[pchelpers] Re: indomitable malware - Antivir best antimalware program

Hi Ekhart,

Friday, March 23, 2007, 2:42:37 AM, you wrote:

EGlnl> I tried Bootvis with both of the unintuitively exclusive and
EGlnl> confusing choices "restart automatically after tracing" and
EGlnl> "shutdown before tracing"* on the formerly sick laptop but it
EGlnl> keeps crashing towards the end of "saving the boot trace to
EGlnl> file" after the boot.

I've run into the same problems with it that you have. When I start it
up again and load the same trace file, no problem.


EGlnl> sisidex.sys

You may want to download and reinstall the SiS chipset drivers.

You might want to turn on the option to show hidden devices, and
delete the dimmed-out ones; that might account for some of the
non-starting drivers.


EGlnl> I seem to remember that the same logging command that produces
EGlnl> ntbtlog.txt produced c:\bootlog.txt or something like that in
EGlnl> 98, but i don't have time to look that up now.

Apparently in XP you get NTBTLOG.TXT instead of BOOTLOG.TXT. :(

You were wanting to know how to walk a user through booting into safe
mode... just found it.  Run up MSCONFIG, go to the BOOT.INI tab, and
check the SAFEBOOT box.


EGlnl> Before i run Bootvis, is there anything i can do with the info
EGlnl> provided by ntbtlog about all "Did not load driver XYZ"
EGlnl> entries? I seem to remember that the Win98 file had a lot more
EGlnl> info, including time spent trying to load each driver.

Yes, they've "improved" it. :(


>> No, it should not have that key normally. The system automatically
>> deletes the whole thing if everything is set to "Not configured".

EGlnl> Where? That option is apparently only in gpedit and that's not
EGlnl> available in XP Home.

Where what?  By default, those entries don't exist.


EGlnl> 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windowsfirewall\domainprofile]
EGlnl> "enablefirewall"=dword:00000000

I'd say that it's malware indeed, considering that a "normal" user
would have to go to some effort to do this on XP Home.

-- 
Scott.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: