Reformatting

[Guest]

Hi
This is a bit complicated; so I'll start from the beginning
- computer was infected with multiple viruses (especially Rontok)
- removed some, but still being reinfected
- turned off System Restore and Norton Go Back
- followed instructions on Trend website (I think?) manual virus removal page
- stuffed up registry - winlogon/userinit keys, didn't back up (no
comment...i know that was dumb dumb dumb.)
- cannot do windows repair with original disc (hangs on 13 minutes
registering components) - probably because of SP2 etc
- tried registry recovery with recovery console
- now nothing working at all; starts up, then gives lsass.exe error message
- reinstalled XP on to another partition - basic drivers, network support
etc, can access internet
- can access original installation through D drive; and through BartPE
- cannot access either unless through Safe Mode
- Recovery console wont work anymore on C drive, asking for a nonexistent
admin password
- will re-install a new slipstreamed (hopefully) windows on to original c
partition
Questions -
- how do I copy across documents and settings? Can I just do it through
BartPE?
- where does outlook hide it's emails/archive? bearing in mind that i cannot
access any of my software
- i have got AV/Norton/Ghost etc (just bought Ghost after the crash) - if i
run v-check docs and settings, will that remove all traces of the virus?
- my docs & settings were password protected, ntfs file system, can i access
them? tried cacls, but all that helped me do was open the folder and see what
was in it, and not individual files - do i have to do cacls on each file?
- how do i restore my docs and settings once i have reformatted?
- i want to do 3 partitions, 1 for OS, 1 for progs, 1 for data. Got an 80G
hard drive, what size do you recommend for partitions?

thank you very very much for any help!

 

[Glen]

Essentially you stuffed up the system and need to reinstall Windows but want
to recover some documents from the old unbootable system. If you have BartPE
boot from the CD and see if you can access to files you want to save. Copy
them to another CD or another hard drive or even a floppy if they will fit
and its the only alternative. Don't worry about opening them yet just copy
them to another place.

I just reread your post and it seems you have another windows install on
your D: drive? The easiest thing to do is boot into that installation and
copy all data you want to save onto the D: partition. Out of interest the
recovery console admin password would be blank (just press enter key) if no
password was used whan setting windows up.

Once you have all the old files saved that you want, boot from the XP CD and
start a fresh install of XP. You will be given the chance to delete the old
C: partition. Do it, delete the old C: partition and reinstall XP. After
reinstalling XP install an antivirus program and update the definitions
before trying to copy or open any of the old files accross. Also install an
antispyware program and update the definitions. If you want free
antispyware use Microsoft antispyware and Spybot S&D and Adaware. Make sure
you use new definititon files.

Once you have XP installed and have antivirus and antispyware installed you
can think about copying your old files accross from D: drive to C: drive.
When you have copied the old data over to the new C: drive you can delete
the D: drive completely. Do this by opening control panel | admin tools |
computer management | disk management. Right click the D: drive and delete
the logical drive. You can then right click and create a new partition of
whatever size you want. I have my C: drive at 20 GB, my D: drive at 50 GB. I
install Windows XP to my C: drive and install my programs to D: drive. I
don't install any programs to C: drive. Obviously only you can choose what
sizes are right for you but that should give you an idea of suitable sizes.

After you get XP installed and your new partitions setup you should make a
Ghost backup. You should backup to a seperate partition like E: if you have
the room. If possable make a backup before copying any old files accross
incase you copy a virus accross by accident.

Do you really need to save old emails from an infected system? If so Outlook
express uses .dbx files to store its messages in. You can search for dbx
extrension and copy the files accross. The path would be C:\Documents and
Settings\User Name\Local Settings\Application
Data\Identities\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}\Microsoft\Outlook
Express. The Xs would be a unique indentity number. I cant remember the best
way to get them into the new system as the numbers would be different. You
can try import from the file menu.

Most of what you want to do is quite easy just make sure you take
precautions to not reinfect yourself with the old files.


Microsoft Antispyware
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Adaware
http://www.lavasoftusa.com/software/adaware/

Spybot S&E
http://www.safer-networking.org/en/index.html

Hijackthis
http://www.spywareinfo.com/~merijn/downloads.html


AVG Antivirus
http://free.grisoft.com/doc/1

Avast
http://www.avast.com/

Online Anti Virus
http://housecall.trendmicro.com/


MULTI_AV.EXE
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

 

[Guest]

Thanks for the very comprehensive answer Glen, I have basically done what you
said, and it is working well. I am now copying across my documents from the D
drive to the C drive, and am going to delete the D partition.

Thanks for your help!
Cheers
Heather

 

[Glen]

Thanks for replying. Glad to have helped.