Jump to content

atapi.sys rootkit - can't start computer


Recommended Posts

Ok, I did some testing and I have some additional information for you. The ..\ command does work without cd, but its purpose is the same, it changes the location to the parent directory, however, the command as you wrote it won't copy the file or folder anywhere. Do you have the rest of the command that they gave you for that line or is that all of it?

I apologize for the confusion on my part.

Link to post
Share on other sites

  • Replies 85
  • Created
  • Last Reply

Top Posters In This Topic

Ok, I did some testing and I have some additional information for you. The ..\ command does work without cd, but its purpose is the same, it changes the location to the parent directory, however, the command as you wrote it won't copy the file or folder anywhere. Do you have the rest of the command that they gave you for that line or is that all of it?

I apologize for the confusion on my part.

No probs - appreciate your help. I've messaged you with the full helpdesk instructions so you can see what I've been asked to do. I get the feeling that we're nearly there and as you suggest there are files to copy from the recovery CD

Link to post
Share on other sites

My understanding is that the set of instructions I've been given by the MB Helpdesk are intended to copy a system.bak file from the repair folder on my corrupted laptop into the system 32\config folder, having renamed the earlier (and corrupt) version to system.bak

This is an extract from the instructions I was given

12) Once you have correctly entered the administrator password, you will be shown something that looks like the following line:

C:\WINDOWS>_

13) You can now type out the following commands, one at a time, making sure to press enter after each one. Each command is on a separate line. Please make sure that you type them exactly as they are shown here, and pay special attention to the placement of the period after a blank space on the third line:

cd system32\config

ren system system.mbam

copy ..\..\repair\system .

exit

14) After typing 'exit' and pressing 'Enter', your computer should restart. Make sure to remove the CD.

The bit I'm having a problem with is the copy ..\ statement above.

I've established that a folder windows\repair does indeed exist on the laptop and within it is a file system.bak so, assuming my understanding of what we're trying to achieve here is correct, its just a case of getting the correct statement to copy the file from c:\windows\repair to c:\windows\system32\config

Anyone help ?

Link to post
Share on other sites

  • Staff
My understanding is that the set of instructions I've been given by the MB Helpdesk are intended to copy a system.bak file from the repair folder on my corrupted laptop into the system 32\config folder, having renamed the earlier (and corrupt) version to system.bak

This is an extract from the instructions I was given

12) Once you have correctly entered the administrator password, you will be shown something that looks like the following line:

C:\WINDOWS>_

13) You can now type out the following commands, one at a time, making sure to press enter after each one. Each command is on a separate line. Please make sure that you type them exactly as they are shown here, and pay special attention to the placement of the period after a blank space on the third line:

cd system32\config

ren system system.mbam

copy ..\..\repair\system .

exit

14) After typing 'exit' and pressing 'Enter', your computer should restart. Make sure to remove the CD.

The bit I'm having a problem with is the copy ..\ statement above.

I've established that a folder windows\repair does indeed exist on the laptop and within it is a file system.bak so, assuming my understanding of what we're trying to achieve here is correct, its just a case of getting the correct statement to copy the file from c:\windows\repair to c:\windows\system32\config

Anyone help ?

We made some changes to the tutorial last nite\early morning, please double-check it to check for any clarification. I've also pointed the author of the fix to this thread for additional input.
Link to post
Share on other sites

Guys

Just to say thanks to all at MB and on the forum who provided help. In the end I had to do a complete reinstall as, after copying the system.bak file and renaming to system all seemed OK until prompted for an admin password (which I don't recall setting in the first place)

Anyway, I've reinstalled now.

I know false positives can happen but full marks to MB for their efforts in correcting and helping out users such as myself.

Will certainly carry on using the product.

Rgds

Link to post
Share on other sites

I used a different method with the Ultimate Boot CD for Windows than dellengwyn. I selected a restore point and that brought everything back to normal.

Boot the UBCD4WIN CD, at the menu, select Launch "The Ultimate Boot CD for Windows"

once Windows is up, Start > Programs > Registry Tools > Registry Restore Wizard

Specify your Windows ( this should be already selected ) C:\WINDOWS click Next

What do you want to do? Select "Fix the system registry to that of a previous state" click Next

All of your restore points should be listed, I chose the latest on ( Restore Point 223 (11/10/2009 )) click Next

Are you sure? click Yes ( default answer is No )

A list of files that have been renamed is shown.

Click Finish

Start - Turn off computer - select Shutdown

Remove CD. reboot and select "Start Windows normally"

Regards,

Dave

I tried this way but my PC only shows 1 restore point date of 03/2402007. So I picked the date and ran the restore. Well the PC booted up but I could only login as an admin in safe mode. So I rebooted again with the ubcd4win and undid the registry restore. Now the PC has the same problem as before booting up with the blue screen and 0x0000007b. Please help and let me know if anything else I need to try. Thanks

Link to post
Share on other sites

Just to say thanks to all at MB and on the forum who provided help. In the end I had to do a complete reinstall as, after copying the system.bak file and renaming to system all seemed OK until prompted for an admin password (which I don't recall setting in the first place)

Could have been an old backup that had some different settings in it. Not sure where the actual repair\system file went though, and it should have been there as well. Very odd indeed. ;)

Link to post
Share on other sites

Hi there,

I am trying to fix my PC follow your instruction. Regarding the registry on the PC the ControlSet00# this number is different from my PC (mine is 2,3,4 not 1,3 as in your instruction). I wonder if the number at the end of ControlSet000# mean anything. Thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.