OK I still have a few tools left ;D

We will use an mobile operating system called xPUD, and a script called rst.sh to restore your computer.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

[*]Insert your USB drive[*]Press Start > My Computer > right click your USB drive > choose Format > Quick format
[*]Double click the unetbootin-xpud-windows-387.exe that you just downloaded
[*]Press Run then OK
[*]It will install a little bootable OS on your USB
[*]After it has completed do not choose to reboot the clean computer simply close the installer
[]Download the following tool and save it inside the bootableUSB []rst.sh
[*]Remove the USB and insert it in the sick computer
[*]Boot the Sick computer
[*]Press F12 and choose to boot from the USB
[*]Follow the prompts
[*]A Welcome to xPUD screen will appear
[*]Press File[*]Expand mnt
[]sda1,2…usually corresponds to your HDD
[]sdb1 is likely your USB
[] Press Tool at the top
[] Choose Open Terminal
[*]In the open terminal window, type in the following:

bash rst.sh

[*]Press “Enter” and let it run uninterrupted.

(The program lists available Restore Points and will save a report enum.log located in the USB drive.)

[*]The program is finished when it say’s “Done”.
[*]Type “Exit” to close the terminal window.
[*]Please attached the enum.log file in your reply. (You may remove your USB drive when transferring log to a clean computer).

Thanks Essex. But I’m still getting the ould not find kernel image: linux message on the bootup screen on the sick computer. I am also unclear why you have asked me to download the Xpud 0.9.2 and there are no instructions that you posted about using that tool. Here’s what I did. I downloaded all the tools and saved them to the desktop. I double click on the unetbootin xpud windows and the screen comes up to select an iso file and such. As you did not indicate the need to use an iso file, i simply click ok and the installer adds a file called vessmenu.c32 to my clean and formatted flashdrive then I exited the program. I then downloaded and saved the rst.sh file to my flash. I insert the flash into the sick computer and boot from it where I get the SYSLINUX 3.72 2008-09-25 EBIOS Copyright (C) 1994-2008 H. Peter Anvin Could not find kernel image: linux boot:

The USB should be formatted to FAT32 right? And it formats at something like 4096 bytes by default so I haven’t changed that value.

Hmm the idea was that it automatically selects the xpud iso

Re-running now

Select ISO image and navigate to the xpud iso, evidently it no longer looks for it in the latest version

ok on a different windows 7 computer at work so gotta download imgburn too. My bad. Get back to you in just a sec.

You should not need imgburn as this one is self contained

ok I’m not seeing an iso file to burn. It should be in the xpud-0.9.2 folder that I extracted to my desktop I guess? There are five files in the xpud-0.9.2 folder. There are two folders, the first titled boot and the second titled Opt. There is then a Boot .CAT file, an ISOLINUX.BIN bin file, and a ISOLINUX.CFG cfg file all

I’m not seeing an ISO burn file

redownloading the 0.9.2 iso file. Get back to you in 10 minutes when the download is complete.

got it! Post the log in just a sec as long as I dont hit anymore snags.

38.3M Feb 27 06:27 /mnt/sda1/WINDOWS/system32/config/software
9.3M Feb 27 06:27 /mnt/sda1/WINDOWS/system32/config/system

38.0M Feb 1 17:15 /sda1/~/RP1/~SOFTWARE
38.0M Feb 8 18:56 /sda1/~/RP10/~SOFTWARE
38.0M Feb 9 19:13 /sda1/~/RP11/~SOFTWARE
38.0M Feb 10 19:29 /sda1/~/RP12/~SOFTWARE
38.0M Feb 11 20:22 /sda1/~/RP13/~SOFTWARE
38.0M Feb 12 01:14 /sda1/~/RP14/~SOFTWARE
38.0M Feb 12 01:57 /sda1/~/RP15/~SOFTWARE
38.1M Feb 12 08:01 /sda1/~/RP16/~SOFTWARE
38.2M Feb 13 20:15 /sda1/~/RP17/~SOFTWARE
38.2M Feb 16 14:35 /sda1/~/RP18/~SOFTWARE
38.2M Feb 17 22:22 /sda1/~/RP19/~SOFTWARE
38.0M Feb 1 17:26 /sda1/~/RP2/~SOFTWARE
38.2M Feb 22 22:43 /sda1/~/RP20/~SOFTWARE
38.0M Feb 2 02:32 /sda1/~/RP3/~SOFTWARE
38.0M Feb 3 14:38 /sda1/~/RP4/~SOFTWARE
38.0M Feb 5 09:18 /sda1/~/RP5/~SOFTWARE
38.0M Feb 6 05:23 /sda1/~/RP6/~SOFTWARE
38.0M Feb 6 05:23 /sda1/~/RP7/~SOFTWARE
38.0M Feb 6 08:04 /sda1/~/RP8/~SOFTWARE
38.0M Feb 7 17:59 /sda1/~/RP9/~SOFTWARE
6.1M Feb 1 17:15 /sda1/~/RP1/~SYSTEM
6.1M Feb 8 18:56 /sda1/~/RP10/~SYSTEM
6.1M Feb 9 19:13 /sda1/~/RP11/~SYSTEM
6.1M Feb 10 19:29 /sda1/~/RP12/~SYSTEM
6.1M Feb 11 20:22 /sda1/~/RP13/~SYSTEM
6.1M Feb 12 01:14 /sda1/~/RP14/~SYSTEM
6.1M Feb 12 01:57 /sda1/~/RP15/~SYSTEM
6.1M Feb 12 08:01 /sda1/~/RP16/~SYSTEM
6.1M Feb 13 20:15 /sda1/~/RP17/~SYSTEM
6.1M Feb 16 14:35 /sda1/~/RP18/~SYSTEM
6.1M Feb 17 22:22 /sda1/~/RP19/~SYSTEM
6.1M Feb 1 17:26 /sda1/~/RP2/~SYSTEM
6.1M Feb 22 22:43 /sda1/~/RP20/~SYSTEM
6.1M Feb 2 02:32 /sda1/~/RP3/~SYSTEM
6.1M Feb 3 14:38 /sda1/~/RP4/~SYSTEM
6.1M Feb 5 09:18 /sda1/~/RP5/~SYSTEM
6.1M Feb 6 05:23 /sda1/~/RP6/~SYSTEM
6.1M Feb 6 05:23 /sda1/~/RP7/~SYSTEM
6.1M Feb 6 08:04 /sda1/~/RP8/~SYSTEM
6.1M Feb 7 17:59 /sda1/~/RP9/~SYSTEM

Reboot in xPUD, navigate to your usb drive, make sure you see rst.sh and click Tool > Open terminal.
Type bash rst.sh -r and press enter.
Type 12 and press enter.

Restart your computer and see if it boots now.

If that fails we will use an older one

I can tell it restored some files (for example, now I have to log into the computer. I disabled the password requirement a few weeks ago) but explorwe.exe still doesnt run

Are you able to use the system at all ? If not I will use an earlier restore point

Probably RP1

looks like i am gonna have to reformat the hard drive. Now there are no restore points. RP1 was not found and I ran the scan from xpud again… no restore points listed in the enum file anymore… no, the pc is no better today than it was before the restore

I am sorry about that - What was the infection originally ?

If we could use a disc we could try the fixmbr command

But you could use Xpud to copy any files to a USB before you reformat