~Sage said:
Pa Bear, thank you so much for responding, I've *listened* to you many
times and have complete trust and respect for you. She was running AVG
8.5, updated Oct.20th, also had Spybot S&D, last Windows patch was Oct.
15th, she brought me her pc on Oct 23. Security Service was off when
she brought it but Update was working at least until the 15th,
(suspect a virus did that). Is it up to snuff enough or not?
I've done all the prep work for your AumHa rules, but won't post there
if you tell me not to, and I know you won't tell me that unless format
and reinstall is all we can do. She has Family Tree (Microsoft Word
documents and .jpg's that are very important to her), I hate to see
her lose them, but I won't compromise my PC to post the logs. So what
do you think?
Thank You,
~Sage
If you want to do file recovery, find some other OS to boot to do it.
For example, a Linux LiveCD makes it possible to copy files from
either NTFS or FAT32 partitions.
If you want to scan for viruses, from a Linux CD, some of the
AV companies provide downloads for that. These are in ISO9660
format, so you use a tool like Nero, to convert the ISO9660
into a bootable CD. There are some free burning applications
as well, so you don't need Nero to do it.
Bitdefender (Linux, bootable) CD.
http://download.bitdefender.com/rescue_cd/
http://download.bitdefender.com/rescue_cd/BitDefenderRescueCD_v2.0.0_3_08_2009.iso (260MB)
Kaspersky (Linux, bootable) CD.
http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/ (114MB)
I only have limited experience with the Kaspersky one.
When the CD boots, after a few seconds it'll indicate it is downloading
AV definitions from the Kaspersky site. For that to work, the networking
has to be up and running (ADSL or cable modem already configured and
working). If all is well, the Kaspersky interface is pretty
simple.
There are some sequentially lettered partitions shown in the interface,
as in C,D,E,F etc. They aren't the real drive letters, and are just
a numbering scheme. You have to figure out which one corresponds to the
"real C" drive, and make sure at least that partition is selected for
scanning.
If Kaspersky finds something, it should pop up a notification on the
screen. Scanning speed starts out at a pretty good rate, but slows
down as time goes by. You can stop and restart the tool, and it'll pick
up where it left off. And be a bit faster as a result.
More details here on using the Kaspersky, if you want them.
http://groups.google.ca/group/microsoft.public.windowsxp.general/msg/ea4db0cef1555973?dmode=source
*******
For simple maintenance work, like copying files off, a regular Linux
LiveCD can work. But this is no good, if you suspect you're going
to be copying something over which is infected. Anything virulent
will remain that way (like copying an infected EXE file). The
version of this I like the best, is 5.3.1, but it is a large
download, of over 2GB. It can mount NTFS or FAT32 partitions,
and the disk icons on the desktop are read-only, until
you do "Properties" on them, and change the tick box to
"read/write". Then you can move files around graphically,
from the file manager. Or, use the command prompt, and
the regular "cp" type commands.
http://en.wikipedia.org/wiki/Knoppix
There is a remastered version of 5.3.1, that some people in
Japan did, and it fits onto a CD, and is about a 700MB download.
So that comes closest to a good compromise between size and function.
I don't use that one regularly, since I got the DVD sized one
first, and continue to use it.
HTH
Paul