Recovering Corrupted Registry - Completely lost :(

After a stupid comedy of errors, I'm in a very ugly situation.

While browsing with Firefox I randomly get a virus notification, and
program pops up masquerading as my windows. I ignore it, and kill th
process, named b.exe.

AVG reports infection after infection, and after cleaning them all i
mentions that I'm required to restart to finish the process. I go t
restart, but it's taking forever, and in my impatience I hit the powe
button.

Now windows won't boot - even in safe mode - and it keeps crashing o
some ***disk.sys file when trying to boot in safe mode. In normal mode
it blue screens with an error about failing to load a registry cluster.

I used a vista cd to do a recovery, and the automatic recovery failed.

I then accessed the recovery command prompt and followed the direction
in this article:

'How to recover from a corrupted registry that prevents Windows XP fro
starting' (http://support.microsoft.com/kb/307545)

However, I couldn't delete the files, because apparently some proces
was using them. CTRL+ALT+DEL doesn't bring up the process menu i
recovery mode, and i tried the commands ps, process,pskill and others t
no avail.

So now, in my desperation - I'm just running a chkdsk in recovery mod
and it's taking forever. I'm all out of ideas. Does anyone know anythin
I can do? I have access to the registry, but I couldn't find the key
associated with the virus

--
davidsakh

Hi Stan

Thanks for your detailed reply. I hope it doesn't have to come t
that...I have an idea

Having backed up my files in my mac partition...I'm going to run chkds
/r overnight, and in the morning I'm going to delete the registry file
IN OSX, that was i don't have to worry about killing processes. I wil
then attempt a safe mode boot. Does all that sound reasonable

If anyone else has any other suggestions, I'd be very grateful for you
wisdom

--
davidsakh

davidsakh wrote:

>
> Hi Stan,
>
> Thanks for your detailed reply. I hope it doesn't have to come to
> that...I have an idea.
>
> Having backed up my files in my mac partition...I'm going to run chkdsk
> /r overnight, and in the morning I'm going to delete the registry files
> IN OSX, that was i don't have to worry about killing processes. I will
> then attempt a safe mode boot. Does all that sound reasonable?
>
> If anyone else has any other suggestions, I'd be very grateful for your
> wisdom.

I'm very sorry, but your computer is still severely infected (AVG alone will
not remove everything you have) and the infection and your subsequent
actions (hitting the power button, running Chkdsk - the latter being
useless on an infected machine) has irreparably damaged your Windows
installation.

Since you have already backed up your data, use Boot Camp Assistant (I'm
assuming you are using Boot Camp since you reference "mac partition [sic]")
to remove the Windows partition and then to reinstall Windows again. There
is no other way.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

Hi Elephant Boy

Thanks. The reason I'm running checkdisk is because I assumed it woul
solve any problems caused by hitting the power button, not the viru
itself. I'm not too familiar with it. I apologize for my ignorance

But I have a final question

In Windows from the recovery command prompt, is there any way for me t
locate my activation key, because although I have a Vista Ultimate CD t
install from - its key is in use - and I have no idea where my Busines
Disk or key is located

--
davidsakh

I do have access to the registry - if it's there

--
davidsakh

Hi guys, final update:

I have exported the registry as .reg and the recovery utility I'm using
(Magical Jelly Bean Key Finder) can find my encrypted vista product key,
but only using hive files, not .reg. I tried to export the registry on
the corrupted system as a hive but it failed with some disk write error,
even to my externals.

Are there any .reg->hive converters? I've been searching to no avail. I
don't want to have to buy a new product key from Microsoft.


--
davidsakh

davidsakh wrote:

>
> Hi Elephant Boy,
>
> Thanks. The reason I'm running checkdisk is because I assumed it would
> solve any problems caused by hitting the power button, not the virus
> itself. I'm not too familiar with it. I apologize for my ignorance.
>
> But I have a final question:
>
> In Windows from the recovery command prompt, is there any way for me to
> locate my activation key, because although I have a Vista Ultimate CD to
> install from - its key is in use - and I have no idea where my Business
> Disk or key is located.
>
>
No, you can't get the key from the Recovery Console. You will need to find
your key and your installation DVD. As for the key being in use, if there
is an activation problem all you need to do is use the phone option, wait
for a human, and tell the human you have reinstalled Windows and this copy
is only installed on the one machine.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

"davidsakh" <> wrote in message news:...
>
> Hi guys, final update:
>
> I have exported the registry as .reg and the recovery utility I'm using
> (Magical Jelly Bean Key Finder) can find my encrypted vista product key,
> but only using hive files, not .reg. I tried to export the registry on
> the corrupted system as a hive but it failed with some disk write error,
> even to my externals.
>
> Are there any .reg->hive converters? I've been searching to no avail. I
> don't want to have to buy a new product key from Microsoft.
>
>
> --
> davidsakh

If you can slave the hard disk into another machine you can run Jelly Bean
and from 'Tools > Load Hive' menu navigate to the Windows folder containing
the wanted key.

Ah - by in use - I mean in active use by someone else. I can't just tak
it from them. :

I exported the relevant part of the registry. I'm going to see what
can do with it. The encrypted key is somewhere in there....at leas
that's what I was told. Thanks for your advice

--
davidsakh

Hi Dave,
>
> If you can slave the hard disk into another machine you can run Jelly
> Bean
> and from 'Tools > Load Hive' menu navigate to the Windows folder
> containing
> the wanted key.

Do you happen to know what folder this might be - for the vista cd key?
I can copy it onto my external or from OSX and examine it there on my
other windows box with Magical Jelly Bean.


--
davidsakh