How to clean an infected computer?

[Athena]

Hello,

My computer is infected with a virus. I do not know which one but
certainly it is a bad one:

1. I cannot boot to safe mode
2. Critical Zonealarm files are erased
3. I cannot run on-line virus programs (trendmicro, Karpersky). It stops
them.
4. Process explorer finds no suspicious looking process.
5. I cannot install ZoneAlarm, AVG
6. I cannot restore the system back to a restore point (even a week old)

Any help? Thank you.

Athena

 

[Carey Frisch [MVP]]

Cleaning a Compromised System
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx


--
Carey Frisch
Microsoft MVP
Windows Shell/User

---------------------------------------------------------------

"Athena" <hiittite@gmail.com> wrote in message news:uoydnQZ-J_lxU7vanZ2dnUVZ_gadnZ2d@comcast.com...
Hello,

My computer is infected with a virus. I do not know which one but
certainly it is a bad one:

1. I cannot boot to safe mode
2. Critical Zonealarm files are erased
3. I cannot run on-line virus programs (trendmicro, Karpersky). It stops
them.
4. Process explorer finds no suspicious looking process.
5. I cannot install ZoneAlarm, AVG
6. I cannot restore the system back to a restore point (even a week old)

Any help? Thank you.

Athena

 

[Malke]

Athena wrote:
> Hello,
>
> My computer is infected with a virus. I do not know which one but
> certainly it is a bad one:
>
> 1. I cannot boot to safe mode
> 2. Critical Zonealarm files are erased
> 3. I cannot run on-line virus programs (trendmicro, Karpersky). It
> stops them.
> 4. Process explorer finds no suspicious looking process.
> 5. I cannot install ZoneAlarm, AVG
> 6. I cannot restore the system back to a restore point (even a week old)
>
> Any help? Thank you.

You might be able to pull the hard drive and slave it in a testbed
machine (I wouldn't use a production machine for this in case of
infection) and run some scans from there. Or you might boot with a
Bart's PE with antivirus/antimalware plugins and scan from there.

However, from a practical standpoint a machine that badly infected is
probably not going to be salvageable. If you neglected to back up data,
you can still retrieve it (see below) - although there is always the
strong probability that the virus has destroyed the data.

Flatten the system - do a clean install. Do not put the data you
retrieved onto the clean system until you have scanned it with a current
version antivirus (not earlier than 2006) using updated definitions. Do
not connect to the Internet until you have a firewall in place.

Data retrieval:

1. Pull the drive and slave it in a computer running a working install
of XP. Depending on the target drive's characteristics, you may need a
drive adapter i.e., laptop-to-IDE or a SATA controller card, etc. A
usb/firewire external drive enclosure works very well, too. Use the
working Windows Explorer to copy the data to the rescue system's hard
drive and then burn the data to cd or dvd.

2. Often Windows will not boot with a slaved drive that has a damaged
file system. In that case, boot the target computer with either a Bart's
PE or a Linux live cd such as Knoppix and retrieve the data that way.
Here is general information on using Knoppix for this:

You will need a computer with two cd drives, one of which is a cd/dvd-rw
OR a usb thumb drive with enough capacity to hold your data OR an
external usb/firewire hard drive formatted FAT32 (not NTFS). To get
Knoppix, you need a computer with a fast Internet connection and
third-party burning software. Download the Knoppix .iso and create your
bootable cd. Then boot with it and it will be able to see the Windows
files. If you are using the usb thumb drive or the external hard drive,
right-click on its icon (on the Desktop) to get its properties and
uncheck the box that says "Read Only". Then click on it to open it. Note
that the default mouse action in the window manager used by Knoppix
(KDE) is a single click to open instead of the traditional MS Windows'
double-click. Otherwise, use the K3b burning program to burn the files
to cd/dvd-r's.

http://www.knoppix.net
http://www.nu2.nu/pebuilder/ - Bart's PE Builder


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[Athena]

Thank you all who clearly explained what to do.

I am going to format the infected drive and install clean XP. But I am
copying data form that drive into an USB drive. After I have a clean system,
I need the data in this drive. Can I safely run an anti-virus program on
this drive? This is drive only for data, there is OS in it. Can I be sure I
can clean the data in this drive and use afterwards safely? Thank you very
much.

Athena

"Athena" <hiittite@gmail.com> wrote in message
news:uoydnQZ-J_lxU7vanZ2dnUVZ_gadnZ2d@comcast.com...
> Hello,
>
> My computer is infected with a virus. I do not know which one but
> certainly it is a bad one:
>
> 1. I cannot boot to safe mode
> 2. Critical Zonealarm files are erased
> 3. I cannot run on-line virus programs (trendmicro, Karpersky). It
> stops them.
> 4. Process explorer finds no suspicious looking process.
> 5. I cannot install ZoneAlarm, AVG
> 6. I cannot restore the system back to a restore point (even a week
> old)
>
> Any help? Thank you.
>
> Athena

 

[Malke]

Athena wrote:
> Thank you all who clearly explained what to do.
>
> I am going to format the infected drive and install clean XP. But I
> am copying data form that drive into an USB drive. After I have a clean
> system, I need the data in this drive. Can I safely run an anti-virus
> program on this drive? This is drive only for data, there is OS in it.
> Can I be sure I can clean the data in this drive and use afterwards
> safely? Thank you very much.

Yes of course - that's exactly what you want to do (if I understand your
post correctly). My understanding of your post is that you are going to
retrieve the data by copying it onto a USB thumbdrive. You will then
format the infected drive and clean-install Windows. You will do all
Windows Updates, install a current version antivirus and update it. Then
you will connect your USB drive which has your retrieved data and use
the antivirus to scan it. If the data on the USB drive is clean, you
will then copy it back onto your hard drive with the new, clean install
of Windows. This is what you are planning, yes?

http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To
http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows -
What you will need on-hand


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[Athena]

Hello Malke,

Yes. Certainly. Once the data in the USB drive is clean, I will transfer
some of it to the newly created system. My worry is that whether the
transferred data can infect my new system or not?

Athena

"Malke" <notreally@invalid.invalid> wrote in message
news:%23XB27E1GIHA.700@TK2MSFTNGP05.phx.gbl...
> Athena wrote:
>> Thank you all who clearly explained what to do.
>>
>> I am going to format the infected drive and install clean XP. But I am
>> copying data form that drive into an USB drive. After I have a clean
>> system, I need the data in this drive. Can I safely run an anti-virus
>> program on this drive? This is drive only for data, there is OS in it.
>> Can I be sure I can clean the data in this drive and use afterwards
>> safely? Thank you very much.
>
> Yes of course - that's exactly what you want to do (if I understand your
> post correctly). My understanding of your post is that you are going to
> retrieve the data by copying it onto a USB thumbdrive. You will then
> format the infected drive and clean-install Windows. You will do all
> Windows Updates, install a current version antivirus and update it. Then
> you will connect your USB drive which has your retrieved data and use the
> antivirus to scan it. If the data on the USB drive is clean, you will then
> copy it back onto your hard drive with the new, clean install of Windows.
> This is what you are planning, yes?
>
> http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To
> http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows - What
> you will need on-hand
>
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User

 

[Malke]

Athena wrote:
> Hello Malke,
>
> Yes. Certainly. Once the data in the USB drive is clean, I will
> transfer some of it to the newly created system. My worry is that
> whether the transferred data can infect my new system or not?

That's the point of scanning it first before you transfer it!


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User