Well it seems that my problem may be caused by Tune up utilities 2006. It was probably messing some registry value, which I found the hard way. And since Windows is a tangle of inter-dependencies at the level of the (badly designed) monolithic kernel, it became inexplicably crippled. But since I wasn't wise about the TuneUp Utilities causing trouble, I installed the software again after Event 1 and restarted Windows. There was the same olde problem staring bleakly at me. So I just popped-in the XP boot CD and started the installation.
But hey, if the setup was uneventful, there's no point in the post! All for no (obvious) reason, I had to restart the setup forever because of an angelic error dialog (more like a monologue) :
Fatal error:
Setup failed to install the product catalogs.
The signature for Windows XP professional upgrade is invalid. The error code is 426. The service has not been started.
Microsoft support site reckons that it’s cause by a catalog folder left behind by the previous OS installation. So the support article asked me to press SHIFT+F10 at the error message to get a cmd prompt window. From here I am supposed to cd to windows\System32 and rename â€ï¿½Catroot2’ to â€ï¿½catold’. It’s cool to know that you can access cmd prompt from here. It isn’t very useful but at least it’s more functional and workable than the recovery console.
But the thing is, the time between the start of the â€ï¿½Installing windows’ mode (the shift+F10 trick starts to work only in this mode) and the appearance of the error dialog is about 10 seconds. I raced against the clock to delete/rename the damn catroot folder, but it was a no-go situation.
Tired of doing the catroot thing, I ran bootcfg.exe and lowered the amount of RAM visible to windows to only 128MB of the 1GB. Of course, I know this was a long shot and won’t work, but some setup related problems with lower versions of windows go away with this trick.
I tried to move some important files to my other partition. Next I tried running the setup.exe in the Windows setup CD from within the cmd window. And it launched the setup! But, unfortunately, the “child setupâ€ï¿½ also stopped at the same spot as it’s “parentâ€ï¿½, with the same error message.
In the end I had to do a quick format and fresh install like I did in my previous post. I could’ve avoided this format by deleting the entire partition of Windows related files, but it would’ve smelled like a boat-load of bilge water to find some file I forgot or something. This time around, I've steered clear of tuneup utilities. But how I miss it! But hopefully, this the end of my 'formatathon'.
PS: On google, as of this writing, my blog is the only hit for the word 'Formatathon' :)
1 comment:
This was a major headache but I was able to fix this and I wanted to share what it was and what needed done because it doesn’t seem to be documented anywhere.
For me it began as a severely infected computer that was rendered unbootable after removing the viruses and attempting a repair install of XP (boot to CD, hit ENTER on first menu and R on second), hanging at 39 minutes with "The signature for windows XP professional Upgrade is invalid. The error code is 426" There was also a product catalog error.
The reason for this, in my case, was that the infection had created a dependency for many critical Windows services, including CryptSvc service, lanmanworkstation and RpcSs (amongst others). When ComboFix removed the threats (files), it did not remove the dependencies created for those services and meant that the legitimate services could not start.
The dependencies must be removed before you can continue. To verify that this is also your problem, when stuck at the 39 minute screen, press Shift+F10 to bring up command prompt. Type regedit and hit Enter. Expand HKLM>SYSTEM>CurrentControlSet>Services. Start with RpcSs. Click on RpcSs in the left window. On the right you should not see ANY strings listing "DependOnService" or "DependOnGroup." If you do, as I did, finding a dependency "keyb" (AKA Keyboard Manager, type32.dll) service listed then that is your problem. Examining the ComboFix log confirmed these Keyboard Manager files were deleted. I also saw "keyb" listed as a service required for lanmanworkstation and cryptsvc (amongst others) to start. Because ComboFix had removed the malicious service it was not found by the legit services allowing them to start.
The problem is that you cannot just remove those dependencies and continue the repair. Even if you remove them and restart your repair install it will fail.
What has to be done is a system restore to restore the malicious "keyb" service in the registry, but how do you do that in the middle of a repair install? You need Hiren's BootCD 10.4[/url]. Boot to this CD, load Mini XP mode and navigate to System Restore. Restore your system to a time before the virus removal.
After a successful restore, remove the CD and boot to Safe Mode. Inside Safe Mode, open regedit (if you do not have a start menu like I didn't, press Ctrl+Shift+Esc to bring up Task Manager and from the file menu select Run...) and navigate to the services location HKLM>SYSTEM>CurrentControlSet. In my case the keyb service was the nasty, so I searched the CurrentControlSet high and low for keyb and removed the "DependOnService" and "DependOnGroup" strings if "keyb" was listed. Be VERY careful as there will be plenty of legit entries for "keyboard" that you don't want to delete. Also search the ControlSet00X keys! While you are in the registry, also take a look at the key HKLM>Software>Microsoft>Windows NT>SvcHost. When I clicked on SvcHost there were two strings present on the right side that needed to be deleted. They were trr360 and MediaCenter. DELETE THEM if you see them.
Now that the dependencies are removed, restart your computer in Safe Mode again. At this point I had a normal looking Windows. My start menu appeared, my network connections were back, device manager was full, services.msc was loading properly. Confirm the malicious dependencies are no longer listed in the registry. It's now OK to run any malware removal tool (I recommend ComboFix at this stage). Because the necessary Windows Services will no longer depend on the threats you’ll remove, you have the upper hand to get rid of any lingering bugs. You can even attempt the Windows Repair again.
I know this is a bit exhausting but I was dealing with a PC that simply could not be formatted due to the software installed on it and you might be too. Maybe my overnight job will save someone sleep one night!
Post a Comment