What the F**K

  • Thread starter Thread starter casey.o
  • Start date Start date
C

casey.o

I just decided there was no saving the OS on my IBM T43 laptop after
that virus. I ran MS Security Essentials a second time and it found 66
infected files again. Most programs would not run, some vanished
entirely. The Firefox icon changed, and it took 10 minutes for FF to
load. Critical windows files are missing, and after that second run, I
found that MS Security Essentials itself was damaged or removed.

I dont have a retail CD for XP pro, but I do have a Dell branded one. I
installed it, and formatted the HDD. Then I decided to run the
installer and just see what happens.

Anyhow, when it got to the part of installing XP, it found a blank Flash
drive (8gig) plugged into the computer, and asked me if I want to
install XP to the HDD or to the Flash Drive ???? HUH..... WTF?????

Is that possible? What do I put in for the COA numbers? The same ones
on the computer, or what?

I decided to let it install to the flash drive if it wanted, and it's
running now.
Maybe this will solve my problem, of how to restore my backup, which is
NOT a clone, but rather a copy of all the files......
 
I just decided there was no saving the OS on my IBM T43 laptop after
that virus. I ran MS Security Essentials a second time and it found 66
infected files again. Most programs would not run, some vanished
entirely. The Firefox icon changed, and it took 10 minutes for FF to
load. Critical windows files are missing, and after that second run, I
found that MS Security Essentials itself was damaged or removed.

I dont have a retail CD for XP pro, but I do have a Dell branded one. I
installed it, and formatted the HDD. Then I decided to run the
installer and just see what happens.

Anyhow, when it got to the part of installing XP, it found a blank Flash
drive (8gig) plugged into the computer, and asked me if I want to
install XP to the HDD or to the Flash Drive ???? HUH..... WTF?????

Is that possible? What do I put in for the COA numbers? The same ones
on the computer, or what?

I decided to let it install to the flash drive if it wanted, and it's
running now.
Maybe this will solve my problem, of how to restore my backup, which is
NOT a clone, but rather a copy of all the files......
Click to expand...

There could be more than one model of T43. It has
CardBus and ExpressCard according to this.

http://www.cnet.com/products/thinkpad-t43/specs/

There might be an additional part number, something
that would give a more precise hardware description.
Based on what I can see there, I'd check the expansion
slots to see if anything is plugged in.

An OEM OS activates based on a BIOS SLIC table. The OS
queries the BIOS tables and sees the SLIC that says "Dell".
And that's how the Dell OS knows it should activate with
no further bother.

Windows 8 would be different, and an old laptop
would not have an actual Windows 8 license key
stored in the BIOS. But OS before Windows 8, continue
to use SLIC as a means of authorizing things like
Dell or HP OEM OS media (recovery disc set).

Paul
 
Why would you choose to install XP to the flash drive instead of the HDD?
Click to expand...

First off, it did not work......
It got to a certain point and posted an error message saying something
about the disk is not normal (something like that).

Why does Windows offer to do shit like that? It should be at least
halfway smart enough to know this wont work.....
(I know it's not the drive size, XP installs on 4 gigs or less. this
flash drv is 8gb. (and was empty).

The reason is because I want to restore my backup. It's a COPY of all
the files, not a clone. I cant copy to the OS to the HDD, while booted
from the HDD. I cant figure out how to copy while booted to REPAIR mode
from an XP CDrom. The USB ports are not recognized, and they dont allow
using *.* for filenames or folders.

I'm currently trying to figure out what I got around here to make a
bootable linux Flash drive (without the laptop, I cant download anything
big, and I dont have drivers for it).

My other thought is to copy my entire backup to the HDD, using the
installed Dell OEM disk (which did install to the HDD). But change the
folder names such as WINDOWS, PROGRAM FILES, etc, Then reboot, use the
CD Repair utility to rename the installed Windows to another name and
rename the backup of Windowes to the name WINDOWS, etc.....

I'm not sure how else to do this.....
 
Aye, that's how I loaded XP on my T42. I used the files on my desktop
XP disk, modified two files (so that it "looked for" the right code in
the BIOS), and it installed without needing activation. Of course the
laptop has a product license on the bottom, it just didn't come (used)
with an XP installation disk.

Jon
Click to expand...

Could you please explain this a little more. What files do you rename?
To what name?

I have a valid COA on the bottom, but this was a refurbished computer
and did not come with any install or repair CDs.

The Dell OEM CD did install, and it never asked me for the product code.
I was surprised, but now I know why. So I know I cant activate it. Yet
I'm not doing anything illegal. Once I figure out how to replace my
backup, all of that should be covered anyhow, and not need reactivation.
 
An OEM OS activates based on a BIOS SLIC table. The OS
queries the BIOS tables and sees the SLIC that says "Dell".
And that's how the Dell OS knows it should activate with
no further bother.
Click to expand...

