2nd installation W2K needed for rootkit problem

T

Tim Walters

I ran Rootkitrevealer, and it looks as if I might have it. I decided to
install a fresh copy of W2K on a different drive, in order to run my Panda
antivirus under it. Panda won't install under a 16-colour config., so I have
repeatedly tried to install the graphics driver which I have for my main
installation. For some reason the installation seems to go through normally,
but upon rebooting I can still get only the 16-colour option.

Thanks for any suggestions.

Tim
 
D

Dave Patrick

Check the hardware manufacturer's web site for the latest Windows 2000
driver for your device.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
|I ran Rootkitrevealer, and it looks as if I might have it. I decided to
| install a fresh copy of W2K on a different drive, in order to run my Panda
| antivirus under it. Panda won't install under a 16-colour config., so I
have
| repeatedly tried to install the graphics driver which I have for my main
| installation. For some reason the installation seems to go through
normally,
| but upon rebooting I can still get only the 16-colour option.
|
| Thanks for any suggestions.
|
| Tim
|
|
|
 
P

Pegasus \(MVP\)

Tim Walters said:
I ran Rootkitrevealer, and it looks as if I might have it. I decided to
install a fresh copy of W2K on a different drive, in order to run my Panda
antivirus under it. Panda won't install under a 16-colour config., so I have
repeatedly tried to install the graphics driver which I have for my main
installation. For some reason the installation seems to go through normally,
but upon rebooting I can still get only the 16-colour option.

Thanks for any suggestions.

Tim
Click to expand...

This is a function of the video adapter driver, not a function
of Windows. Check www.driverguide.com for alternative
drivers.
 
T

Tim Walters

I've done this. The driver seems to install correctly but when I reboot, it
doesn't work.

Could the problem be that the new drive I've reinstalled Windows 2000 on was
not previously formated, because my main installation won't let me do this?
It says that, to reformat the drive, I have to quit any programs that are
using it, yet no program that I've loaded is running.

Thanks.
 
D

Dave Patrick

Check Event Viewer for errors. When you view the logged events in Event
Viewer (double-click them in the right-hand pane) in the upper right corner,
third button down is a copy to clipboard, then you can paste in the body of
a reply message.

Please do so for each of the different System Log events (that are a Type:
'Error' or 'Warning') since last boot so we can see all of the event detail.

Also check Device Manager for error codes and or non-starting devices.

This is a bit confusing. Are you trying to install a driver or reinstall
Windows? If the latter;

To do a clean install, either boot the Windows 2000 install CD-Rom or setup
disks. The set of four install disks can be created from your Windows 2000
CD-Rom; change to the \bootdisk directory on the CD-Rom and execute
makeboot.exe (from dos) or makebt32.exe (from 32 bit) and follow the
prompts.

Setup inspects your computer's hardware configuration and then begins to
install the Setup and driver files. When the Windows 2000 Professional
screen appears, press ENTER to set up Windows 2000 Professional.

Read the license agreement, and then press the F8 key to accept the terms of
the license agreement and continue the installation.

When the Windows 2000 Professional Setup screen appears, all the existing
partitions and the unpartitioned spaces are listed for each physical hard
disk. Use the ARROW keys to select the partitions Press D to delete an
existing partition, If you press D to delete an existing partition, you must
then press L (or press ENTER, and then press L if it is the System
partition) to confirm that you want to delete the partition. Repeat this
step for each of the existing partitions When all the partitions are deleted
press F3 to exit setup, (to avoid unexpected drive letter assignments with
your new install) then restart the pc then when you get to this point in
setup again select the unpartitioned space, and then press C to create a new
partition and specify the size (if required). Windows will by default use
all available space.

(in lieu of this just format the partition you wish to install Windows 2000
to.)

Be sure to apply SP4 and these two below to your new install before
connecting to any network. Internet included. (sasser, msblast)
http://download.microsoft.com/download/E/6/A/E6A04295-D2A8-40D0-A0C5-241BFECD095E/W2KSP4_EN.EXE
http://www.microsoft.com/technet/security/bulletin/MS03-043.mspx
http://www.microsoft.com/technet/security/bulletin/MS03-049.mspx

Then

Rollup 1 for Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/...CF-8850-4531-B52B-BF28B324C662&displaylang=en

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| I've done this. The driver seems to install correctly but when I reboot,
it
| doesn't work.
|
| Could the problem be that the new drive I've reinstalled Windows 2000 on
was
| not previously formated, because my main installation won't let me do
this?
| It says that, to reformat the drive, I have to quit any programs that are
| using it, yet no program that I've loaded is running.
|
| Thanks.
 
