If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Best way to create clean Windows XP boot cd for running rootkit de
A bootable cd isn't going to get you anywhere unless it is a retail full
version Win XP install CD. Why not use "Recovery CD" from Computer manufacturer? You boot from this cd and use a recovery partition on yuor hard drive to restore computer to original factory settings. Some computers you create your own recovery set. Sometimes they can still be created even if computer won't Boot. OR they can be ordered from MFG. If it costs a significant amount you may just want to buy retail copy of XP instead. What make and model do you have? What is your reason for "Clean Install"? -- Dennis S. I''m from Illinois. I hope I helped you. Good Luck. " wrote: What is the best way for mere mortals to create a CLEAN Windows XP boot CD? From a related thread on available rootkit detection utilities, it was suggested we attempt the Microsoft Strider GhostBuster Rootkit Detection method recommended by the Microsoft Windows Defender Strider GhostBuster Project ( http://research.microsoft.com/rootkit ). Following those Microsoft instructions, we performed the following on Windows XP: NOTE WE ARE STUCK AT STEP 4! 1. Go to the Windows XP command line: Start - Run - cmd 2. Go to your rootkit detection program folder: C:\ cd c:\proggies\RKD\ 3. Create an ordered list with bare headings of all hidden & not-hidden files: RKD:\ dir /s/ah/l/on/b c:\ all_hidden_files_before.txt RKD:\ dir /s/a-h/l/on/b c:\ not_hidden_files_before.txt 4. Boot to a Windows XP CDROM. - My question is: Q: HOW TO BOOT TO A WINDOWS XP CDROM WHEN YOU DON'T HAVE ONE! 5. Re-run step 3's lower-case ordered list from the Windows XP cdrom boot: RKD:\ dir /s/ah/l/on/b c:\ all_hidden_files_after.txt RKD:\ dir /s/a-h/l/on/b c:\ not_hidden_files_after.txt 6. Run WinDiff from the clean WinXP boot to compare before/after files: http://www.grigsoft.com/download-windiff.htm We are stuck at step 4 for lack of the simplest way to obtain a Windows XP boot cdrom. Our system came configured so we don't have that clean Windows XP boot CDROM. Googling we get MANY confusing ways to create a Windows XP bootable CDROM, some of which seem to be promising, e.g., a. Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD http://www.nu2.nu/pebuilder b. Bart's way to create bootable CD-Roms (for Windows/Dos) http://www.nu2.nu/bootcd c. Creating bootable Windows 2000/XP/2003 Disc (Nero 6) http://www.tacktech.com/display.cfm?ttid=297 d. The Ultimate Boot CD for Windows XP http://www.ultimatebootcd.com e. UBCD for Windows® Project http://www.ubcd4win.com f. Windows XP Fresh Install Bootdisk And Bootable CD http://www.bootdisk.com Since there are so many method, and since the whole point is to boot to a KNOWN GOOD Windows XP, it behooves newbies like us to ask for a recommended path so that we don't stray too far along the wrong (perhaps dangerous) method Which leaves me with the question at hand: Q: Where is the safest & easiest mehod to obtain & burn a WinXP bootable CDROM. |
Ads |
#2
|
|||
|
|||
Best way to create clean Windows XP boot cd for running rootkit de
Dixonian69 wrote:
What is your reason for "Clean Install"? Root kits. We all need a bootable Windows XP CDROM so that we can check for root kits installed without our knowledge on our systems. My kids, for example, use the computer but I have no idea what they've used it for. All I want do to is check for the presence of a root kit, if any exist. Once I found out that "most users stumble across cloaked files with an RKR scan", I immediately ran SysInternals' RootKitRevealer.exe from http://www.sysinternals.com/utilitie...trevealer.html which duly reported the presence of many cloaked registry entries of the format: - "Key name contains embedded nulls (*)", - "Hidden from Windows API", - "Visible in directory index, but not WIndows API or MFT" The problem is that these keys use cryptic 8-4-4-4-12 CLSID class id registry entries which mean nothing to me, a mere mortal. For example, what am I supposed to do with the information that this cloaked registry key exists: HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 3/21/2005 2:41 PM 0 bytes Key name contains embedded nulls (*) A. Should I just delete that cryptically named cloaked key? B. How can I look up what that 8-4-4-412 hex digit class ID refers to? The SysInternals root-kit revealer also reported cloaked entries of the form: HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\s0 12/3/2005 4:28 AM 4 bytes Hidden from Windows API. Again, what are we supposed to do with this information? A. Should we delete this cloaked registry key (or is this a cloaked file)? B. How do we find out more about what this "Cfg s0" really is? My point is that the SysInternals RootKit detection utility download worked except it reported information that wasn't meant for mere mortals. Mere mortals, like I am, don't know what to do with this cryptic data. So, I tried the second-best method of revealing root kits on my system. This method was suggested by the Microsoft Windows Defender web page http://research.microsoft.com/rootkit This Microsoft Project Strider GhostBuster Rootkit Detection web pages suggests we locate rootkits by the three step method: A. Run a command listing all hidden and non-hidden files on your system B. Boot to a Windows XP CDROM & re-run those commands C. Compare the results with WinDiff (http://www.grigsoft.com/download-windiff.htm) In summary, we don't need the clean Windows XP bootable CDROM for system recovery; we need it in order to detect rootkits on our system which have cloaked files or registry keys. My main question at the moment still remains - how to find why I have so many cloaked keys and files reported by SysInternals so cryptically (that I just don't understand well enough to know what to do to resolve them). Pamela |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
reinstall without losing files | Danny | Windows XP Help and Support | 6 | May 11th 05 02:58 AM |
Computer at boot up says "disk boot error, please insert system di | Craig A. | General XP issues or comments | 11 | March 13th 05 04:36 AM |
Dual booting | Peter Will | General XP issues or comments | 11 | January 7th 05 01:53 PM |
Hardware Raid 0 and dynamic disks | sabastion | Windows XP Help and Support | 1 | October 24th 04 09:33 AM |
how tot print my favorites on one page? | Bern Holvoet | General XP issues or comments | 5 | September 22nd 04 10:01 PM |