee. The response time is an important factor nowdays... the bad guys released sixty-two new variants of Rbot yesterday, for example :shocked: As you can see from my VirusTotal screenshot, McAfee is still not detecting the actual Trojan Horse as such, and detecting its payload after the fact is too little, too late.
 

engineereeyore

Platinum Member
Jul 23, 2005
2,070
0
0
Thanks for the info. I'll have to check those out. I'll have the perfect opportunity to try Kaspersky out since I have to reload. I had to wipe my primary Windows partition and both my Linux partitions just to get the computer to boot to the Windows CD. Fortunately, my data partition is still okay and doesn't seem to have been affected.

Thanks again for the info!