Unable to boot after using partizan/unhackme/regrun/what ever..

[necrophyte]

still banging head against a wall that i even installed that #*%& software... this is what i already posted in the support forum of that software's company's website (www.greatis.com):

i just installed regrun platinum 5.7 since i read that this software was able to remove win32/iroffer, which i suspected to have some remaining, non-active files left on my computer (ms-java.exe, s.dll etc.), which it by the way did not although present in the windows/driver/i386 folder..

i updated the database, ran some utilities (didnt delete anything, just looked at what it would detect - as mentioned before, it didnt detect ms-java.exe as a malware..), and then ran the partizan bootwatch rootkit detection which asked me to reboot in order to search for rootkits...

i did so, and after the winxp bootscreen a blue screen appeared saying

regrun partizan - bootwatch antirootkit. greatis software (c) 2007-2008
partizan driver is active.

well, thats as far as my computer comes now. safe mode > hangs up while still booting up windows (last loaded device is mup.sys)

last good configuration causes blank screen.

CTRL-ALT-DEL doesnt work. i can only boot again after shutting down using the power button.


i. e. - OBVIOUSLY NO WAY TO BOOT MY COMPUTER AGAIN

any suggestions?

i can 100% assure that my computer was completely spyware/malware/virus- FREE

specs:
hp notebook nx9030
winxp professional sp2

before rebooting after running regrun/partizan.. for the first time, EVERYTHING WENT PERFECTLY


any suggestions?
PS: debugging mode - same problem, win domain controllers only - after loading controllers the partizan driver is active text appears again, but this time on the black screen, not the win blue screen.

 

[KSoD]

Well without safe mode or lsat known good config you are at a lose. Maybe a repair install. But that is all that might work for you.

 

[necrophyte]

i just disabled "partizan" using bootcfg in the recovery console.

well, now after the windows bootscreen the same blue screen appears, only now it only says:

regrun partizan - bootwatch antirootkit. greatis software (c) 2007-2008


without "partizan driver is active."

i cant find any other service that is still enabled that could be part of that software.

is there any other way to disable everything related to that regrun/unhackme/partizan trash? it has to be started before all other services in order to detect rootkits, so where could that entry be, maybe registry? can i access the registry somehow?

i still cant believe this is happening.. some few hours ago my computer went perfectly and now..

 

[necrophyte]

i just found some technical information about that trash..

partizan (part of unhackme, which is part of the regrun suite :/) starts using the UNHACKMEDRV.SYS kernel driver

in the registry the entries are
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute

and RunOnceEx


..so, anyone an idea how to stop/disable/delete/reset UNHACKME.SYS and those two registry entries (bootexecute & runonceex) using the recovery console or any other method while not being able to boot windows?

thanks..

 

[KSoD]

There is no way to stop it without getting into Windows. You will have to do a repair install. There are very few ways to actually get the registry of a system and modify it without actually booting into it. Most of it incurs Linux LiveCD's and a lot of knowledge.

 

[necrophyte]

is there any way to see the exact order in which the win/sys32/drivers/ controllers are being loaded?

cause since the last one loaded before everything stops when trying the safe mode was mup.sys, so i disabled it, and now the same occurs after the one controller before mup.sys is being loaded.

so there must be a controller being loaded after mup.sys that causes the problem, but how can i find out which one it is? unfortunately they're not being loaded alphabetically.. :/

 

[KSoD]

No they do not load in any specific order and again you can not see this without getting into Windows.