CentOS - Nov 2007 - Dual boot box: WinXP & CentOS 5: Impossible to restoreWinXP?

On Monday, 19 November 2007, Ross S. W. Walker rwalker at medallion.com wrote:
<snip>
> You can fix it all from CentOS.
Ross: In addition to coming up with another slick way to fix this box,
which I truly appreciate, you came up with the below:
>You need to run some kind of rootkit detection and cleaner on the
>system before it reboots or else it will just reinstall itself.
Question:   What would you suggest I run? Suggestions are most welcome
and solicited!  BTW, the system has been shut down and rebooted a
bunch of times (in Linux) since the Trojan Horse hit. I have the AVG
Free anti virus program running in Windows and it told me about the
Trojan Horse and that the user32.dll file was damaged. It's possible
that because the box is Spanish in Windows, I clicked incorrectly and
made this problem much worse, but I'm not sure of that.
> I would run all Windows accounts as restricted users from now on.
I'll try to figure out how to do that in WinXP. I won the box in a
raffle and it has WinXP  in Spanish, which is not my native language.
If I need to reinstall everything (I believe I can avoid that, with
the suggestions you and others on this mailing list have made), Dell
sent me an English language WinXP CD, last week, and I'll install in
English, if it comes to that.

All of your comments and suggestions are greatly appreciated! I am
beginning to *hate* MS Windows, but there are still a few things we
use it for. Lanny

Lanny Marcus wrote:
> 
> On Monday, 19 November 2007, Ross S. W. Walker rwalker at 
> medallion.com wrote:
> <snip>
> > You can fix it all from CentOS.
> 
> Ross: In addition to coming up with another slick way to fix this box,
> which I truly appreciate, you came up with the below:
> 
> >You need to run some kind of rootkit detection and cleaner on the
> >system before it reboots or else it will just reinstall itself.
> 
> Question:   What would you suggest I run? Suggestions are most welcome
> and solicited!  BTW, the system has been shut down and rebooted a
> bunch of times (in Linux) since the Trojan Horse hit. I have the AVG
> Free anti virus program running in Windows and it told me about the
> Trojan Horse and that the user32.dll file was damaged. It's possible
> that because the box is Spanish in Windows, I clicked incorrectly and
> made this problem much worse, but I'm not sure of that.
You know, I don't know the names of the Windows rootkit detectors
myself. I do know they exist and are available from trusted vendors
such as McAfee, Symantec and Kaspersky, but others on the list can
probably recommend which they prefer.

Personnally if I were faced with a similar situation I would probably
just copy my data files off the system and nuke it from space with
a fresh format/install of Windows.
> > I would run all Windows accounts as restricted users from now on.
> 
> I'll try to figure out how to do that in WinXP. I won the box in a
> raffle and it has WinXP  in Spanish, which is not my native language.
> If I need to reinstall everything (I believe I can avoid that, with
> the suggestions you and others on this mailing list have made), Dell
> sent me an English language WinXP CD, last week, and I'll install in
> English, if it comes to that.
> 
> All of your comments and suggestions are greatly appreciated! I am
> beginning to *hate* MS Windows, but there are still a few things we
> use it for. Lanny
There isn't really anything wrong with Windows, it's just
Microsoft's
lax default security that is the problem. As Windows is 90% of the
market, trojans, viruses, worms and rootkits will be developed for it,
but you can set up Windows securely without too much hassle. Only
the "Administrator" user should be part of "Administrators"
and
"Power Users" should be treated as "Administrators".

You really need to have WinXP Pro to get the security, a secure Home
setup can be done, but you need to create the first user as
"Admin" or such because "Administrator" is reserved and
disabled in
that addition for some dumb reason, then create each additional
user as "Restricted" or "Limited".

If you have a new English version from Dell it may be a lot less
painful to just copy off your files and re-install the OS. Then 
you can take care of 2 birds with 1 stone.

-Ross

______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

On Monday, 19 November 2007,  Philip.R.Schaffner at NASA.gov wrote:
<snip>
>A good toolkit for Windows is the Ultimate Boot CD for Windows  at
>http://www.ubcd4win.com/
Phil:I found that Grisoft AVG (I use their free anti-virus program in
Windows) has a free tool:
AVG Anti-Rootkit Free
http://free.grisoft.com/doc/avg-anti-rootkit-free/lng/us/tpl/v5#details
and I downloaded that.
>It uses BartPE, discussed earlier, but adds a lot more tools, including
>rootkit and antivirus scanners.  A clean install after data recovery is
>still the best bet.
I'll look into Ultimate Boot CD for Windows, after I get  this box up
and running again. I will either get that or BartPE. Thanks!

