Jump to content

Virucyde

Members
  • Content Count

    2
  • Joined

  • Last visited

About Virucyde

  • Rank
    Wanderer

Profile Information

  • OS
    Windows 7 x64
  1. I actually already do that, I typically boot into MiniXP or some other PE environment and begin by using D7 on the offline OS to clean out bad startup entries, BHOs, services, and anything else I can manually detect. From there I run RKill, TDSS Killer, ComboFix, Tweaking.com's All-In-One Windows Repair, Malwarebytes', and SUPER Antispyware. TDSS Killer generally knocks out any rootkits, and is able to run since the offline cleanup typically fixes broken EXE attributes and removes the majority of the malware, the other tools are mostly to finish the job and repair the damage done. The problem is that recently I've found that the viruses are directly infecting system files, including the backups, and as a result my only option is to get fresh ones from the install disc, a task I'd obviously prefer not to do manually. Offline scanners either fail to remove the viruses or they permanently damage the OS by removing the infected system files altogether.
  2. Posted this to MSFN, but after a week I've still gotten no responses, hopefully I can get a better turnout here: I've done some slipstream work with XP, Vista, and 7, and working in a computer shop I'm finding that a lot of recent viruses are permanently infecting system files, making them impossible to remove without reinstalling or doing major internal work on the OS. Obviously this is where SFC comes in, however, I've had some issues with it, and I'm wondering if you guys have any resolutions for me: 1. SFC won't work properly in XP using my slipstreamed discs. I've read that updating IE and other changes causes issues with being able to use the disc for the files, so my question is if there's any way for me to fix my discs so they work with SFC again, while still containing all the updates. 2. I couldn't manage to use the purgecache parameter in 7, has it changed or something? 3. Vista and 7's SFC is a joke. They pull data from WinSxS, the replacement for the dllcache folder, but disabling Windows File Protection is fairly straight forward, and from what I've seen viruses have had no difficulty doing so. I've tried running SFC from the install disc using the /offbootdir and /offwindir parameters, but it doesn't seem to make a difference, and typically I get the "SFC found problems but was unable to fix them" at the end, which is extremely frustrating to see, is there a method of using SFC in Vista/7 that makes it nearly as effective as XP's? 4. In Windows XP, the repair installation feature was godsend, I can't even begin to recall how many times I've fixed major XP issues using that option, unfortunately, MS decided to opt out of that feature in Vista/7, so instead I'm left with attempting an in-place upgrade, which is running the installer off the disc from inside the broken Windows (already a problem, if the system won't boot), and selecting the Upgrade option, which essentially reinstalls the OS, however, it's not nearly as effective as XP's repair install, and it requires their OS to at least boot correctly. Has anyone looked into creating essentially a repair install utility for Vista/7? My idea is that you'd mount the WIM files, select the right image, and expand all its files over the top of their OS, while simultaneously purging and recreating the WinSxS folder. The main issue I see with this is the registry related changes that would need to be made and updates newer than your disc. Will this ever be possible or is there a good workaround? Any answers to any of these questions would be greatly appreciated!
×
×
  • Create New...