T

Tim Walters

Dave Patrick said:
Check Event Viewer for errors. When you view the logged events in Event
Viewer (double-click them in the right-hand pane) in the upper right corner,
third button down is a copy to clipboard, then you can paste in the body of
a reply message.

Please do so for each of the different System Log events (that are a Type:
'Error' or 'Warning') since last boot so we can see all of the event detail.

Also check Device Manager for error codes and or non-starting devices.

This is a bit confusing. Are you trying to install a driver or reinstall
Windows? If the latter;
Click to expand...


I'm trying to get the drivers working for my graphics adapter under a second
installation of W2K, in order to be able to install Panda, in order to
remove a rootkit in my main installation.

Will the following scheme work?

Look at the drivers for the adapter in the Device Manager of my main
installation. Copy all the dll files into the system32 folder of my new
installation?

Thanks




To do a clean install, either boot the Windows 2000 install CD-Rom or setup
disks. The set of four install disks can be created from your Windows 2000
CD-Rom; change to the \bootdisk directory on the CD-Rom and execute
makeboot.exe (from dos) or makebt32.exe (from 32 bit) and follow the
prompts.

Setup inspects your computer's hardware configuration and then begins to
install the Setup and driver files. When the Windows 2000 Professional
screen appears, press ENTER to set up Windows 2000 Professional.

Read the license agreement, and then press the F8 key to accept the terms of
the license agreement and continue the installation.

When the Windows 2000 Professional Setup screen appears, all the existing
partitions and the unpartitioned spaces are listed for each physical hard
disk. Use the ARROW keys to select the partitions Press D to delete an
existing partition, If you press D to delete an existing partition, you must
then press L (or press ENTER, and then press L if it is the System
partition) to confirm that you want to delete the partition. Repeat this
step for each of the existing partitions When all the partitions are deleted
press F3 to exit setup, (to avoid unexpected drive letter assignments with
your new install) then restart the pc then when you get to this point in
setup again select the unpartitioned space, and then press C to create a new
partition and specify the size (if required). Windows will by default use
all available space.

(in lieu of this just format the partition you wish to install Windows 2000
to.)

Be sure to apply SP4 and these two below to your new install before
connecting to any network. Internet included. (sasser, msblast)
http://download.microsoft.com/download/E/6/A/E6A04295-D2A8-40D0-A0C5-241BFECD095E/W2KSP4_EN.EXE
http://www.microsoft.com/technet/security/bulletin/MS03-043.mspx
http://www.microsoft.com/technet/security/bulletin/MS03-049.mspx

Then

Rollup 1 for Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/...CF-8850-4531-B52B-BF28B324C662&displaylang=en

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| I've done this. The driver seems to install correctly but when I reboot,
it
| doesn't work.
|
| Could the problem be that the new drive I've reinstalled Windows 2000 on
was
| not previously formated, because my main installation won't let me do
this?
| It says that, to reformat the drive, I have to quit any programs that are
| using it, yet no program that I've loaded is running.
|
| Thanks.
Click to expand...
 
D

Dave Patrick

No, that won't work.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| I'm trying to get the drivers working for my graphics adapter under a
second
| installation of W2K, in order to be able to install Panda, in order to
| remove a rootkit in my main installation.
|
| Will the following scheme work?
|
| Look at the drivers for the adapter in the Device Manager of my main
| installation. Copy all the dll files into the system32 folder of my new
| installation?
|
| Thanks
 
T

Tim Walters

Dave Patrick said:
Check Event Viewer for errors. When you view the logged events in Event
Viewer (double-click them in the right-hand pane) in the upper right corner,
third button down is a copy to clipboard, then you can paste in the body of
a reply message.

Please do so for each of the different System Log events (that are a Type:
'Error' or 'Warning') since last boot so we can see all of the event
Click to expand...
detail.


