Windows: Difference between revisions
From DWIKI
mNo edit summary Tag: wikieditor |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
*[[Cloning Windows/XP]] | *[[Cloning Windows/XP]] | ||
*[http://www.mvps.org/winhelp2002/ A Troubleshooting Guide to Windows XP] | *[http://www.mvps.org/winhelp2002/ A Troubleshooting Guide to Windows XP] | ||
=HOWTO= | |||
==Enter rescue mode== | |||
hold shift | |||
==Gain admin access== | |||
Repair mode: | |||
Once the machine is rebooted, we can press Shift five times on the Windows login screen to invoke Sticky Keys. Since the executable has been overwritten, what we get instead is another Command Prompt - this time with NT AUTHORITY\SYSTEM permissions | |||
==Tools and commands== | ==Tools and commands== | ||
| Line 19: | Line 29: | ||
==Viruses and spyware== | ==Viruses and spyware== | ||
*[http://www.livecdlist.com/purpose/windows-antivirus The liveCD list] | |||
*[http://www.surfright.nl/en/hitmanpro Hitman Pro] | *[http://www.surfright.nl/en/hitmanpro Hitman Pro] | ||
| Line 30: | Line 42: | ||
*AVG | *AVG | ||
*avira | *avira | ||
*avast | |||
avoid Norton :) | avoid Norton :) | ||
== | =FAQ= | ||
==Get hostname from image== | |||
C:\Windows\debug\NetSetup.LOG | |||
==Passwords== | |||
===change NT password=== | ===change NT password=== | ||
Boot a linux rescue CD containing chntpw and use that, or boot sysrescuecd and select 'ntpasss' | Boot a linux rescue CD containing chntpw and use that, or boot sysrescuecd and select 'ntpasss' | ||
| Line 42: | Line 57: | ||
http://www.maxfreeware.com/cain-and-abel-4920-microsoft-password-recovery.html | http://www.maxfreeware.com/cain-and-abel-4920-microsoft-password-recovery.html | ||
==Recovery console== | |||
Boot from CD, press R for recovery console | Boot from CD, press R for recovery console | ||
Latest revision as of 13:55, 29 December 2025
Links
HOWTO
Enter rescue mode
hold shift
Gain admin access
Repair mode:
Once the machine is rebooted, we can press Shift five times on the Windows login screen to invoke Sticky Keys. Since the executable has been overwritten, what we get instead is another Command Prompt - this time with NT AUTHORITY\SYSTEM permissions
Tools and commands
mmc
wmi
Windows Management Instrumentation
mmi
setacl
netsh
Third party tools
Viruses and spyware
- http://www.malwarebytes.org/
- http://www.combofix.org/
- crapcleaner
First let the scanners fetch their updates, disconnect system from network and then run malwarebytes before combofix
virus scanners
- AVG
- avira
- avast
avoid Norton :)
FAQ
Get hostname from image
C:\Windows\debug\NetSetup.LOG
Passwords
change NT password
Boot a linux rescue CD containing chntpw and use that, or boot sysrescuecd and select 'ntpasss'
collect passwords
http://www.maxfreeware.com/cain-and-abel-4920-microsoft-password-recovery.html
Recovery console
Boot from CD, press R for recovery console
recovery console commands
Error logs
Problem access rights profile
(exact message???)
seems related to "prf*tmp" files on stored profile
