Using G-Parted to Repair Windows Partition Infections
By Timothy Tibbetts |
Procedure to download G-Parted ISO and create bootable Windows CD
Step 1: Important instructions for Win XP users ONLY!!!!!! Other users skip to step 2.
If you do not have your Windows XP boot CD, you MUST make the below CD to use later as a boot disk to enter the Recover Console. You need to have this disk before repairing your partitons with G-Parted.
Using ARCDC to get the Recovery Console Command Prompt
Step 2: Now for ALL Windows Users continue here with G-Parted Instructions.
[*] Please download: gparted-live (approx 120 MB)
[*] Create a bootable CD for GParted.
[*] You can use ImgBurn to accomplish this.
[*] If you need help on how to use ImgBurn, please view the guide by Dr. M titled Using ImageBurn to Burn an ISO image
Now boot off of the newly created GParted CD.
You should be here...
Press ENTER
By default, do not touch keymap is highlighted. Leave this setting alone and just press ENTER.
Choose your language and press ENTER. English is default
Once again, at this prompt, press ENTER
You will now be taken to the main GUI screen below:
According to your logs, the partition that you want to delete is [substitute active Win partition size here] MiB
Click the trash can icon to delete and then click Apply.
You should now be here confirming your actions:
Now you should be here:
Is boot next to your OS drive? According to your logs, your OS drive is the [substitute active Win partition size here] GiB sized partition.
If boot is not next to your OS drive under Flags , right-mouse click the OS drive while in Gparted and select Manage Flags
In the menu that pops up, place a checkmark in boot like the picture below:
Now press the Close button to save these changes.
Now double-click the
button.
You should receive a small pop up like this:
Choose reboot and then press OK.
Now choose the correct steps from below based on whether you are running Windows XP, Windows Vista or Windows 7
Windows XP Instructions
If you have your Windows XP boot CD, use it to boot to the Recovery Console and continue with the below commands at the command prompt.
If you made the ARCDC boot CD earlier then use it per the instructions to boot to the Recovery Console command prompt and execute the following commands pressing ENTER after each:
[*] fixmbr
[*] fixboot
[*] exit
Windows Vista and Windows 7 Instructions
Now boot to the System Recovery Options from the Advanced Boot Options:
[*] Restart the computer.
[*] As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
[*] Use the arrow keys to select the Repair your computer menu item.
[*] Choose your language settings, and then click Next .
[*] Select the operating system you want to repair, and then click Next .
[*] Select your user account an click Next .
Now on the System Recovery Options menu you will get the following options:
- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt
[*] Select Command Prompt
[*] In the command prompt window, enter the below commands
[*] bootrec /fixmbr
[*] bootrec /fixboot
[*] exit
For all Windows versions once back in Normal Windows
Now run a new scan with MBRCheck
Now run the C:\MGtools\GetLogs.bat file by double clicking on it ( Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).
Then attach the below logs if you need help from the malware team (See: How to attach ):
[*] the new log from MBRcheck
[*] C:\MGlogs.zip
Information in the above is a modification/update from original source material created by thisisu
comments powered by Disqus
Step 1: Important instructions for Win XP users ONLY!!!!!! Other users skip to step 2.
If you do not have your Windows XP boot CD, you MUST make the below CD to use later as a boot disk to enter the Recover Console. You need to have this disk before repairing your partitons with G-Parted.
Using ARCDC to get the Recovery Console Command Prompt
Step 2: Now for ALL Windows Users continue here with G-Parted Instructions.
[*] Please download: gparted-live (approx 120 MB)
[*] Create a bootable CD for GParted.
[*] You can use ImgBurn to accomplish this.
[*] If you need help on how to use ImgBurn, please view the guide by Dr. M titled Using ImageBurn to Burn an ISO image
Now boot off of the newly created GParted CD.
You should be here...
Press ENTER
By default, do not touch keymap is highlighted. Leave this setting alone and just press ENTER.
Choose your language and press ENTER. English is default
Once again, at this prompt, press ENTER
You will now be taken to the main GUI screen below:
According to your logs, the partition that you want to delete is [substitute active Win partition size here] MiB
Click the trash can icon to delete and then click Apply.
You should now be here confirming your actions:
Now you should be here:
Is boot next to your OS drive? According to your logs, your OS drive is the [substitute active Win partition size here] GiB sized partition.
If boot is not next to your OS drive under Flags , right-mouse click the OS drive while in Gparted and select Manage Flags
In the menu that pops up, place a checkmark in boot like the picture below:
Now press the Close button to save these changes.
Now double-click the
button.You should receive a small pop up like this:
Choose reboot and then press OK.
Now choose the correct steps from below based on whether you are running Windows XP, Windows Vista or Windows 7
Windows XP Instructions
If you have your Windows XP boot CD, use it to boot to the Recovery Console and continue with the below commands at the command prompt.
If you made the ARCDC boot CD earlier then use it per the instructions to boot to the Recovery Console command prompt and execute the following commands pressing ENTER after each:
[*] fixmbr
[*] fixboot
[*] exit
Windows Vista and Windows 7 Instructions
Now boot to the System Recovery Options from the Advanced Boot Options:
[*] Restart the computer.
[*] As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
[*] Use the arrow keys to select the Repair your computer menu item.
[*] Choose your language settings, and then click Next .
[*] Select the operating system you want to repair, and then click Next .
[*] Select your user account an click Next .
Now on the System Recovery Options menu you will get the following options:
- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt
[*] Select Command Prompt
[*] In the command prompt window, enter the below commands
[*] bootrec /fixmbr
[*] bootrec /fixboot
[*] exit
For all Windows versions once back in Normal Windows
Now run a new scan with MBRCheck
Now run the C:\MGtools\GetLogs.bat file by double clicking on it ( Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).
Then attach the below logs if you need help from the malware team (See: How to attach ):
[*] the new log from MBRcheck
[*] C:\MGlogs.zip
Information in the above is a modification/update from original source material created by thisisu
comments powered by Disqus
