N
necrophyte
this is what i already posted on tech-forums.net:
still banging head against a wall that i even installed that #*%&
software... this is what i already posted in the support forum of that
software's company's website (www.greatis.com):
i just installed regrun platinum 5.7 since i read that this software was
able to remove win32/iroffer, which i suspected to have some remaining,
non-active files left on my computer (ms-java.exe, s.dll etc.), which it by
the way did not although present in the windows/driver/i386 folder..
i updated the database, ran some utilities (didnt delete anything, just
looked at what it would detect - as mentioned before, it didnt detect
ms-java.exe as a malware..), and then ran the partizan bootwatch rootkit
detection which asked me to reboot in order to search for rootkits...
i did so, and after the winxp bootscreen a blue screen appeared saying
regrun partizan - bootwatch antirootkit. greatis software (c) 2007-2008
partizan driver is active.
well, thats as far as my computer comes now. safe mode > hangs up while
still booting up windows (last loaded device is mup.sys)
last good configuration causes blank screen.
CTRL-ALT-DEL doesnt work. i can only boot again after shutting down using
the power button.
i. e. - OBVIOUSLY NO WAY TO BOOT MY COMPUTER AGAIN
any suggestions?
i can 100% assure that my computer was completely spyware/malware/virus- FREE
specs:
hp notebook nx9030
winxp professional sp2
before rebooting after running regrun/partizan.. for the first time,
EVERYTHING WENT PERFECTLY
any suggestions?
PS: debugging mode - same problem, win domain controllers only - after
loading controllers the partizan driver is active text appears again, but
this time on the black screen, not the win blue screen.
-------
i just disabled "partizan" using bootcfg in the recovery console.
well, now after the windows bootscreen the same blue screen appears, only
now it only says:
regrun partizan - bootwatch antirootkit. greatis software (c) 2007-2008
without "partizan driver is active."
i cant find any other service that is still enabled that could be part of
that software.
is there any other way to disable everything related to that
regrun/unhackme/partizan trash? it has to be started before all other
services in order to detect rootkits, so where could that entry be, maybe
registry? can i access the registry somehow?
i still cant believe this is happening.. some few hours ago my computer went
perfectly and now..
-----
i just found some technical information about that trash..
partizan (part of unhackme, which is part of the regrun suite :/) starts
using the UNHACKMEDRV.SYS kernel driver
in the registry the entries are
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager
BootExecute
and RunOnceEx
...so, anyone an idea how to stop/disable/delete/reset UNHACKME.SYS and those
two registry entries (bootexecute & runonceex) using the recovery console or
any other method while not being able to boot windows?
thanks..
still banging head against a wall that i even installed that #*%&
software... this is what i already posted in the support forum of that
software's company's website (www.greatis.com):
i just installed regrun platinum 5.7 since i read that this software was
able to remove win32/iroffer, which i suspected to have some remaining,
non-active files left on my computer (ms-java.exe, s.dll etc.), which it by
the way did not although present in the windows/driver/i386 folder..
i updated the database, ran some utilities (didnt delete anything, just
looked at what it would detect - as mentioned before, it didnt detect
ms-java.exe as a malware..), and then ran the partizan bootwatch rootkit
detection which asked me to reboot in order to search for rootkits...
i did so, and after the winxp bootscreen a blue screen appeared saying
regrun partizan - bootwatch antirootkit. greatis software (c) 2007-2008
partizan driver is active.
well, thats as far as my computer comes now. safe mode > hangs up while
still booting up windows (last loaded device is mup.sys)
last good configuration causes blank screen.
CTRL-ALT-DEL doesnt work. i can only boot again after shutting down using
the power button.
i. e. - OBVIOUSLY NO WAY TO BOOT MY COMPUTER AGAIN
any suggestions?
i can 100% assure that my computer was completely spyware/malware/virus- FREE
specs:
hp notebook nx9030
winxp professional sp2
before rebooting after running regrun/partizan.. for the first time,
EVERYTHING WENT PERFECTLY
any suggestions?
PS: debugging mode - same problem, win domain controllers only - after
loading controllers the partizan driver is active text appears again, but
this time on the black screen, not the win blue screen.
-------
i just disabled "partizan" using bootcfg in the recovery console.
well, now after the windows bootscreen the same blue screen appears, only
now it only says:
regrun partizan - bootwatch antirootkit. greatis software (c) 2007-2008
without "partizan driver is active."
i cant find any other service that is still enabled that could be part of
that software.
is there any other way to disable everything related to that
regrun/unhackme/partizan trash? it has to be started before all other
services in order to detect rootkits, so where could that entry be, maybe
registry? can i access the registry somehow?
i still cant believe this is happening.. some few hours ago my computer went
perfectly and now..
-----
i just found some technical information about that trash..
partizan (part of unhackme, which is part of the regrun suite :/) starts
using the UNHACKMEDRV.SYS kernel driver
in the registry the entries are
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager
BootExecute
and RunOnceEx
...so, anyone an idea how to stop/disable/delete/reset UNHACKME.SYS and those
two registry entries (bootexecute & runonceex) using the recovery console or
any other method while not being able to boot windows?
thanks..