Wednesday, October 11, 2006

Removing extra Winlogon Autostarts (viruses or spyware)

This has to be preformed outside the installed windows enviroment.
Boot from a CD like WinPE, MegaBoot, or other that allows you edit access to the installed registry.

Make changes and rename suspect files or alternate extention.

Exit / and Reboot, check your work.

Remember to look close at all autorun locations before starting, where there is one problem there are usually others.

Recommend using Autorun from
sysinternals.com
Looking at logon, winlogon, explorer, delayload, policies, and services.

This should get you on the right track.
-Joe

posted by Joe @ 12:00 PM   0 comments

DEP, change to AlwaysOff for any dep errors.

To configure DEP to switch to the AlwaysOff policy by using the Boot.ini file, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the Advanced tab, and then click Settings under the Startup and Recovery field.
3. In the System startup field, click Edit. The Boot.ini file opens in Notepad.
4. In Notepad, change /noexecute=OptIn to /noexecute=AlwaysOff.

WARNING Make sure that you enter the text accurately. The Boot.ini file switch should now read: /noexecute=AlwaysOff

5. In Notepad, click Save on the File menu.
6. Click OK two times.
7. Restart the computer.

posted by Joe @ 11:51 AM   0 comments