Aye, that's how I loaded XP on my T42. I used the files on my desktop
XP disk, modified two files (so that it "looked for" the right code in
the BIOS), and it installed without needing activation. Of course the
laptop has a product license on the bottom, it just didn't come (used)
with an XP installation disk.

Jon
 
There could be more than one model of T43. It has
CardBus and ExpressCard according to this.

http://www.cnet.com/products/thinkpad-t43/specs/

There might be an additional part number, something
that would give a more precise hardware description.
Based on what I can see there, I'd check the expansion
slots to see if anything is plugged in.

An OEM OS activates based on a BIOS SLIC table. The OS
queries the BIOS tables and sees the SLIC that says "Dell".
And that's how the Dell OS knows it should activate with
no further bother.

Windows 8 would be different, and an old laptop
would not have an actual Windows 8 license key
stored in the BIOS. But OS before Windows 8, continue
to use SLIC as a means of authorizing things like
Dell or HP OEM OS media (recovery disc set).

Paul
Click to expand...


Once I can be sure there are no traces of that virus on my Win98 /
Win2000 machine, I'll copy CPU-ID to the T43 and that tells everything
about it. But that may be a few more days to figure out how to make
sure there are no traces of that virus anywhere.

System Properties shows it's a Intel Pentium M processor 1.86Ghz
782 Mhz
512 Mb Ram

However, it did NOT activate. I got the icon telling me I have 30 days.
It also put a DELL folder on the HDD, but that's insignificant....

That reminds me. If I plug a Flash Drive into the computer which is now
running PcLinux, can this virus infect the HDD on that linux computer?
I'm almost positive I can not infect Linux itself, but if that
autorun.inf file gets copied to that HDD, I would think it would infect
everything that is plugged into that machine again.....

My reason for asking this is because if the file "Autorun.inf" *IS* on
the flash drive, I should be able to see it (even if it's hidden), using
linux without infecting anything (I hope).
Thanks
 
What about just fresh installing XP on the HDD, and then copying your user
files (if that's what you want) over to the XP HDD? What's on the backup
drive that's so important? At least this way you'd have a fresh clean copy
of XP installed, and can then copy some user files over from your other
drive.

Or maybe Paul has some other suggestions.
Click to expand...

I dont have a RETAIL XP-Pro CD to install it from. I only have XP-Home
(retail) and that Dell branded XP-Pro Cd). I cant use the COA on the
computer if I install XP-Home, and although the Dell one is installed,
I'm sure I cant activate it. But I have 30 days to play with it in the
meantime. Otherwise I would probably just do a fresh install.
 
Once I can be sure there are no traces of that virus on my Win98 /
Win2000 machine, I'll copy CPU-ID to the T43 and that tells everything
about it. But that may be a few more days to figure out how to make
sure there are no traces of that virus anywhere.

System Properties shows it's a Intel Pentium M processor 1.86Ghz
782 Mhz
512 Mb Ram

However, it did NOT activate. I got the icon telling me I have 30 days.
It also put a DELL folder on the HDD, but that's insignificant....

That reminds me. If I plug a Flash Drive into the computer which is now
running PcLinux, can this virus infect the HDD on that linux computer?
I'm almost positive I can not infect Linux itself, but if that
autorun.inf file gets copied to that HDD, I would think it would infect
everything that is plugged into that machine again.....

My reason for asking this is because if the file "Autorun.inf" *IS* on
the flash drive, I should be able to see it (even if it's hidden), using
linux without infecting anything (I hope).
Thanks
Click to expand...

Doesn't autorun.inf only work on removable media, and at
the top level of the partition ? The mechanism was originally
intended to launch a program on a CD when you insert it.

If you put a Dell CD contents on a Lenovo, I doubt it will be
accepting every SLIC table under the sun. You'd need to research
what part of the OS holds the SLIC detection.

Paul
 
First off, it did not work......
It got to a certain point and posted an error message saying something
about the disk is not normal (something like that).

Why does Windows offer to do shit like that? It should be at least
halfway smart enough to know this wont work.....
(I know it's not the drive size, XP installs on 4 gigs or less. this
flash drv is 8gb. (and was empty).

The reason is because I want to restore my backup. It's a COPY of all
the files, not a clone. I cant copy to the OS to the HDD, while booted
from the HDD. I cant figure out how to copy while booted to REPAIR mode
from an XP CDrom. The USB ports are not recognized, and they dont allow
using *.* for filenames or folders.

I'm currently trying to figure out what I got around here to make a
bootable linux Flash drive (without the laptop, I cant download anything
big, and I dont have drivers for it).