I've followed your instructions to the letter. End partition removed, new
partition of same size formatted, and a fresh install of W2K. All your
recommended updates and patches have been installed without connecting to
the internet. Installing the graphics adapter driver still doesn't take, and
the following warning appears in the Event Viewer:

Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1007
Date: 7/1/2006
Time: 10:09:39 PM
User: N/A
Computer: R-RZFOSJ4IHB5C9
Description:
Your computer has automatically configured the IP address for the Network
Card with network address 000129245AAA. The IP address being used is
169.254.247.49.
Data:
0000: 00 00 00 00 ....



What now?

Thanks.


Also check Device Manager for error codes and or non-starting devices.

This is a bit confusing. Are you trying to install a driver or reinstall
Windows? If the latter;

To do a clean install, either boot the Windows 2000 install CD-Rom or setup
disks. The set of four install disks can be created from your Windows 2000
CD-Rom; change to the \bootdisk directory on the CD-Rom and execute
makeboot.exe (from dos) or makebt32.exe (from 32 bit) and follow the
prompts.

Setup inspects your computer's hardware configuration and then begins to
install the Setup and driver files. When the Windows 2000 Professional
screen appears, press ENTER to set up Windows 2000 Professional.

Read the license agreement, and then press the F8 key to accept the terms of
the license agreement and continue the installation.

When the Windows 2000 Professional Setup screen appears, all the existing
partitions and the unpartitioned spaces are listed for each physical hard
disk. Use the ARROW keys to select the partitions Press D to delete an
existing partition, If you press D to delete an existing partition, you must
then press L (or press ENTER, and then press L if it is the System
partition) to confirm that you want to delete the partition. Repeat this
step for each of the existing partitions When all the partitions are deleted
press F3 to exit setup, (to avoid unexpected drive letter assignments with
your new install) then restart the pc then when you get to this point in
setup again select the unpartitioned space, and then press C to create a new
partition and specify the size (if required). Windows will by default use
all available space.

(in lieu of this just format the partition you wish to install Windows 2000
to.)

Be sure to apply SP4 and these two below to your new install before
connecting to any network. Internet included. (sasser, msblast)
http://download.microsoft.com/download/E/6/A/E6A04295-D2A8-40D0-A0C5-241BFECD095E/W2KSP4_EN.EXE
http://www.microsoft.com/technet/security/bulletin/MS03-043.mspx
http://www.microsoft.com/technet/security/bulletin/MS03-049.mspx

Then

Rollup 1 for Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/...CF-8850-4531-B52B-BF28B324C662&displaylang=en

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| I've done this. The driver seems to install correctly but when I reboot,
it
| doesn't work.
|
| Could the problem be that the new drive I've reinstalled Windows 2000 on
was
| not previously formated, because my main installation won't let me do
this?
| It says that, to reformat the drive, I have to quit any programs that are
| using it, yet no program that I've loaded is running.
|
| Thanks.
Click to expand...
 
D

Dave Patrick

1.) Configure the network interface with a static IP address since there is
no DHCP server available.

2.) Check Device Manager for error codes and or non-starting devices.


--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| I've followed your instructions to the letter. End partition removed, new
| partition of same size formatted, and a fresh install of W2K. All your
| recommended updates and patches have been installed without connecting to
| the internet. Installing the graphics adapter driver still doesn't take,
and
| the following warning appears in the Event Viewer:
|
| Event Type: Warning
| Event Source: Dhcp
| Event Category: None
| Event ID: 1007
| Date: 7/1/2006
| Time: 10:09:39 PM
| User: N/A
| Computer: R-RZFOSJ4IHB5C9
| Description:
| Your computer has automatically configured the IP address for the Network
| Card with network address 000129245AAA. The IP address being used is
| 169.254.247.49.
| Data:
| 0000: 00 00 00 00 ....
|
|
|
| What now?
|
| Thanks.
 
T

Tim Walters

Dave Patrick said:
1.) Configure the network interface with a static IP address since there is
no DHCP server available.
Click to expand...


Sorry. How do I actually do this?

2.) Check Device Manager for error codes and or non-starting devices.
Click to expand...