I recovered the data from the NTFS partition this morning, so I am
ready to "learn by destroying". The consensus of opinion from Ross and
you is that I should bite the bullet and do it correctly. Wipe the HD
and do fresh installs. Time consuming it will be (especially
installing the Windows aps), but, I will have a better system and I
will learn. For several months, I've wanted to install/use the free
VMware Server, but I don't have space on the HD to do much with it
now. One of the suggestions, from Alain, was to have WinXP running
virtually, under CentOS. I am contemplating devoting about 75% of the
HD capacity to CentOS. Installing a lean WinXP in English, and dual
boot with CentOS, and then install VMware Server and install WinXP in
English, in virtualization.

The "KISS" technique (fdisk /mbr, run the anti root kit program,
reinstall GRUB and restore grub.conf) is tempting and would probably
work,  and would be much faster, but I still wouldn't have the kind of
system I will have with the more time consuming approach.

All the ideas everyone who has responded to this thread have thrown
into the basket for consideration are deeply appreciated! Lanny

On Monday, 19 November 2007, Phil Schaffner <Philip.R.Schaffner at
NASA.gov> wrote:
<snip>
>A good toolkit for Windows is the Ultimate Boot CD for Windows  at
>http://www.ubcd4win.com/
>It uses BartPE, discussed earlier, but adds a lot more tools, including
>rootkit and antivirus scanners.  A clean install after data recovery is
>still the best bet.
Phil: I did some reading on their web site. I do like that better than
BartPE! They include information about workarounds, when using
it with a Dell WinXP Recovery CD, for one example. I'll make a CD for
that, after I'm up and running. Thanks!  Lanny

On Tueday, 20 November 2007, "Ross S. W. Walker" <rwalker at
medallion.com> wrote:
<snip>
>I should have asked how big your setup was currently.
The HD is only 40 GB on my box, a low end Dell Dimension 2400 (2.6 GHz
Celeron) I won in a raffle.  After I get this one up and running, I am
going to switch wife and daughter's boxes, and redo them completely.
Wife's current box has an 80 GB HD, which will give me a lot more room
to experiment with VMware Server, which is something I want to learn
about and use, until we get a box that is Xen capable..
>Oh well, yes the Windows apps take a while to install, been there myself.
Been there and done that? I have huge appreciation, for the large
number of packages that come from Upstream and are included in CentOS
and the speed with which I can install the OS and so much stuff. And,
for an example, the tools included, that would permit me to repair the
WinXP problem, from the Linux side of the box, as you explained.  To
say nothing of my appreciation for the Developers of CentOS and the
others who make this such a wonderful mailing list. I'm an old retired
Assembly Language programmer (started with IBM 360/65) and I never
worked with Unix, so this is a brand new world for me and one that I
regret I did not work in, professionally.
>If I were to re-do the whole drive, not knowing it's size I might do
it as such:
<snip>
>You can then install Windows from within vmware by making /dev/sdc a
raw disk for vmware. Once it's installed you could add an entry
in
>grub to boot into it.
I'm going to RTFM and I think this time around, make it dual boot
again and also try to install Windows within VMware, as you explain.
Next time, I will hopefully have enough confidence in my ability to do
this properly, that I will only install CentOS and then install
Windows within VMware. Thanks much! Lanny

On Tuesday, 20 November 2007, "Nicolas Sahlqvist" <nicco77 at
gmail.com> wrote:
<snip>
>I top that with another 10 - 20 GB, assume you got a DVD iso to burn,
>so you make a copy and due to the effective native copy file feature,
>expect a copy to be placed in some temp folder on C: why you need
>another 5 - 8 GB free and then the space the DVD occupies.. This is
>also true if you copy between 2 SMB shares, even if none of them are
>on the local machine, it's neat iand effective isn't it?
Nicholas: We need much bigger hard drives to do that. What you wrote
makes a lot of sense and when it becomes possible, I'll devote that
much space to M$ Windows. My eventual goal is to discontinue using
Windows and avoid these problems. Lanny