My other thought is to copy my entire backup to the HDD, using the
installed Dell OEM disk (which did install to the HDD). But change the
folder names such as WINDOWS, PROGRAM FILES, etc, Then reboot, use the
CD Repair utility to rename the installed Windows to another name and
rename the backup of Windowes to the name WINDOWS, etc.....

I'm not sure how else to do this.....
Click to expand...

1) Prepare a partition. The partition type
should be the same kind as was there before.

2) Copy the files over. Including boot.ini and so on.

3) Now, what's missing, is boot code in
the partition boot record. You can use "fixboot"
from the recovery console. THis overwrites some sectors
in the first 63 sectors of the file system header.
The partition boot record gets overwritten, if you
format the partition. If you simply deleted all the files
from C:, and copied the files from backup, the PBR would
still be valid. But of course, with a virus, we'd want
a fresh MBR and PBR. And "fixmbr" and "fixboot" can do
those repairs.

I do this all the time with WinXP. WinXP is installed on a FAT32
partition. To defragment, I...

1) Boot another OS. The WinXP OS cannot be running. I use Win2K.
2) Clean off a partition on your backup drive, to hold the files.
I create a FAT32 partition on the backup drive.
3) Use Robocopy, to copy the entire contents of WinXP C:
to the backup drive. (Perhaps you use XCOPY or similar.)
4) Reformat the WinXP C: drive, using fat32format from Ridgecrop.
This is necessary for FAT32 partitions which are too large for
the Windows formatter to accept. The format operation wipes out
the PBR, so now we cannot boot.
5) Use Robocopy to put the files back. I usually copy pagefile.sys
and hiberfil.sys by hand, first, so they have a preferred location
near the beginning of the partition.
6) Optional step - use Sysinternals "voiumeid" program, to restore
the original VolumeID value.
7) Now it's time to use the WinXP CD and boot to the
recovery console. That's the one where you get a Command Prompt.
From there, it will examine all OS partitions. You have to more
or less blindly select a partition, and enter the Administrator
password when asked. I use a different password on each C:, so that
helps me confirm I have the correct partition.
8) In the Command Prompt window, while booted off the installer CD,

fixboot C:

The correct drive letter isn't always C:, based on the boot order
of the drives and so on. Using the Command Prompt, I use "dir" to
verify I'm pointed at the correct disk. The fixboot command overwrites
the partition boot sector(s) of the C: partition.
9) Now type "exit" or try control-alt-delete to reboot.
10) Try booting on the "all fixed up C:".

In your case, you might need to do fixmbr, just in case the MBR
has been overwritten by a boot virus.

You can see in this example, it's best if only one OS is present
while you use fixmbr. Because then you don't need a block device
identifier. In my case, if I actually needed to do a fixmbr on
my WinXP, I would unplug the Win2K and Win8 drives. The fixboot
doesn't need quite the level of protection - at least, as long
as you have a means to identify that C: is actually
the correct drive letter. I've had cases where the
correct value was D:, so take your time.

http://www.microsoft.com/resources/.../proddocs/en-us/bootcons_fixmbr.mspx?mfr=true

HTH,
Paul
 
Could you please explain this a little more. What files do you rename?
To what name?

I have a valid COA on the bottom, but this was a refurbished computer
and did not come with any install or repair CDs.

The Dell OEM CD did install, and it never asked me for the product code.
I was surprised, but now I know why. So I know I cant activate it. Yet
I'm not doing anything illegal. Once I figure out how to replace my
backup, all of that should be covered anyhow, and not need reactivation.
Click to expand...

Why not at least try? The worst that ever happened to me is it wouldn't
activate.

If it doesn't work, try this link and use the COA sticker number on the
bottom.

http://www.ehow.com/how_6331220_change-key-windows-xp-sp3.html


--
Ken
Mac OS X 10.8.5
Firefox 25.0
Thunderbird 24.3.0
"My brain is like lightning, a quick flash
and it's gone!"
 
Could you please explain this a little more. What files do you rename?
To what name?
Click to expand...

It's not just renaming the files, you basically are copying the contents
from your retail CD into a folder and then modifying a couple of files
(Winnt.sif and Setupp.ini). You also will need to add some compressed
files into the installation media which contain the BIOS string of your
laptop (IBM, in your case).

When you are all done, you use a program like nlite to build an .iso
which you can then use to burn a copy of the installation media.

A good page that explains this can be seen at:
http://forums.mydigitallife.info/threads/7580-How-To-Create-PRO-OEM-SLP-CD
I have a valid COA on the bottom, but this was a refurbished computer
and did not come with any install or repair CDs.
Click to expand...

You don't use the COA sticker on the bottom, that just proves that your
machine was licensed to use WinXP. To create the installation media,
you just use the generic VLK key that every other installation uses.
The important part is that you have the correct BIOS that MS is looking
for, and have modified the files accordingly.

Jon
 
Back
Top