I went into the Device Manager but I couldn't see any kind of log for errors
or non-starting devices. Where exactly are the eror codes recorded?

Thanks.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| I've followed your instructions to the letter. End partition removed, new
| partition of same size formatted, and a fresh install of W2K. All your
| recommended updates and patches have been installed without connecting to
| the internet. Installing the graphics adapter driver still doesn't take,
and
| the following warning appears in the Event Viewer:
|
| Event Type: Warning
| Event Source: Dhcp
| Event Category: None
| Event ID: 1007
| Date: 7/1/2006
| Time: 10:09:39 PM
| User: N/A
| Computer: R-RZFOSJ4IHB5C9
| Description:
| Your computer has automatically configured the IP address for the Network
| Card with network address 000129245AAA. The IP address being used is
| 169.254.247.49.
| Data:
| 0000: 00 00 00 00 ....
|
|
|
| What now?
|
| Thanks.
Click to expand...
 
D

Dave Patrick

1.) Control Panel|Network|"connection"|Properties|Internet
Protocol(TCP/IP))Properties

2.) Start|Run|devmgmt.msc and look for bangs !

Also look at the Display Adapters branch to see what you've got.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Sorry. How do I actually do this?
|
|
| >
| > 2.) Check Device Manager for error codes and or non-starting devices.
|
|
| I went into the Device Manager but I couldn't see any kind of log for
errors
| or non-starting devices. Where exactly are the eror codes recorded?
|
| Thanks.
 
T

Tim Walters

Dave Patrick said:
1.) Control Panel|Network|"connection"|Properties|Internet
Protocol(TCP/IP))Properties
Click to expand...

This fixed that little worry. A reboot gave no errors or warnings in the
Event Viewer.
2.) Start|Run|devmgmt.msc and look for bangs !
Click to expand...

I'm not sure what bangs are, but there didn't appear to be anything that
looked like a warning or a clash.
Also look at the Display Adapters branch to see what you've got.
Click to expand...

None! The installation on drive 5 doesn't detect the adapter, but the one on
drive c: does.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Sorry. How do I actually do this?
|
|
| >
| > 2.) Check Device Manager for error codes and or non-starting devices.
|
|
| I went into the Device Manager but I couldn't see any kind of log for
errors
| or non-starting devices. Where exactly are the eror codes recorded?
|
| Thanks
Click to expand...
 
D

Dave Patrick

Try running the Update Driver wizard using the Update Driver button, but do
not let Windows 2000 automatically detect devices. Instead, click Have Disk
when prompted, and manually point the wizard to the appropriate driver you
downloaded from the manufacturer's web site.


--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| This fixed that little worry. A reboot gave no errors or warnings in the
| Event Viewer.
|
| >
| > 2.) Start|Run|devmgmt.msc and look for bangs !
|
| I'm not sure what bangs are, but there didn't appear to be anything that
| looked like a warning or a clash.
|
| >
| > Also look at the Display Adapters branch to see what you've got.
|
| None! The installation on drive 5 doesn't detect the adapter, but the one
on
| drive c: does.
 
T

Tim Walters

Dave Patrick said:
Try running the Update Driver wizard using the Update Driver button, but do
not let Windows 2000 automatically detect devices. Instead, click Have Disk
when prompted, and manually point the wizard to the appropriate driver you
downloaded from the manufacturer's web site.
Click to expand...

I'm puzzled by this. Do you mean "Run the Update Driver" under my main
installation? Because I don't get a Display Adapter option at all in the
problem installation. On the other hand, if I try to install a new device,
and click on the "Have disk" option, it looks for an .inf file, and the file
I downloaded from the hardware website is an application.



--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| This fixed that little worry. A reboot gave no errors or warnings in the
| Event Viewer.
|
| >
| > 2.) Start|Run|devmgmt.msc and look for bangs !
|
| I'm not sure what bangs are, but there didn't appear to be anything that
| looked like a warning or a clash.
|
| >
| > Also look at the Display Adapters branch to see what you've got.
|
| None! The installation on drive 5 doesn't detect the adapter, but the one
on
| drive c: does.
Click to expand...
 
D

Dave Patrick

Most likely you don't need any applications (such as ATI catalyst crapware)
from the manufacturer. Just install the driver as directed. Use the "Update
Driver" button in Device Manager or Control Panel|Add New Hardware choose
'Have Disk' when prompted.


