XP Locked - Virus..how to fix

[fishnboys]

Appreciate any help. Have a newer Dell, using XP....no non installed virus protection (I was planning to get something, but didn't use it on the web much). Kid turned off XP firewall to 'surf faster', and didn't tell me. Had a black background on the main XP page after boot that said I was infected, and to go to a link to delete. Ignored it, ran ok for a week. Started getting many disconnects as I was on-line looking for virus info.. Now it only gets as far as the XP 'choose user' screen on boot then locks up....sometimes before that.

Goal: Save my data/picture files, and get it running again.

Question: Can I buy a virus protection package and have it start on boot and hopefully find/eliminate the problem?? If so, how and what are my odds it will work??

Reserached this site and looking at the following virus packages: Kapersky's, nod32 and System Mechanic 5 Pro (which has the Kapersky virus system as I understand). Any best for my use here?? Like the SM5P as it has a lot of other features, but not sure if the virus portion is as robust as the others.

Thanks again for your time, and advice.

 

[Me__2001]

first thing, give your kids an account with non administrative rights so they cant install or disable anything unless you know about it, also never connect to the net without some kind of protection, atleast have a virus scanner and the XP firewall enabled or a 3rd party one, another thing is to get adaware and spyware protection, read the article about it on here if your not sure what scanners to get

i doubt you'll be able to get your data back easily, the only way that i can think of is to use knoppix, this will give you access to the hard drive and, then you may be able to burn the data to a CD

the ony fix will be a complete format and re-intall of everything, all of the antivirus scanners i know of need to be installed from windows

 

[richuu]

This shouldn't be too difficult to fix, providing you can get some internet access somewhere else...

There are three things you will always need to keep your PC running sweetly - an antivirus package (I know, too late!) - Grisoft AVG is good, and FREE - go here . Search and ye shall find. Also, download Lavasoft AdAware SE Personal Edition from www.lavasoft.com and Spybot Search & Destroy from http://www.safer-networking.org/en/download/

Download all the updates for each of the three programs. Boot your computer into safe mode (F8 at startup) and you should be able to log in. Install at least Spybot and AdAware - you should be able to update these from downloadable files rather than the inbuilt update features, enabling you to do it from another PC... ask if you don't know what I mean. When all is installed and updated, physicaly disconnect your PC from the internet (removephone line or broadband connection) and run all the checks. Remove anything it finds as dodgy.

When all is done, try booting normally.

Let us know how you get on! Good Luck!

 

[fishnboys]

This shouldn't be too difficult to fix, providing you can get some internet access somewhere else...

There are three things you will always need to keep your PC running sweetly - an antivirus package (I know, too late!) - Grisoft AVG is good, and FREE - go here . Search and ye shall find. Also, download Lavasoft AdAware SE Personal Edition from www.lavasoft.com and Spybot Search & Destroy from http://www.safer-networking.org/en/download/

Download all the updates for each of the three programs. Boot your computer into safe mode (F8 at startup) and you should be able to log in. Install at least Spybot and AdAware - you should be able to update these from downloadable files rather than the inbuilt update features, enabling you to do it from another PC... ask if you don't know what I mean. When all is installed and updated, physicaly disconnect your PC from the internet (removephone line or broadband connection) and run all the checks. Remove anything it finds as dodgy.

When all is done, try booting normally.

Let us know how you get on! Good Luck!

Unfortuantley F8 Safe mode did nto work.....black screen with the Safe Mode icons at the corners
Ran all diagnostics from Dell and CHKDSK...no luck.

Wondering what my chances are if I install a new HD, with latest virus/spy s/w, then connecting the old drive and trying to get the data back??

Again any input on System Mechanic 5 Pro appreciated. Will get the ones recommended above as well.

Thanks again in advance!

 

[Adywebb]

System Mechanic 5 Pro comes with Panda Antivirus - I use both and am very happy with them, not sure how this is going to help you in these circumstances though....

 

[richuu]

Yes, that will work - the only risk being that if your old drive is virus infected, that you could infect your new clean drive when you bring the old one online. That aside, it's something I have done before - I've put an infected drive into a clean, protected computer, and successfully cleaned the infected drive with an AV prog and returned the drive to it's original PC with success. The only thing you have to do is to set the infected drive to a slave before putting it in the other PC, or make sure it's on the secondary channel (but still as a slave if there's already another device on the 2nd channel).

