|
Next: Autohide the Taskbar
|
| Author |
Message |
External
Since: Jul 15, 2009
Posts: 8
|
(Msg. 1) Posted: Wed Jul 15, 2009 9:40 pm
Post subject: Recovering Corrupted Registry - Completely lost :(
Archived from groups: microsoft>public>windows>vista>general (more info?)
|
|
|
After a stupid comedy of errors, I'm in a very ugly situation.
While browsing with Firefox I randomly get a virus notification, and a
program pops up masquerading as my windows. I ignore it, and kill the
process, named b.exe.
AVG reports infection after infection, and after cleaning them all it
mentions that I'm required to restart to finish the process. I go to
restart, but it's taking forever, and in my impatience I hit the power
button.
Now windows won't boot - even in safe mode - and it keeps crashing on
some ***disk.sys file when trying to boot in safe mode. In normal mode,
it blue screens with an error about failing to load a registry cluster.
I used a vista cd to do a recovery, and the automatic recovery failed.
I then accessed the recovery command prompt and followed the directions
in this article:
'How to recover from a corrupted registry that prevents Windows XP from
starting' (http://support.microsoft.com/kb/307545)
However, I couldn't delete the files, because apparently some process
was using them. CTRL+ALT+DEL doesn't bring up the process menu in
recovery mode, and i tried the commands ps, process,pskill and others to
no avail.
So now, in my desperation - I'm just running a chkdsk in recovery mode
and it's taking forever. I'm all out of ideas. Does anyone know anything
I can do? I have access to the registry, but I couldn't find the keys
associated with the virus.
--
davidsakh |
|
| Back to top |
|
 | |
External
Since: Jul 15, 2009
Posts: 4
|
(Msg. 2) Posted: Thu Jul 16, 2009 12:09 am
Post subject: Re: Recovering Corrupted Registry - Completely lost :( [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Considering how deeply you're infected, I'd save all docs/data and reformat
disk/reinstall Windows provided you have the recovery or original disks,
then run a massive (e.g. overnight) update process for Windows & all
applications, then restore data.
I am sure you will get more responses here, but I see your infection is on a
level which may deserve giving up and cleaning up entire harddisk and
reinstalling all....
I only trust Symantec NortonAV + PCtools SpywareDoctor, don't know anything
about AVG; also I only activate these during occasional scans but normally
their real-time protection is turned off as I habitually disable all
software and am a minimalist, because the kind of applications we run here
(Engineering CAD) require all possible resources upward to 16GB memory!
Unless you're too lazy to go thru this ordeal.... in which case wait for
more responses.
If I were you I'd frantically start saving DOCUMENTS (user's data) - in my
case it's 40GB.
I am not joking - 40 Gigabyte of letters, designs, diagrams,
emails/voicemails, images, etc.; engineering apps create giant data
files....
And I'd be suicidal if I lose it, so it's backed up to 3 storages - all at
remote locations from my garage to home to California 2000 miles away.
Make sure you don't lose data, the rest can go to hell - reinstall it,
you're really really infected beyind fixing. |
|
| Back to top |
|
| |
External
Since: Jul 15, 2009
Posts: 8
|
(Msg. 3) Posted: Thu Jul 16, 2009 2:28 am
Post subject: Re: Recovering Corrupted Registry - Completely lost :( [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Hi Stan,
Thanks for your detailed reply. I hope it doesn't have to come to
that...I have an idea.
Having backed up my files in my mac partition...I'm going to run chkdsk
/r overnight, and in the morning I'm going to delete the registry files
IN OSX, that was i don't have to worry about killing processes. I will
then attempt a safe mode boot. Does all that sound reasonable?
If anyone else has any other suggestions, I'd be very grateful for your
wisdom.
--
davidsakh |
|
| Back to top |
|
| |
External
Since: Feb 29, 2008
Posts: 91
|
(Msg. 4) Posted: Thu Jul 16, 2009 4:42 am
Post subject: Re: Recovering Corrupted Registry - Completely lost :( [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
davidsakh wrote:
>
> Hi Stan,
>
> Thanks for your detailed reply. I hope it doesn't have to come to
> that...I have an idea.
>
> Having backed up my files in my mac partition...I'm going to run chkdsk
> /r overnight, and in the morning I'm going to delete the registry files
> IN OSX, that was i don't have to worry about killing processes. I will
> then attempt a safe mode boot. Does all that sound reasonable?