--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| I'm puzzled by this. Do you mean "Run the Update Driver" under my main
| installation? Because I don't get a Display Adapter option at all in the
| problem installation. On the other hand, if I try to install a new device,
| and click on the "Have disk" option, it looks for an .inf file, and the
file
| I downloaded from the hardware website is an application.
 
T

Tim Walters

Dave Patrick said:
Most likely you don't need any applications (such as ATI catalyst crapware)
from the manufacturer. Just install the driver as directed. Use the "Update
Driver" button in Device Manager or Control Panel|Add New Hardware choose
'Have Disk' when prompted.
Click to expand...

The only "Update Driver" I get for a Display Adapter is under my main
installation (the one that recognizes the adapter but has the rootkit). So,
under the problem installation, I can only follow your Add New Hardware
option. But the Have Disk button asks for an .inf file. The driver file I
downloaded from the hardware website is an application (I assume an .exe
file).

So I don't see how I can follow your instructions.


--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| I'm puzzled by this. Do you mean "Run the Update Driver" under my main
| installation? Because I don't get a Display Adapter option at all in the
| problem installation. On the other hand, if I try to install a new device,
| and click on the "Have disk" option, it looks for an .inf file, and the
file
| I downloaded from the hardware website is an application.
Click to expand...
 
D

Dave Patrick

What display adapter?

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| The only "Update Driver" I get for a Display Adapter is under my main
| installation (the one that recognizes the adapter but has the rootkit).
So,
| under the problem installation, I can only follow your Add New Hardware
| option. But the Have Disk button asks for an .inf file. The driver file I
| downloaded from the hardware website is an application (I assume an .exe
| file).
|
| So I don't see how I can follow your instructions.
 
T

Tim Walters

Dave Patrick said:
Most likely you don't need any applications (such as ATI catalyst crapware)
from the manufacturer. Just install the driver as directed. Use the "Update
Driver" button in Device Manager
Click to expand...


The problem installation does not detect any display adapter at all, so
there is no accessible "Update Driver" button.

or Control Panel|Add New Hardware choose
'Have Disk' when prompted.
Click to expand...


I can select the "Add New Hardware" option under the problem installation,
but the "Have disk" button wants an .inf file. The file I downloaded from
the hardware website is an application. I don't know where I can get an .inf
file from.

I don't understand what you are telling me to do.




--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| I'm puzzled by this. Do you mean "Run the Update Driver" under my main
| installation? Because I don't get a Display Adapter option at all in the
| problem installation. On the other hand, if I try to install a new device,
| and click on the "Have disk" option, it looks for an .inf file, and the
file
| I downloaded from the hardware website is an application.
Click to expand...
 
D

Dave Patrick

Again; What display adapter?

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| The problem installation does not detect any display adapter at all, so
| there is no accessible "Update Driver" button.
|
|
| > or Control Panel|Add New Hardware choose
| > 'Have Disk' when prompted.
|
|
| I can select the "Add New Hardware" option under the problem installation,
| but the "Have disk" button wants an .inf file. The file I downloaded from
| the hardware website is an application. I don't know where I can get an
..inf
| file from.
|
| I don't understand what you are telling me to do.
 
T

Tim Walters

Dave Patrick said:
Again; What display adapter?
Click to expand...

Radeon 9200 SE

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| The problem installation does not detect any display adapter at all, so
| there is no accessible "Update Driver" button.
|
|
| > or Control Panel|Add New Hardware choose
| > 'Have Disk' when prompted.
|
|
| I can select the "Add New Hardware" option under the problem installation,
| but the "Have disk" button wants an .inf file. The file I downloaded from
| the hardware website is an application. I don't know where I can get an
.inf
| file from.
|
| I don't understand what you are telling me to do.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

New Vista installation - rootkit found! 4
how to remove W2K from WXP 5
W2K Pro Installation Problem 1
Windows XP Video Problem 2
W2K & Win XP Pro duel boot 4
W2K Standby Blues 2
Chkdsk destroys W2K installation 1
Last ditch repair of crashing W2K box...ideas?!?!?! 2

Top