Another option is to make an AV boot disk - a floppyor CD that will boot the system and run an AV prog. There are a few resources on the web about how to do this with F-Prot anti virus.

 

[jeffpgpc]

Another Option

I recently lost the HDD on my main machine not to a virus but to my IDE controller going bad on my Motherboard. It has a SATA controller so I was back in business with a faster SATA drive but I could not get my data off of my old IDE drive. I had two solutions. Take my secondary machine down an put my old HDD in it and pull the data off that way. The easiest but more expensive solution was to pucrhase an external HDD case that would allow me to use the HDD as a secondary drive and hook it up to the USB port. It works great and now I had a secondary storage drive that I can back up my data to. Here is a link: http://www.geeks.com/details.asp?invtid=520U&cat=405 $29.00 US! Not bad

In your situation, you want to do what one of the posts above says to do. Set up your new system with a new HDD and then install a good virus scanner before you hook up the old HDD to the USB port other wise you will reinfec t yourself. After you have installed the virus scanner, make sure it is 100% up to date and Windows is 100% up to date. Now you are ready to hook up the drive. Run a thorough scan of the old HDD and then pull your old Data off. After you are satisfied you have everything (Set it aside after you are done for a day or so to be sure). Format the old HDD.

 

[fishnboys]

Thanks for the suggestion. Still progressing with a fix. Have a new HDD, MOD32 antivirus and CounterSpy on the way. Did find that I too have SATA, and after researching am confused as to setting up 2 drives....apparently they will not work as master/slave. As mentioned above I do not want to infect all the new stuff!

Is there a way to easily set-up both so they new is the master/boot drive and the second (old) simply a pick in windows??

Dell said put the new in the first MB connection and the old in the second, but from what I have read I am not confident. Seagte tech support (manuf. of both drives) went into great detail about BIOS and CMOS or something settings....way over my head for a phone discussion. Did learn enough though that I need to be careful here.

Like the idea of setting up the old to connect via USB. How would I do this??

Thanks again to all for their help here.

 

[ChristopherP]

Can you get Sata USB/Firewire cages??

 

[Me__2001]

Can you get Sata USB/Firewire cages??

overclockers sell one thats supposed to work with IDE and SATA

no they dont, its an enclosure

 

[jeffpgpc]

SATA USB cages

Yes, they do sell SATA > USB cages. I found one at my usual source: http://www.geeks.com/details.asp?invtid=BLU-ALUMMGB-SATA&cpc=SCH&srm=0 but it is for 3.5" drives. (I swear, I do not work for these guys, they just always to have what I need at good prices)

 

[floppybootstomp]

Yes, they do sell SATA > USB cages. I found one at my usual source: http://www.geeks.com/details.asp?invtid=BLU-ALUMMGB-SATA&cpc=SCH&srm=0 but it is for 3.5" drives. (I swear, I do not work for these guys, they just always to have what I need at good prices)

Nice try, but that enclosure only has SATA interface, not USB. It also only supports disks up to 137Gb.

I've been looking, haven't found an external enclosure that takes a SATA drive to a USB/Firewall interface yet. but I haven't looked at many places. Overclockers don't do one.

Kustom PC's do a 5.25" rack where you can hot swap SATA drives, around £35.00, that may be an option.

 

[fishnboys]

Did find an SATA to USB Exnternal Enclosure......Manufacturer Web Site: www.addonics.com, Manufacturer Part Number: AE5SACSU2 also AE5SACSUF. They cost $US 55 and $US 75.

However, talking again with Dell they determined the BIOS can configure the 2 on-board SATA ports as primary and secondary. Hence plan is to install new drive, XP, Virus/Spyware and then set BIOS (with their help). They say then can install the old drive on second SATA plug, scan for virus' and go after my files!

Hoping that easy....the Dell rep that called me today seemed much more knowledgable.

Thanks again for all the input and advice. Will post my results....waiting for everything to arrive.

 

[floppybootstomp]

Nice find there, fishnboys. Good luck with the recovery

 

[jeffpgpc]

I screwed the pooch on that one. Sorry for the bad information on that one guys. That is what I get for posting before I had my coffee. That one the fishnboys found looks like a better fit. I will keep looking as well.