>
> If anyone else has any other suggestions, I'd be very grateful for your
> wisdom.
I'm very sorry, but your computer is still severely infected (AVG alone will
not remove everything you have) and the infection and your subsequent
actions (hitting the power button, running Chkdsk - the latter being
useless on an infected machine) has irreparably damaged your Windows
installation.
Since you have already backed up your data, use Boot Camp Assistant (I'm
assuming you are using Boot Camp since you reference "mac partition [sic]")
to remove the Windows partition and then to reinstall Windows again. There
is no other way.
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ |
|
| Back to top |
|
| |
External
Since: Jul 15, 2009
Posts: 8
|
(Msg. 5) Posted: Thu Jul 16, 2009 11:51 am
Post subject: Re: Recovering Corrupted Registry - Completely lost :( [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Hi Elephant Boy,
Thanks. The reason I'm running checkdisk is because I assumed it would
solve any problems caused by hitting the power button, not the virus
itself. I'm not too familiar with it. I apologize for my ignorance.
But I have a final question:
In Windows from the recovery command prompt, is there any way for me to
locate my activation key, because although I have a Vista Ultimate CD to
install from - its key is in use - and I have no idea where my Business
Disk or key is located.
--
davidsakh |
|
| Back to top |
|
| |
External
Since: Feb 29, 2008
Posts: 91
|
(Msg. 6) Posted: Thu Jul 16, 2009 11:51 am
Post subject: Re: Recovering Corrupted Registry - Completely lost :( [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
davidsakh wrote:
>
> Hi Elephant Boy,
>
> Thanks. The reason I'm running checkdisk is because I assumed it would
> solve any problems caused by hitting the power button, not the virus
> itself. I'm not too familiar with it. I apologize for my ignorance.
>
> But I have a final question:
>
> In Windows from the recovery command prompt, is there any way for me to
> locate my activation key, because although I have a Vista Ultimate CD to
> install from - its key is in use - and I have no idea where my Business
> Disk or key is located.
>
>
No, you can't get the key from the Recovery Console. You will need to find
your key and your installation DVD. As for the key being in use, if there
is an activation problem all you need to do is use the phone option, wait
for a human, and tell the human you have reinstalled Windows and this copy
is only installed on the one machine.
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ |
|
| Back to top |
|
| |
External
Since: Jul 15, 2009
Posts: 8
|
(Msg. 7) Posted: Thu Jul 16, 2009 11:53 am
Post subject: Re: Recovering Corrupted Registry - Completely lost :( [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
I do have access to the registry - if it's there.
--
davidsakh |
|
| Back to top |
|
| |
External
Since: Jul 15, 2009
Posts: 8
|
(Msg. 8) Posted: Thu Jul 16, 2009 1:25 pm
Post subject: Re: Recovering Corrupted Registry - Completely lost :( [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Hi guys, final update:
I have exported the registry as .reg and the recovery utility I'm using
(Magical Jelly Bean Key Finder) can find my encrypted vista product key,
but only using hive files, not .reg. I tried to export the registry on
the corrupted system as a hive but it failed with some disk write error,
even to my externals.
Are there any .reg->hive converters? I've been searching to no avail. I
don't want to have to buy a new product key from Microsoft.
--
davidsakh |
|
| Back to top |
|
| |
External
Since: Jul 15, 2009
Posts: 8
|
(Msg. 9) Posted: Thu Jul 16, 2009 2:04 pm
Post subject: Re: Recovering Corrupted Registry - Completely lost :( [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Ah - by in use - I mean in active use by someone else. I can't just take
it from them. 
I exported the relevant part of the registry. I'm going to see what I
can do with it. The encrypted key is somewhere in there....at least
that's what I was told. Thanks for your advice.
--
davidsakh |
|
| Back to top |
|
| |
External
Since: Jul 15, 2009
Posts: 8
|
(Msg. 10) Posted: Thu Jul 16, 2009 2:45 pm
Post subject: Re: Recovering Corrupted Registry - Completely lost :( [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Hi Dave,
>
> If you can slave the hard disk into another machine you can run Jelly
> Bean
> and from 'Tools > Load Hive' menu navigate to the Windows folder
> containing
> the wanted key.
Do you happen to know what folder this might be - for the vista cd key?
I can copy it onto my external or from OSX and examine it there on my
other windows box with Magical Jelly Bean.