 

[fishnboys]

Looks like I'm getting there: HDD and NOD32 Antivirus arrived (thanks NEWEGG....fast ship). Installed and was able to get both SATA's up and running...Dell allows BIOS config for primary and secondary...whew.

NOD32found 128 virus'/spyware items and dialers....deleted all. Able to get into the old drive, and recovered a lot of data!!!

However, I have one folder with all my pics and other data that I set-up as non shared and/orpasssword protected. I tried every conceiveable approach my limited experince afforded to get it to open, copy or transfer. No luck, keep gettting "access denied". This was all done from XP on the new drive, accessing the old from My Computer. I know all the files are there as NOD32 lists them as it scans and says they are locked. Any ideas on how to get the password off, or access to enter it, without booting from that drive appreciated (don't want to risk crashing the whole thing again). I am tempted to try and boot from the old, which has it's own XP, but resisted as I'm sure I would be back where I started.

Any help appreciated. And tremendous gratitude to those that have got my this far!

 

[jeffpgpc]

I think I can help you with that one, fishnboys. You need to create a user account in Windows that is the same accout that you used to create the limited share. It should have the same username, password that you used on the old XP installation and should have full administrative access to your PC. Log out of your current user account and login with the account that your created. You should be able to copy the files now. If that does not work go to Control Panel > User accounts > Change the ways users logon and off. Take the check out of Use Welcome screen (This is assuming you left it checked by default, by the way). Now log out of your user account and login using the administrator account (no password if that was not changed). After you get your files, change all of the settings back, delete any unnecessary user accounts and your done. Let me know if this works.

 

[fishnboys]

No luck Still getting access denied. Unable to get the Administrator account up either....does not take a blank password, and I know I never changed it from default.

ALso tried to boot off the old drive (figured what do I have to lose). AFter running AV, and deleting corrupt files I now have missing XP components. Thinkingof trying WIndows Repair on the old.

ANy utilities that may unlock the files from my goo drive??

Any thoughts appreciated, and thanks again!

 

[jeffpgpc]

No luck Still getting access denied. Unable to get the Administrator account up either....does not take a blank password, and I know I never changed it from default.

ALso tried to boot off the old drive (figured what do I have to lose). AFter running AV, and deleting corrupt files I now have missing XP components. Thinkingof trying WIndows Repair on the old.

ANy utilities that may unlock the files from my goo drive??

Any thoughts appreciated, and thanks again!

I found a couple sites that may help you. One of them is freeware but the other one had a free trial. The part that is free may be all that you need or you can pay $69 US for the full product.

http://www.softpedia.com/get/Security/Lockdown/dirLock.shtml DIRLOCK - Freeware
http://www.mediarecover.com/advanced-file-recovery.html Media Recover - Trialware

I would start with those and see if any of them help unlocking the NTFS partitian.

As for trying to recover the old volume and booting to it, you can try to run the chkdsk.exe command that should be located in your system32 folder It may be able to recover your old partition and you will be able to boot to it again. All that you will need to do is to get on and recover your files and move them at that point. I also cannot stress enough that you need to scan everything that you recover if you old system was infected.

You will need to run it from Start>RUN or from CMD and then enter the correct syntax. I copied the contents of the CHKDSK help file below so that you can use the correct syntax and switches.
CHKDSK [volume[[path]filename]]] [/F] [/V] [/R] [/X] [/I] [/C] [/L[:size]]


volume Specifies the drive letter (followed by a colon),
mount point, or volume name.
filename FAT/FAT32 only: Specifies the files to check for fragmentation
.
/F Fixes errors on the disk.
/V On FAT/FAT32: Displays the full path and name of every file
on the disk.
On NTFS: Displays cleanup messages if any.
/R Locates bad sectors and recovers readable information
(implies /F).
/L:size NTFS only: Changes the log file size to the specified number
of kilobytes. If size is not specified, displays current
size.
/X Forces the volume to dismount first if necessary.
All opened handles to the volume would then be invalid
(implies /F).
/I NTFS only: Performs a less vigorous check of index entries.
/C NTFS only: Skips checking of cycles within the folder
structure.

 

[muckshifter]

https://www.pcreview.co.uk/forums/showthread.php?p=6540361#post6540361