--
davidsakh |
|
| Back to top |
|
| |
External
Since: Jul 04, 2009
Posts: 7
|
(Msg. 11) Posted: Thu Jul 16, 2009 3:17 pm
Post subject: Re: Recovering Corrupted Registry - Completely lost :( [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
davidsakh <guest.RemoveThis@unknown-email.com> wrote:
>
>Hi Dave,
>>
>> If you can slave the hard disk into another machine you can run Jelly
>> Bean
>> and from 'Tools > Load Hive' menu navigate to the Windows folder
>> containing
>> the wanted key.
>
>Do you happen to know what folder this might be - for the vista cd key?
>I can copy it onto my external or from OSX and examine it there on my
>other windows box with Magical Jelly Bean.
No. You can't. You have run Magic on a running system. |
|
| Back to top |
|
| |
External
Since: Jul 15, 2009
Posts: 8
|
(Msg. 12) Posted: Thu Jul 16, 2009 3:50 pm
Post subject: Re: Recovering Corrupted Registry - Completely lost :( [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
It seems that Jelly Bean can simply import the old Windows directory and
sort things out itself. If this doesn't work I'll simply have to buy a
new product key. I thank you all for your assistance! Hopefully I can
recover my product key. 
--
davidsakh |
|
| Back to top |
|
| |
External
Since: Jul 16, 2009
Posts: 6
|
(Msg. 13) Posted: Thu Jul 16, 2009 4:25 pm
Post subject: Re: Recovering Corrupted Registry - Completely lost :( [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
"davidsakh" <guest.DeleteThis@unknown-email.com> wrote in message news:6425c20f2498ea4eb0341df9b1d3caa6@nntp-gateway.com...
>
> Hi guys, final update:
>
> I have exported the registry as .reg and the recovery utility I'm using
> (Magical Jelly Bean Key Finder) can find my encrypted vista product key,
> but only using hive files, not .reg. I tried to export the registry on
> the corrupted system as a hive but it failed with some disk write error,
> even to my externals.
>
> Are there any .reg->hive converters? I've been searching to no avail. I
> don't want to have to buy a new product key from Microsoft.
>
>
> --
> davidsakh
If you can slave the hard disk into another machine you can run Jelly Bean
and from 'Tools > Load Hive' menu navigate to the Windows folder containing
the wanted key. |
|
| Back to top |
|
| |
External
Since: Jul 16, 2009
Posts: 6
|
(Msg. 14) Posted: Thu Jul 16, 2009 5:25 pm
Post subject: Re: Recovering Corrupted Registry - Completely lost :( [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
"davidsakh" <guest.TakeThisOut@unknown-email.com> wrote in message news:fc00f4142cac79c80e0be7884656a690@nntp-gateway.com...
>
> Hi Dave,
>>
>> If you can slave the hard disk into another machine you can run Jelly
>> Bean
>> and from 'Tools > Load Hive' menu navigate to the Windows folder
>> containing
>> the wanted key.
>
> Do you happen to know what folder this might be - for the vista cd key?
> I can copy it onto my external or from OSX and examine it there on my
> other windows box with Magical Jelly Bean.
>
>
> --
> davidsakh
Most of the registry is in the Config folder:
C:\Windows\System32\config
But you don't need to know that to run Jelly Bean - just point it to the Windows folder.
It will find and display the key. |
|
| Back to top |
|
| |
| Related Topics: | How to change colour of "select" - I'm using Vista with the Theme Aero. Now I'm looking to change the color for selected files to the same color of "Windows Standard": Searching anround in the Internet, there a lot of other people with the same problem? Is there a trick or a ...
Live Messenger & built in webcam - When I use Windows Live Messenger & want to do a video call, it will say webcam blocked being used by another application. If I reboot I can get the webcam to work. What other program is using the webcam? Can I disable it so the webcam works all...
Animated Desktops - I downloaded some animated desktops from freeze.com and I can find them on my computer, but I can't seem to find the way to make it active. Can anyone help?
update changed screen view - I have a dell computer with windows vista. During an automatic update the view of my screens changed. The fonts are smaller and the windows display does not fill up my screen as it had before. There is either the wavey blue screen (backgorund) or..
News Feed Gadget - I've put the news feed gadget on my desktop, but the feeds are not continuously updating (today it's displaying yesterday's headlines). How do I have the news feeds update automatically? -- Wendy R. from Blue Bell, PA |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
Hot
Bloated Email? DetachPipe for Outlook
Mac
Linux
Games
PDA
Mobile
FAQ
Search
Profile
Private Messages
Log in
Windows Forums
RSS